Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

57-18

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 57 Configuring Control Plane Policing and Layer 2 Control Packet QoS

Configuring Layer 2 Control Packet QoS

Layer 2 Control Packet QoS Configuration Examples

You can use CoPP and Layer 2 control packet QoS together to prevent DoS attacks to the CPU. In the

following example, BPDUs arriving on interface gi3/1, VLAN 1 and VLAN 2 are limited to 32 Kbps and

34 Kbps, respectively. Aggregate BPDU traffic to CPU then is further rate-limited to 50 Kbps using

CoPP.

Switch(config)# qos control-packets

Switch(config)# policy-map police_bpdu_1

Switch(config-pmap)# class system-control-packet-bpdu-range

Switch(config-pmap-c)# police 32k 1000

Switch(config-pmap-c-police)# exit

Switch(config-pmap-c)# exit

Switch(config-pmap)# policy-map police_bpdu_2

Switch(config-pmap)# class system-control-packet-bpdu-range

Switch(config-pmap-c)# police 34k

Switch(config-pmap-c-police)# exit

Configuring Layer 2 Control Packet QoS

Switch(config)# interface gi3/1

Switch(config-if)# vlan-range 1

Switch(config-if-vlan-range)# service-policy in police_bpdu_1

Switch(config-if-vlan-range)# exit

Switch(config-if)# interface gi3/2

Switch(config-if)# vlan-range 2

Switch(config-if-vlan-range)# service-policy in police_bpdu_1

Switch(config-if-vlan-range)# exit

Configuring Control Plane Policy

CDP-VTP mac access-list extended system-control-packet-cdp-vtp

permit any host 0100.0ccc.cccc

class-map match-any system-control-packet-cdp-vtp

match access-group name system-control-packet-cdp-vtp

EAPOL mac access-list extended system-control-packet-eapol

permit any any 0x888E

class-map match-any system-control-packet-eapol

match access-group name system-control-packet-eapol

LLDP mac access-list extended system-control-packet-lldp

permit any host 0180.c200.000e

class-map match-any system-control-packet-lldp

match access-group name system-control-packet-lldp

PROTOCOL

TUNNEL

mac access-list extended system-control-packet-protocol-tunnel

permit any host 0100.0ccd.cdd0

class-map match-any system-control-packet-protocol-tunnel

match access-group name system-control-packet-protocol-tunnel

Table 57-2 Packet Types and Auto-Generated MACL/Class Maps

Packet Type Auto-Generated MACL/Class Map

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E