debug ip inspect policy: police

Unanswered Question
Sep 24th, 2008
User Badges:

I tried to run the above debug to get insight into zone based policy firewaling and it spiked the router to 99%. Most of what got logged were these rate-limit policy messages such as below. But I don't have anything purposely rate-limited. What are these "police" messages telling me? Thanks.


008998: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit


008999: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit


009000: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit


009001: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit


009002: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit


009003: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit


009004: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit


009005: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit


009006: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit


009007: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit


009008: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit


009009: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit


009010: *Sep 25 00:54:56.226 UTC: CBAC-C3PL*: Police: calling rate_limit


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Tue, 09/30/2008 - 15:17
User Badges:
  • Silver, 250 points or more

To display messages about Cisco IOS firewall events, use the debug ip inspect command in privileged EXEC mode. To disable debugging output, use the no form of this command.



mmedwid Tue, 09/30/2008 - 15:27
User Badges:

Thanks for the reply smahbub. The problem is not how to turn on the debug - the problem is that debug spiked my CPU. And it spiked it with those messages that I don't know what they are.

Actions

This Discussion