debug ip inspect policy: police

mmedwid · ‎09-24-2008

I tried to run the above debug to get insight into zone based policy firewaling and it spiked the router to 99%. Most of what got logged were these rate-limit policy messages such as below. But I don't have anything purposely rate-limited. What are these "police" messages telling me? Thanks.

008998: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit

008999: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit

009000: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit

009001: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit

009002: *Sep 25 00:54:56.218 UTC: CBAC-C3PL*: Police: calling rate_limit

009003: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit

009004: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit

009005: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit

009006: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit

009007: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit

009008: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit

009009: *Sep 25 00:54:56.222 UTC: CBAC-C3PL*: Police: calling rate_limit

009010: *Sep 25 00:54:56.226 UTC: CBAC-C3PL*: Police: calling rate_limit

smahbub · ‎09-30-2008

To display messages about Cisco IOS firewall events, use the debug ip inspect command in privileged EXEC mode. To disable debugging output, use the no form of this command.

mmedwid · ‎09-30-2008

Thanks for the reply smahbub. The problem is not how to turn on the debug - the problem is that debug spiked my CPU. And it spiked it with those messages that I don't know what they are.