Leaflet
76
OL-11615-01
Router(config)# mls rate-limit unicast cef receive
pps
[
packets-in-burst
]
This example shows how to rate limit the traffic to 25000 pps with a burst of 60:
Router(config)# mls rate-limit unicast cef receive 25000 60
Note Do not enable the FIB receive rate limiter if you are using CoPP. The FIB receive rate limiter overrides
the CoPP policies.
For more information on the mls rate-limit unicast cef receive command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#wp1500483
FIB (CEF) Glean (Unicast Only)
The FIB glean rate limiter does not limit ARP traffic, but provides the capability to rate limit traffic that
requires address resolution (ARP) and requires that it be sent to the MSFC. This situation occurs when
traffic enters a port and contains the destination of a host on a subnet that is locally connected to the
MSFC, but no ARP entry exists for that destination host. In this case, because the MAC address of the
destination host will not be answered by any host on the directly connected subnet that is unknown, the
glean adjacency is hit and the traffic is sent directly to the MSFC for ARP resolution. This rate limiter
limits the possibility of an attacker overloading the CPU with such ARP requests.
This rate limiter is disabled by default. To enable and set the FIB glean rate limiter, use the mls
rate-limit unicast cef glean command.
Router(config)# mls rate-limit unicast cef glean
pps
[
packets-in-burst
]
This example shows how to rate limit the rate at which this traffic is sent to the MSFC to 20000 pps and
a burst of 60:
Router(config)# mls rate-limit unicast glean receive 20000 60
For more information on the mls rate-limit unicast cef glean command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#wp1500483
VACL Log (Unicast Only)
Packets that are sent to the MSFC because of VLAN-ACL logging can be rate limited to ensure that the
CPU is not overwhelmed with logging tasks. VACLs are processed in hardware, but the MSFC does the
logging. When VACL logging is configured on the switch, IP packets that are denied in the VACL
generate log messages. Use this rate-limiter only when VACL logging is configured.
This rate limiter is enabled by default with a limit of 2000pps, and burst of one packet. To set the VACL
log rate limiter, use the mls rate-limit unicast acl vacl-log command.
Router(config)# mls rate-limit unicast acl vacl-log
pps
[
packets-in-burst
]
This example shows how to rate limit logging requests to 5000 pps (the range for this rate limiter is from
10 to 5000 pps):
Router(config)# mls rate-limit unicast acl vacl-log 5000
For more information on the mls rate-limit unicast acl vacl-log command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#wp1719874