09-24-2008 05:02 PM - edited 03-11-2019 06:49 AM
I tried to run the above debug to get insight into zone based policy firewaling and it spiked the router to 99%. Most of what got logged were these rate-limit policy messages such as below. But I don't have anything purposely rate-limited. What are these "police" messages telling me? Thanks.
008998: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit
008999: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit
009000: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit
009001: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit
009002: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit
009003: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit
009004: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit
009005: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit
009006: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit
009007: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit
009008: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit
009009: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit
009010: *Sep 25 00:54:56.226 UTC: CBAC-C3PL*: Police: calling rate_limit
09-30-2008 03:17 PM
To display messages about Cisco IOS firewall events, use the debug ip inspect command in privileged EXEC mode. To disable debugging output, use the no form of this command.
09-30-2008 03:27 PM
Thanks for the reply smahbub. The problem is not how to turn on the debug - the problem is that debug spiked my CPU. And it spiked it with those messages that I don't know what they are.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide