Icmp-Error Drop - H3C MSR Series Command Reference Manual

Field
VPN-instance/VLAN ID/Inline ID
Protocol
Source security zone
State
Application
Start time
TTL
Initiator->Responder
Responder->Initiator
Related commands
reset aspf session

icmp-error drop

Use icmp-error drop to enable ICMP error message check and drop faked messages.
Use undo icmp-error drop to disable ICMP error message check.
Syntax
icmp-error drop
undo icmp-error drop
Default
ICMP error message check is disabled.
Views
ASPF policy view
Predefined user roles
network-admin
Usage guidelines
An ICMP error message carries information about the corresponding connection. ICMP error
message check verifies the information. If the information does not match the connection, ASPF
drops the message.
Description
•
VPN-instance—MPLS L3VPN instance where the session is
initiated.
•
VLAN ID—VLAN to which the session belongs during Layer 2
forwarding.
•
Inline ID—Inline to which the session belongs during Layer 2
forwarding.
If no VPN instance, VLAN ID, or Inline ID is specified, a hyphen (-) is
displayed for each field.
Transport layer protocols, including DCCP, ICMP, ICMPv6, Raw IP,
SCTP, TCP, UDP, and UDP-Lite.
Number in parentheses represents the protocol number.
Security zone to which the inbound interface belongs.
If the inbound interface does not belong to any security zone, this field
displays a hyphen (-).
Protocol status of the session.
Application layer protocol, including FTP and DNS.
If it is an unknown protocol identified by an unknown port, this field
displays OTHER.
Establishment time of the session.
Remaining lifetime of the session, in seconds.
Number of packets and bytes from initiator to responder.
Number of packets and bytes from responder to initiator.
821