! Create class map which calls ! on the ACL class-map ICMP match access-group 100 exit ! Create policy map which calls ! on the class map policy-map ICMP-POLICY class ICMP ! ! ! ! !
Tell the policy map that if
ICMP traffic is seen, that this traffic should be rate limited down to 8Kbps, and anything over that should be dropped
police 8000 conform-action transmit exceed-action drop
exit exit ! Apply the policy with to the ! logical "control-plane" with ! a service-policy command ! We need to go into control-plane ! configuration: control-plane ! ! ! ! !
Apply the service policy, so that
when any ICMP traffic is being sent TO the router (regardless of physical interface) it will be policed (rate limited).
service-policy input ICMP-POLICY
end ! To verify it is in place: show policy-map control-plane ! Now to test it !