1. 在端口提高包重组能力: int X ip virtual-reassembly max-reassemblies 1024 2. 在端口加acl拦截***包: int X ip access-group 110 in ip access-group 110 out access-list 110 deny ip any any fragments permit ip any any 转载于:https://blog.51cto.com/ryan0817/590704