ICMP rate-limiting

ICMP rate-limiting controls the rate at which ICMPv6 generates error and informational messages for features such as:
  • neighbor solicitations

  • neighbor advertisements

  • multicast listener discovery (MLD)

  • path MTU discovery (PMTU)

  • duplicate address discovery (DAD)

  • neighbor unreachability detection (NUD)

  • router discovery

  • neighbor discovery (NDP)

ICMPv6 error message generation is enabled by default. The rate of message generation can be adjusted, or message generation can be disabled.

Controlling the frequency of ICMPv6 error messages can help to prevent DoS (Denial- of- Service) attacks. With IPv6 enabled on the switch, you can control the allowable frequency of these messages with ICMPv6 rate-limiting.