Configuring ICMP rate-limiting

For detailed information about ICMP rate-limiting, see ICMP rate-limiting.

The rate-limit icmp command controls inbound usage of a port by setting a limit on the bandwidth available for inbound ICMP traffic.


[no] int <port-list> rate-limit icmp {< percent < 0-100 > | kbps < 0-10000000 > | [trap-clear>]}

Configures inbound ICMP traffic rate-limiting. You can configure a rate limit from either the global configuration level (as shown above) or from the interface context level. The no form of the command disables ICMP rate-limiting on the specified interfaces.

(Default: Disabled.)

percent <1-100>

Values in this range allow ICMP traffic as a percentage of the bandwidth available on the interface.

kbps <0-10000000>

Specifies the rate at which to forward traffic in kilobits per second.


Causes an interface to drop all incoming ICMP traffic and is not recommended. See the caution.


Clears existing ICMP rate limiting trap condition.

Note: ICMP rate-limiting is not supported on meshed ports. (Rate-limiting can reduce the efficiency of paths through a mesh domain).


Either of the following commands configures an inbound rate limit of 1% on ports A3 to A5, which are used as network edge ports:

switch(config) # int a3-a5 rate-limit icmp 1
switch(eth-A3-A5) # rate-limit icmp 1

When using kbps-mode ICMP rate-limiting, the rate-limiting only operates on the IP payload part of the ICMP packet (as required by metering RFC 2698). This means that effective metering is at a rate greater than the configured rate, with the disparity increasing as the packet size decreases (the packet to payload ratio is higher).

Also, in kbps mode, metering accuracy is limited at low values, For example, less than 45 Kbps. This is to allow metering to function well at higher media speeds such as 10 Gbps.

For information on using ICMP rate-limiting and all-traffic rate-limiting on the same interface, seeUsing both ICMP rate-limiting and all-traffic rate-limiting on the same interface.