132 G8264 Application Guide for ENOS 8.4Rate Limiting BehaviorBecause ACL logging can be CPU‐intensive, logging is rate‐limited. By default, theswitch will log only 10 matching packets per second. This pool is shared by alllog‐enabled ACLs. The global rate limit can be changed as follows:Where the limit is specified in packets per second.Log IntervalFor each log‐enabled ACL, the first packet that matches the ACL initiates animmediate message in the system log. Beyond that, additional matches are subjectto the log interval. By default, the switch will buffer ACL log messages for a periodof 300 seconds. At the end of that interval, all messages in the buffer are written tothe system log. The global interval value can be changed as follows:Where the interval rate is specified in seconds.In any given interval, packets that have identical log information are condensedinto a single message. However, the packet count shown in the ACL log messagerepresents only the logged messages, which due to rate‐limiting, may besignificantly less than the number of packets actually matched by the ACL.Also, the switch is limited to 64 different ACL log messages in any interval. Oncethe threshold is reached, the oldest message will be discarded in favor of the newmessage, and an overflow message will be added to the system log.ACL Logging LimitationsACL logging reserves packet queue 1 for internal use. Features that allowremapping packet queues (such as CoPP) may not behave as expected if otherpacket flows are reconfigured to use queue 1.RS G8264(config)# access control log rate limit <1‐1000>RS G8264(config)# access control log interval <5‐600>
