Rate-limit command brief explanation
Hi,
There is this rate-limit command in our company's router.
rate-limit input access-group 127 1000000 187500 187500 conform-action transmit exceed-action drop
I know that the access-group part refers to an access list
conform action transmit means that packets will be transmitted
exceed-action drop means that if it exceed the values listed packets will be dropped.
What i dont understand is the logic behind the numbers 1000000 187500 187500. It would be very helpful if someone could explain it briefly, i am having a hard time understanding the cisco docs regarding this command.
thanks.
Hi @seaweeds24,
Those numbers are "average rate" "normal burts size" "excess burst size", respectively.
Average rate determines the long-term average transmission rate. Traffic that falls into this rate will always conform
Normal burst size determines how large traffic bursts can be before some traffic exceeds the rate limit
Excess burst size determines how larget traffic bursts can be before ALL traffic exceeds the rate limit.
Traffic that falls between the Normal Burst size and the Exces Burst size exceeds the rate limit with a probability that increases as the burst size increases.
HTH.
Rgrds,
Martin, IT Specialist
Similar Messages
-
Rate-limit command interpretation
I am not sure this is in the right area or not but I hope it is. I have the following rate-limit command on my cisco 7206 router Gi subinterface:
rate-limit input 30000000 5625000 11250000 conform-action transmit exceed-action drop
rate-limit output 30000000 5625000 11250000 conform-action transmit exceed-action drop
Does this mean I am rate-limiting this interface at 3Mb or 30 Mb?
Thank youI am not sure this is in the
right area or not but I hope it is. I have the following rate-limit
command on my cisco 7206 router Gi subinterface: rate-limit input 30000000 5625000 11250000 conform-action transmit exceed-action drop
rate-limit output 30000000 5625000 11250000 conform-action transmit exceed-action dropDoes this mean I am rate-limiting this interface at 3Mb or 30 Mb?Thank you
This will presumably limit the interface to 30 Mbits/sec
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
ICMP unreachable, rate-limit command
Hi !
I'm currently working on projet of network hardening.
Based on Cisco security best pratice, I see it's recommand to rate limit genaration of ICMP unreachable message to prevent DoS attack. (according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
On Catalyst 6509 run IOS 12.2(17r)SX5 I see to possible way to rate-limit ICMP messages if mls QoS is running.
1- mls rate-limit unicast ip ICMP unreachable acl-drop 100 10 (enable by default, according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
mls rate-limit unicast ip ICMP unreachable no-route 100 10
2- ip ICMP rate-limit unreachable <millisecond> (500 ms is default parameters, which permit 2 paquets per seconds, also enable by default if I'm base on : http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section)
Which one of those command have precedence over the other one ?
Which one is better over the other one ?
With the mls rate-limit option, we have the possibility to check default parameter with : "show mls rate-limit" command is exist equivalent for : "ip ICMP rate-limit unreachable"
We have also Catalyst 3550 switches, on which we have to rate-limit genaration of ICMP unreachable message for same reason as 6509. I understand the :"ip ICMP rate-limit unreachable" command is my only option "under "mls " the only option I have is QoS or aclmerge. Under thoses parameter I have no way to rate-limit ICMP message generation....
I have check in running-configuration I did not find any reference to ICMP rate-limit command, I hope this is active like explain in document http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section, (Version 12.2(44)SE3) but I would like to be able to confirm if any show command exist to confirm this.
thanks a lot !This is now showing up with running ssh over this tunnel. I can get the initial connection, but certain commands are not going through.
-
Rate-limit command 3560 does it exist?
I have just come across a command in my router IOS which might be useful too me. I was wondering if the following command is available on a 3560 Switch. I don't see it on my 3550 but the IOS is quite old. I don't have a 3560 avaiable currently to check.
Config t > int vlan x > rate-limit input/output
does this exist on the 3560? I am also interest if it does in the Bits per second range and if available input/output.
Thanks for any helpHello,
what kind of feature are you looking for?
CAR?
