Showing results for 
Search instead for 
Did you mean: 

rate-limit command on the ISR4431 with K9 IOS Version 16.8.1




On my 1921 with IOS 15.4 I use the following command to protect my input Internet facing interface from ICMP flooding:

interface GigabitEthernet0/0
description XXXXXXXtel Broadband WAN FiberLink
ip address A.B.C.D
ip access-group FilteredList in
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
rate-limit input access-group 101 8000 4400 4496 conform-action transmit exceed-action drop
ip tcp adjust-mss 576
duplex full
speed 100
crypto map tnsgmap


access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 112 permit ip host any


Problem is, the rate-limit command is not present in IOS 16.8. If you look below at the appropriate section of the ? output:

port-tagging Allow port tagging on an interface
pppoe pppoe interface subcommands
pppoe-client pppoe client
pppoe-sessions Configure pppoe per-interface options
punt-control punt configuration
rpl Configure RPL protocol
rrr MPLS Traffic Engineering interface configuration commands
sap-priority Assign a priority group
service Configure Ether Service
service-insertion Service-insertion AppNav Controller
service-policy Configure CPL Service Policy
service-routing Service Routing in Interface Mode
shutdown Shutdown the selected interface
smrp Simple Multicast Routing Protocol interface subcommands
sna SNA pu configuration
snapshot Configure snapshot support on the interface
snmp Modify SNMP interface parameters
source Get config from another source
spanning-tree Spanning Tree Subsystem


Its not there.


So How can I do ICMP input rate limiting on the input of my Internet facing interface on IOS 16.8?





1 Reply 1

VIP Guru VIP Guru
VIP Guru
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers