I have a question regarding ACE A2(3.4) features. Is it possible to set a rate-limit connections per sec from any source IP. For example, if a client is trying to GET a web page 10 time per sec I will send a reset or drop that connection.
I'm afraid this is not possible. With the ACE, you can only limit the connection rate on a server, but without taking the client Ip into account. The purpose of this feature is to avoid overloading a server, not preventing attacks.
You should check with your account team for alternatives. I'm not an expert on it, but I believe you should be able to achieve what you need with an IDS module.
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...