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a0080087f26.html#wp1037428
For command list check the following link:
Catalyst 3560 Switch Command Reference, Rel. 12.2(25)SEE
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/cr/index.htm
For QOS configs:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swqos.htm
If you need to rate limit traffic on an interface check:
Limiting the Bandwidth on an Egress Interface
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swqos.htm#wp1253412
Hope this help a bit,
if it does, please rate this post.
Vlad -
Can I rate-limit on the sub-interface in cisco asr 1013?
Hi,
I am looking for the command of rate-limit on a sub-interface in cisco asr 1013.
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1)
IOS XE Version: 03.06.00.S
Please let me know if it is possible in cisco asr 1013. If yes then what are the commands.
ZobairThe ASR no longer supports the rate-limit command, but it does support the same functionality in a QoS policy.
Please find a sample configuration -
ASR1004(config)#policy-map test
ASR1004(config-pmap)#class class-default
ASR1004(config-pmap-c)#shape average 10000
Applying for both ingress and egress : -
ASR1004(config)#int gig1/1/0
ASR1004(config-if)#service-policy output test
or
ASR1004(config-if)#service-policy input test -
3750X rate-limit (QoS)
Hello,
I'm trying to configure a rate-limit in a 3750X but I'm not seeing any result...
These are my configurations:
RF#show run
Building configuration...
Current configuration : 23410 bytes
! Last configuration change at 08:53:35 UTC Sun Mar 14 1993
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RF
boot-start-marker
boot-end-marker
no aaa new-model
switch 1 provision ws-c3750x-48p
system mtu routing 1500
ip routing
ip domain-name erf.carco.com.mx
rep admin vlan 100
mls qos
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 2
vlan 4
vlan 6
vlan 8
vlan 10
vlan 20
vlan 21
vlan 22
vlan 23
vlan 25
vlan 26
vlan 30
vlan 50
vlan 53
vlan 70
vlan 81
vlan 91
vlan 92
vlan 93
vlan 95
vlan 96
vlan 99
vlan 100
vlan 102
vlan 110
vlan 122
vlan 129
vlan 200
vlan 213
vlan 227
vlan 333
vlan 357
vlan 417
vlan 444
vlan 500
vlan 502
vlan 555
vlan 700
vlan 712
vlan 910
vlan 911
vlan 951
vlan 1105
vlan 1508
vlan 1830
vlan 1870
vlan 1890
vlan 1891
vlan 1892
class-map match-any test
match access-group 100
policy-map test
class test
police 150000000 512000 exceed-action drop
interface Loopback0
ip address 10.20.40.106 255.255.255.0
interface Port-channel22
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
rep segment 10
interface Port-channel24
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
rep segment 10
interface FastEthernet0
no ip address
no ip route-cache
shutdown
interface GigabitEthernet1/0/1
interface GigabitEthernet1/0/2
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
no logging event link-status
shutdown
speed 1000
duplex full
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
speed 1000
duplex full
interface GigabitEthernet1/0/5
interface GigabitEthernet1/0/6
interface GigabitEthernet1/0/7
interface GigabitEthernet1/0/8
interface GigabitEthernet1/0/9
interface GigabitEthernet1/0/10
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/11
interface GigabitEthernet1/0/12
interface GigabitEthernet1/0/13
interface GigabitEthernet1/0/14
interface GigabitEthernet1/0/15
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/16
interface GigabitEthernet1/0/17
interface GigabitEthernet1/0/18
interface GigabitEthernet1/0/19
interface GigabitEthernet1/0/20
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/21
interface GigabitEthernet1/0/22
interface GigabitEthernet1/0/23
interface GigabitEthernet1/0/24
interface GigabitEthernet1/0/25
switchport access vlan 910
switchport mode access
interface GigabitEthernet1/0/26
interface GigabitEthernet1/0/27
interface GigabitEthernet1/0/28
interface GigabitEthernet1/0/29
interface GigabitEthernet1/0/30
interface GigabitEthernet1/0/31
interface GigabitEthernet1/0/32
interface GigabitEthernet1/0/33
interface GigabitEthernet1/0/34
interface GigabitEthernet1/0/35
interface GigabitEthernet1/0/36
interface GigabitEthernet1/0/37
no switchport
bandwidth 150000
ip address 10.20.103.13 255.255.255.252
rate-limit output access-group 100 24000000 3000000 3000000 conform-action transmit exceed-action drop
logging event link-status
interface GigabitEthernet1/0/38
interface GigabitEthernet1/0/39
