Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
61626364656667686970
70
OL-11615-01
Router(config)# mls rate-limit unicast acl output 50000 50
Because both ingress and egress limiters share the same rate-limiter register, when one of them is
changed, both values change to the last configured value. In the following example, the output rate is
changed to 40000 pps:
Router(config)# mls rate-limit unicast acl output 40000 50
For more information on the mls rate-limit unicast acl command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#wp1719874
FIB (CEF) Receive and FIB Glean Cases (Unicast Only)
The FIB receive rate limiter provides the capability to rate limit all packets that contain the MSFC IP
address as the destination address.
To enable and set the FIB receive rate limiter, use the mls rate-limit unicast cef receive command.
Router(config)# mls rate-limit unicast cef receive pps [
packets-in-burst
]
This example shows how to rate-limit the traffic to 25000 pps with a burst of 60:
Router(config)# mls rate-limit unicast cef receive 25000 60
The FIB glean rate limiter does not limit ARP traffic, but provides the capability to rate limit traffic that
requires address resolution (ARP) and requires that it be sent to the MSFC. This situation occurs when
traffic enters a port and contains the destination of a host on a subnet that is locally connected to the
MSFC, but no ARP entry exists for that destination host. In this case, because the MAC address of the
destination host will not be answered by any host on the directly connected subnet that is unknown, the
glean adjacency is hit and the traffic is sent directly to the MSFC for ARP resolution. This rate limiter
limits the possibility of an attacker overloading the CPU with such ARP requests.
To enable and set the FIB glean rate limiter, use the mls rate-limit unicast cef glean command:
Router(config)# mls rate-limit unicast cef glean pps [
packets-in-burst
]
This example shows how to rate limit the rate at which this traffic is sent to the MSFC to 20000 pps and
a burst of 60:
Router(config)# mls rate-limit unicast cef glean 20000 60
For more information on the mls rate-limit unicast cef command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#wp1500483
VACL Log (Unicast Only)
Packets that are sent to the MSFC because of VLAN-ACL logging can be rate limited to ensure that the
CPU is not overwhelmed with logging tasks. VACLs are processed in hardware, but the MSFC does the
logging. When VACL logging is configured on the switch, IP packets that are denied in the VACL
generate log messages. Use this rate-limiter only when VACL logging is configured.
To enable and set the VACL log rate limiter, use the mls rate-limit unicast acl vacl-log command.
Router(config)# mls rate-limit unicast acl vacl-log pps [
packets-in-burst
]
This example shows how to rate limit logging requests to 5000 pps (the range for this rate limiter is from
10 to 5000 pps):
Router(config)# mls rate-limit unicast acl vacl-log 5000