Distributed CPU Protection Commands
Page 228 7450 ESS System Mangement Guide
Description This command configures the enforcement method for the protocol.
Default dynamic local-mon-bypass
Parameters static — the protocol is always enforced using a static-policer. Multiple protocols can reference the
same static-policer. Packets of protocols that are statically enforced bypass any local monitors.
policer name — Specifies the name is a static-policer.
dynamic — A specific enforcement policer for this protocol for this SAP/object is instantiated when
the associated local-monitoring-policer is determined to be in a non-conformant state (at the end
of a minimum monitoring time of 60 seconds to reduce thrashing).
mon-policer-name — Specifies which local-monitoring-policer to use
local-mon-bypass — This parameter is used to not include packets from this protocol in the local
monitoring function, and when the local-monitor “trips”, do not instantiate a dynamic
enforcement policer for this protocol.
detection-time
Syntax detection-time seconds
Context config>system>security>dist-cpu-protection>policy>protocols>dynamic-parameters
Description When a dynamic enforcing policer is instantiated, it will remain allocated until at least a contiguous
conformant period of detection-time passes.
dynamic-parameters
Syntax dynamic-parameters
Context config>system>security>dist-cpu-protection>policy>protocols
Description The dynamic-parameters are used to instantiate a dynamic enforcement policer for the protocol when
the associated local-monitoring-policer is considered as exceeding its rate parameters (at the end of a
minimum monitoring time of 60 seconds).
log-events
Syntax [no] log-events [verbose]
Context config>system>security>dist-cpu-protection>policy>protocols>dynamic-parameters
Description This command controls the creation of log events related to dynamic enforcement policer status &
activity
Default log-events - send the Exceed (Excd) and Conform events
To Next Page
Loading...