interface GigabitEthernet1/0/40
interface GigabitEthernet1/0/41
interface GigabitEthernet1/0/42
interface GigabitEthernet1/0/43
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
channel-group 24 mode on
interface GigabitEthernet1/0/44
interface GigabitEthernet1/0/45
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/0/47
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
channel-group 22 mode on
interface GigabitEthernet1/0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,7,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
logging event link-status
shutdown
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/1/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/1/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
logging event link-status
shutdown
interface GigabitEthernet1/1/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
logging event link-status
shutdown
interface TenGigabitEthernet1/1/1
interface TenGigabitEthernet1/1/2
interface Vlan1
no ip address
shutdown
interface Vlan6
description ***LANERF**
ip address 10.20.6.106 255.255.255.0
no ip redirects
interface Vlan23
description < TRANSITO MUR >
no ip address
no ip redirects
interface Vlan100
description < VLAN MAN >
ip address 10.20.100.106 255.255.255.0
no ip redirects
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 032368342B2F0F
ip ospf dead-interval minimal hello-multiplier 4
router ospf 1
router-id 10.20.40.106
auto-cost reference-bandwidth 100000
area 0.0.0.0 authentication message-digest
area 1.80.1.1 authentication message-digest
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Vlan23
no passive-interface Vlan100
no passive-interface GigabitEthernet1/0/37
network 10.20.6.0 0.0.0.0 area 0.0.0.0
network 10.20.40.106 0.0.0.0 area 0.0.0.0
network 10.20.91.6 0.0.0.0 area 0.0.0.0
network 10.20.100.106 0.0.0.0 area 0.0.0.0
default-information originate
ip http server
ip http secure-server
access-list 100 permit ip 10.50.80.0 0.0.0.255 10.80.80.0 0.0.0.255
access-list 100 permit ip 10.80.80.0 0.0.0.255 10.50.80.0 0.0.0.255
snmp-server community ASComRO RO
line con 0
line vty 0 4
login
line vty 5 15
login
event manager applet track_qos_down authorization bypass
event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Up->Down"
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface giga1/0/37"
action 4 cli command "rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
action 5 cli command "end"
event manager applet track_qos_up authorization bypass
event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Down->Up"
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface giga1/0/37"
action 4 cli command "no rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
action 5 cli command "end"
end
ERF#
ERF#show mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
ERF#show mls qos inter gigabitEthernet 1/0/37
GigabitEthernet1/0/37
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
When I apply the command I'm seeing a gauge using a 3rd party but I'm not seeing that the traffic will be truncated @ 50Mbps.
Any thoughts???Hi
Bandwidth commands allocates the particular amount of bandwidth you mention or configure over there.
Basically you have the liberty to configure upto 75% of the available interface bandwidth to different classes.
most widelys used with CBWFQ technique..
so while configuring up the same better to watch out for the exact bandwidth value keyed in on the interface to have your alloocation work properly.
policing basically used for limiting the traffic or to control the bursts by dropping them or marking them with different ip precedence or DSCP values.
its very much similar to the rate-limit command applied on the interface level which again uses token bucket system either single or dual based on the configuration parameters.
for more info on above mentioned clis do check these links..
http://www.cisco.com/en/US/tech/tk543/tk545/tsd_technology_support_protocol_home.html
http://www.cisco.com/en/US/tech/tk543/tk544/tsd_technology_support_protocol_home.html
regds -
ICMP unreacheble, rate-limit
Hi !
I'm currently working on projet of network hardening.
Based on Cisco security best pratice, I see it's recommand to rate limit genaration of ICMP unreachable message to prevent DoS attack. (according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
On Catalyst 6509 run IOS 12.2(17r)SX5 I see to possible way to rate-limit ICMP messages if mls QoS is running.
