Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
71727374757677787980
75
OL-11615-01
ICMP Redirects (Unicast Only)
The ICMP-redirect rate limiter allows you to rate limit ICMP traffic. For example, when a host sends
packets through a nonoptimal switch, the MSFC sends ICMP-redirect messages to the host to correct its
sending path. If this traffic occurs continuously, and is not rate limited, the MSFC will continuously
generate ICMP-redirect messages.
This rate limiter is disabled by default. To enable and set the ICMP Unreachable rate limiter, use the mls
rate-limit unicast ip icmp redirect command.
Router(config)# mls rate-limit unicast ip icmp redirect
pps
[
packets-in-burst
]
This example shows how to rate limit the ICMP redirects to 20000 pps, with a burst of 20 packets:
Router(config)# mls rate-limit unicast ip icmp redirect 20000 20
For more information on the mls rate-limit unicast ip icmp redirect command, refer to the following
URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#wp1500566
IP Errors (Unicast Only)
This rate limiter limits the packets with IP checksum and length errors. When a packet reaches the PFC3
with an IP checksum error or a length inconsistency error, it must be sent to the MSFC for further
processing. An attacker might use the malformed packets to carry out a DoS attack, but the network
administrator can configure a rate for these types of packets to protect the control path.
This rate limiter is enabled by default with a limit of 100pps, and burst of 10 packets. To set the IP Errors
rate limiter, use the mls rate-limit unicast ip errors command.
Router(config)# mls rate-limit unicast ip errors
pps
[
packets-in-burst
]
This example shows how to rate limit IP errors sent to the MSFC to 1000 pps with a burst of 20 packets:
Router(config)# mls rate-limit unicast ip errors 1000 20
Note The ICMP unreachable no route, ICMP unreachable ACL drop, IP errors, and IP RPF failure
rate-limiters share a single rate-limiter register. If any of these limiters are enabled, all of the limiters in
this group will share the same value and sometimes the same state (for example, ON/ON/ON). When
verifying the rate limiters, if the members of this register are enabled through another feature, an
ON-Sharing status (instead of an ON status) is displayed. The exception is the TTL failure rate limiter,
its value shares the same value as the other members in the register if you have manually enabled the
feature.
For more information on the mls rate-limit unicast ip errors command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#wp1500566
FIB (CEF) Receive (Unicast Only)
The FIB receive rate limiter provides the capability to rate-limit all packets that contain the MSFC IP
address as the destination address. Always choose CoPP over this rate limiter and do not use both
mechanisms at the same time.
This rate limiter is disabled by default. To enable and set the FIB receive rate limiter, use the mls
rate-limit unicast cef receive command.