Hello:

On my 1921 with IOS 15.4 I use the following command to protect my input Internet facing interface from ICMP flooding:

interface GigabitEthernet0/0
description XXXXXXXtel Broadband WAN FiberLink
ip address A.B.C.D 255.255.255.252
ip access-group FilteredList in
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
rate-limit input access-group 101 8000 4400 4496 conform-action transmit exceed-action drop
ip tcp adjust-mss 576
duplex full
speed 100
crypto map tnsgmap

access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 112 permit ip host 192.168.111.199 any

Problem is, the rate-limit command is not present in IOS 16.8. If you look below at the appropriate section of the ? output:

port-tagging Allow port tagging on an interface
pppoe pppoe interface subcommands
pppoe-client pppoe client
pppoe-sessions Configure pppoe per-interface options
punt-control punt configuration
rpl Configure RPL protocol
rrr MPLS Traffic Engineering interface configuration commands
sap-priority Assign a priority group
service Configure Ether Service
service-insertion Service-insertion AppNav Controller
service-policy Configure CPL Service Policy
service-routing Service Routing in Interface Mode
shutdown Shutdown the selected interface
smrp Simple Multicast Routing Protocol interface subcommands
sna SNA pu configuration
snapshot Configure snapshot support on the interface
snmp Modify SNMP interface parameters
source Get config from another source
spanning-tree Spanning Tree Subsystem

Its not there.

So How can I do ICMP input rate limiting on the input of my Internet facing interface on IOS 16.8?

Cheers,

John