1- mls rate-limit unicast ip ICMP unreachable acl-drop 100 10 (enable by default, according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
mls rate-limit unicast ip ICMP unreachable no-route 100 10
2- ip ICMP rate-limit unreachable <millisecond> (500 ms is default parameters, which permit 2 paquets per seconds, also enable by default if I'm base on : http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section)
Which one of those command have precedence over the other one ?
Which one is better over the other one ?
With the mls rate-limit option, we have the possibility to check default parameter with : "show mls rate-limit" command is exist equivalent for : "ip ICMP rate-limit unreachable"
We have also Catalyst 3550 switches, on which we have to rate-limit genaration of ICMP unreachable message for same reason as 6509. I understand the :"ip ICMP rate-limit unreachable" command is my only option "under "mls " the only option I have is QoS or aclmerge. Under thoses parameter I have no way to rate-limit ICMP message generation....
I have check in running-configuration I did not find any reference to ICMP rate-limit command, I hope this is active like explain in document http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section, (Version 12.2(44)SE3) but I would like to be able to confirm if any show command exist to confirm this.
thanks a lot !Hello Marcus,
On the ASA as you are already aware we only have the choice of modifying the ICMP unreachable rate,
With the IOS the rate-limit for ICMP unreachable replies will be rate limited to one every 500ms
use:
show ip icmp rate-limit
Besides that I have not seen any other information that you could customize.
Regards -
Hi All - I need your help to understand the Burst value in the Rate-Limit
Example: rate-limit input access-group 101 20000000 24000 32000
I understand the above configuration limit the traffic to 20Mbps. How to calculate the Burst-Normal (as per example above 24000 Bytes) and Burst-Max(as per above example 32000 Bytes). What is the logic for arriving the Burst-Normal & Burst-Max?
Thanks in advance
SAIRAMHi Sairam,
below are definitions of few terms which are involved here
CIR : committed information rate, in bits per second, defines the rate defined in the traffic contract.
Tc : Time interval,measured in miliseconds, over which the committed burst (Bc) can be sent.
Bc : Committed burst size,measured in bits. This is the amount of traffic that can be sent over the interval Tc.
Be : Excess burst size, in bits. This is number of bits beyond Bc that can sent after a period of inactivity.
Formula to calculate Bc is
Bc = CIR*Tc
Now to understand Bc and Tc, say suppose you have applied 20mbps rate-limit on a 100mbps fastethernet link. Now link can send data (bits) with clock-rate only which is 100mbps so to achieve 20mbps rate on that link router needs to send traffic for 1/5th of a sec and remain idle for 4/5th of a second. 1/5th of sec is 200 msec. If router will send traffic for 200msec and not sending traffic for next 800msec, it can achieve rate of 20mbps but a packet arrived at 199th sec will need to wait for 800msec and this will add unnecessary latency to the packet. To avoid this, router sends few bits for short duration and then does not send for some duration. For the period it sends traffic is called Tc value. and the number of bytes it can send during that interval is called Bc value. So CIR = Bc/Tc (bits per interval).
Now we dont have option to configure Tc but we can configure CIR and Bc, and Tc will automatically be calculated. If we do not configure Bc then router takes default Tc of 125ms and calculates the Bc.
What value to choose for Bc
If we configure Bc too large then Tc will go high for same CIR and this may cause delay or jitter for delay sensitive traffic. For delay sensitive traffic cisco recommends to have Tc 10ms or less.
If i calculate Tc in the given example, it is coming as 9.6ms which is close to 10ms that is why Bc is set as 24000.
Tc = Bc/CIR
= 24000(bytes)/20000000(bits/sec)
= 192000(bits)/20000(bits/ms)
= 192/20
= 9.6 msec
Now Be is to give extra bandwidth for small interval(Tc) to cater some bursty traffic. Assume there is a bucket which gets filled with Bc amount of token in every Tc interval and router can send traffic if there is sufficient amount of token available in the bucket, equal to the packet size. After forwarding packet router reduces same amount of token from the bucket. Size of bucket is also equal to Bc which means if there is no traffic for Tc interval, bucket can not hold more token. Be is to increase the size of bucket to (Bc + Be). Now in every Tc interval bucket will be filled with Bc token and if there is a period of inactivity then in next interval bucket can be filled with extra Bc amount of token till it reaches to (Bc + Be) and if there is any bursty traffic (more than Bc) same can be adjusted. So for a very small period router may send traffic with more rate (higher than CIR, since sending Bc+Be in Tc interval) but over a period does not cross CIR.
