Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
81828384858687888990
83
OL-11615-01
This rate limiter is enabled by default with a rate of 1000 pps. To set the ACL feature rate limiter, use
the set security acl feature ratelimit command.
Console> (enable) set security acl feature ratelimit
rate
A rate value of 0 disables this rate limiter. We strongly recommend, however, that you do not disable rate
limiting because traffic that is redirected by various security features might flood the supervisor engine
and diminish system performance.
This example shows how to set the global rate limit to 600:
Console> (enable) set security acl feature ratelimit 600
ARP Inspection, DHCP Snooping, and Dot1x DHCP global rate limit set to 600 pps.
Console> (enable)
For more information on the set security acl feature ratelimit command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/setsn
_su.htm#wp1393048
To specify the rate limit for the number of ARP inspection packets that are sent to the CPU on a per-port
basis, use the set port arp-inspection command. The per-port basis rate limiter is disabled by default.
Console> (enable) set port arp-inspection
mod/port
drop-threshold
rate
shutdown-threshold
rate
This example shows how to set the drop-threshold to 500 and the shutdown-threshold to 1000 for port
2/1:
Console> (enable) set port arp-inspection 2/1 drop-threshold 500 shutdown-threshold 1000
Drop Threshold=500, Shutdown Threshold=1000 set on port 2/1.
Console> (enable)
For more information on the set port arp-inspection command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/set_m
_pi.htm#wp1138749
VACL Log
The VACL Log rate limiter controls the rate at which packets are sent to the route processor because of
VLAN-ACL logging. When VACL logging is configured on the switch, IP packets that are denied in the
VACL generate log messages. Use this rate-limiter only when VACL logging is configured.
Note The VACL Log rate limiter is supported on systems configured with Supervisor Engine 2 with Layer 3
Switching Engine II (PFC2) only.
This rate limiter is enabled by default with a rate of 2500 pps. To set the VACL log rate limiter, use the
set security acl log ratelimit command. A rate value of 0 disables this rate limiter.
Console> (enable) set security acl log ratelimit
rate
This example shows how to set the rate limit:
Console> (enable) set security acl log ratelimit 3444
Max logging eligible packet rate set to 3444pps.
Console> (enable)
For more information on the set security acl log ratelimit command, refer to the following URL: