User-side hosts are prone to virus attacks. Infected hosts may send a large number of protocol packets to network devices, causing a high CPU usage and degraded performance on the devices and affecting services. You can configure the user-level rate limiting to resolve this problem. User-level rate limiting identifies users by user MAC addresses and limits the rates of specified packets for both wired and wireless users. By default, the threshold for each user MAC address is 10 pps.
The user-level rate limiting is more precise than CPCAR (based on switches) and port attack defense (based on interfaces) because it is user-specific and has little impact on online users.