You can also use below "Ask the expert" event for QoS to further queries related to QoS.
https://supportforums.cisco.com/discussion/12259571/ask-expert-quality-service-qos-cisco-ios-routers
Please dont forget to rate post if it has been helpful.
Regards,
Akash -
Hi All,
I have tried to configure the above parameter but it doesn't seem to be working.
The version running on the ACE is 2.3.4 and I am running multiple contexts.
The below configuration was tried on one of the contexts, not being Admin.
The command I used was :
logging rate-limit 42 60 message 251010
What I am trying to achieve here is receive notification that a rserver has failed its connectivity check, therefore alerting the relevant people.
The issue I am encountering is that every second I receive all the alerts again.
I am only wanting to receive the alert once if possible and gain once the rserver has come back online.
Is this possible, if so please explain how I can do it?
TIA.
Jack.your rate limit should be giving you 42 of those messages per 60 seconds. But this is health probe failure which depending on how many does not necessarily mean server is down. (depends on fail count). also it is level 6 message. the message you really want is:
Error Message %ACE-4-442001: Health probe probe name detected real_server_name
(interface interface_name) in serverfarm sfarm_name changed state to UP
Explanation The state of a real server changed from down to up.
Recommended Action None required.
442002
Error Message %ACE-4-442002: Health probe probe name detected real_server_name
(interface interface_name) in serverfarm sfarm_name changed state to DOWN
suggest you do logging at level 4 and you will only see the message when server state changes -
Per user bandwidth rate limit.
How to configure per user bandwidth rate limit for wireless guest client, authentication server is ISE 1.2 & wireless controller is 5760.
The Cisco 5760 WLC supports better QoS than other c
ontrollers, allowing prioritization of mission-crit
ical
applications:
●
The Cisco 5760 WLC supports four wireless hardware
queues and priority-based queuing compared to
software-based queuing in existing controllers.
●
The Cisco 5760 WLC follows MQC based commands, allo
wing usage of exact commands for configuring
QoS on different types of network devices.
●
The Cisco 5760 WLC supports QoS policies to be appl
ied in a hierarchical fashion with more granularity
per SSID per radio, while on the current controller
s granularity is per WLAN.
●
The Cisco 5760 WLC supports approximate fair bandwi
dth to make sure of fairness at client, SSID, and
radio levels for Non-Real Time (NRT) traffic. There
fore, if one user consumes excessive bandwidth, we
can
limit the amount of bandwidth that user receives an
d thereby not deprive other users. -
Prime Infrastructure 2 - API rate limit change?
Good day -
The Prime API is pretty sweet, and can give you JSON data back easily with a call like this:
https://prime/webacs/api/v1/data/Clients.json?.full=true
It is, however, limited to 100 results. We'd like to see more than that.
How do I change this rate limit for the API?I have found that this command does work, but still limits to 1000.
https://prime/webacs/api/v1/data/Clients.json?.maxResults=9999&.full=true
Now I get Tomcat a HTTP Status 503 error. There's another setting I've not found yet.
My json results say "@count":"6980", suggesting I have that many clients in the database. -
I have a Cisco SG300 small business switch and 541 APs. There are 2 VLANs in our network. One must be limited by bandwidth. Does anyone have an idea for configure vlan rate-limiting on SG300? And please describe CIR & CBS for me. Thanks.
http://www.cisco.com/en/US/partner/products/ps10898/prod_command_reference_list.html
Cisco Small Business 300 Series Managed Switches Command Line Interface Guide Release 1.3
Select CIR and CBS according to your design. You can use a larger CBS when performance is not ideal.
49.23 rate-limit (VLAN)
Use the Layer 2 rate-limit (VLAN) Global Configuration mode command to limit the
incoming traffic rate for a VLAN. Use the no form of this command to disable the
rate limit.
Syntax
rate-limit vlan-id committed-rate committed-burst
no rate-limit vlan
Parameters
• vlan-id—Specifies the VLAN ID.
