your xxx represets burst traffic parameters.
If you limit traffic is to 10 Mbps, with a normal burst size of 1,500,000 bytes. Traffic that does not conform is dropped. You can create burst how much you want. Its just if user reach 10 Mb limit then he/she can use burst traffic in the congestion. If you do not want any bust to be configured then use normal exceed-action drop.
See the following command in the example:
rate-limit input 10000000 1500000 exceed-action drop
there is another way to do rate limit by using plicy map.
ip access-list extended ACL_SLAP
permit ip any any
class-map match-all CLASS_SLAP
match access-group name ACL_SLAP
police 10000000 100000 exceed-action drop
service-policy input POLICY_SLAP
hope this will help.