CPU Protection Commands
Page 216 7450 ESS System Mangement Guide
Description Provides the construct under which the different entries within CPU policy can define the match cri-
teria and overall arrival rate of the Ethernet Configuration and Fault Management (ETH-CFM) pack-
ets at the CPU.
Default None
entry
Syntax entry <entry> levels <levels> opcodes <opcodes> rate <packet-rate-limit>
no entry
Context config>sys>security>cpu-protection>eth-cfm>
Description Builds the specific match and rate criteria. Up to ten entries may exist in up to four CPU protection
policies.
The no form of the command reverses the match and rate criteria configured.
Default no entry
Parameters rate — Specifies a packet rate limit in frames per second, where a ‘0’ means drop all.
Values 1 —100
level — Specifies a domain level.
Values all Wildcard entry level
range 0 —7: within specified range, multiple ranges allowed
number 0 ... 7: specific level number, may be combined with range
opcode — Specifies an operational code that identifies the application.
Values range 0 —255: within specified range, multiple ranges allowed
number 0 .. .255: specific level number, may be combined with range
out-profile-rate
Syntax out-profile-rate packet-rate-limit [log-event]
no out-profile-rate
Context config>sys>security>cpu-protection>policy
Description This command applies a packet arrival rate limit for the entire SAP/interface, above which packets
will be market as discard eligible. The rate defined is a global rate limit for the interface regardless of
the number of traffic flows. It is a per-SAP/interface rate.
The no form of the command sets out-profile-rate parameter back to the default value.
Default 3000 for cpu-protection-policy-id 1-253
6000 for cpu-protection-policy-id 254 (default access interface policy)
3000 for cpu-protection-policy-id 255 (default network interface policy)
To Next Page
Loading...