• committed-rate—Specifies the average traffic rate (CIR) in kbits per second
(kbps). (Range: 3-57982058)
• committed-burst—Specifies the maximum burst size (CBS) in bytes.
(Range: 3000-19173960)
Default Configuration
Rate limiting is disabled.
Committed-burst-bytes is 128K.
Command Mode
Global Configuration mode
User Guidelines
Traffic policing in a policy map takes precedence over VLAN rate limiting. If a
packet is subject to traffic policing in a policy map and is associated with a VLAN
that is rate limited, the packet is counted only in the traffic policing of the policy
map.
This command does not work in Layer 3 mode. It does not work in conjunction with
IP Source Guard.
Example
The following example limits the rate on VLAN 11 to 150000 kbps or the normal
burst size to 9600 bytes.
switchxxxxxx(config)# rate-limit 11 150000 9600 -
Rate-limit for some MAC on aironet 1231
Hello!
I need to set rate-limit for some mac addresses on access point aironet 1231.Is it possible?
If no, what ios or devices can do it?
Thanks.No there is no option for rate-limit in Aironet but in controller, Rate-limiting is applicable to all traffic destined to the CPU from either direction (wireless or wired). Cisco recommends that you always run the controller with the default config advanced rate enable command in effect in order to rate-limit traffic to the controller and protect against denial-of-service (DoS) attacks. You can use the config advanced rate disable command to stop rate-limiting of Internet Control Message Protocol (ICMP) echo responses for testing purposes.
-
RATE limit RATE limit RATE limit RATE limit
Dear,
I have tried using RADIUS server to apply rate-limit to my ADSL coustomers using :
rate-limit output access-group 101 1024000 6000 512000 conform-action transmit exceed-action drop
i applied this at raduis server at my output interface but i does not work.
there is no output for sh interface rate limit.
the configuration and settings for rate limit are applied at raduis server....ok
when i do sh interface rate limit on router....i dont have any results.
i have configured (VPDN interface-Virtual and interface-access ) for my ADSL coustomers.
i need to make bills for this customrs.
please if the points not clear let me knowTry this configuration in your interface , or write the access list depend upon your requirement and implement it.
access-list 152 permit tcp any host eq www
access-list 153 permit tcp any host eq www established
interface {int}
rate-limit output access-group 153 1024000 6000 512000
conform-action transmit exceed-action drop
rate-limit output access-group 152 1024000 6000 512000
conform-action transmit exceed-action drop
finally verifies this configuration through the following commands.
show access-lists rate-limit
Displays information about rate-limit access lists.
show interfaces rate-limit
Displays information about CAR for a specified interface -
High cpu - Rate-limit cisco 6500
Hello,
my device is cisco 6509.
Explanation of the case:
Received to interface vlan (L3) 600M traffic (configured with Rate limit - 50 M).
Result :
1. 100 % cpu
2. the traffic was limited to 50M
How can I prevent High Cpu in this situation ?
Thanks.I would suggest opening a case, or asking in a different forum. This form is for discussion about existing bugs for which a bugid has been identified.
Maybe you are looking for
-
Mail sending from different person's name. Help!
Hi! This problem is a little confusing-I'll try to make it as simple as possible. I've gone through dozens of threads and still can't find an answer for this. I have my work email set up on a Macbook. I'm the only one who uses the Macbook. The addres
-
How can i transfer a movie to my iphone 4s
trying to transfer a movie to my iphome 4S
-
Final Cut Express Render Files
Hello all. Just wondering what files are okay to delete in User > Documents > Final Cut Express Documents I already have deleted most of the files inside of the folders, such as the render files, because I've already exported them as quicktime movies
-
IPhoto 6 issues with perforated box
I have loaded some pics to experiment with iPhoto, but have encountered some problems. My thumbnails appear fine at the top to the window, but when chosen, the ever ominous perforated box with an exclaimation mark shows up. I saw an earlier comment t
-
Hello all, I have a problem in an shopping cart after a shopping cart has been approved a PO has been generated and I see that a purchase order have a status <b>Held</b>. One not never have in our process this status. <b>Please explain me this status