EasyManua.ls Logo

Cisco Catalyst 4500 Series - Layer 2 Control Packet Qos Configuration Examples

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
57-18
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 57 Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Layer 2 Control Packet QoS
Layer 2 Control Packet QoS Configuration Examples
You can use CoPP and Layer 2 control packet QoS together to prevent DoS attacks to the CPU. In the
following example, BPDUs arriving on interface gi3/1, VLAN 1 and VLAN 2 are limited to 32 Kbps and
34 Kbps, respectively. Aggregate BPDU traffic to CPU then is further rate-limited to 50 Kbps using
CoPP.
Switch(config)# qos control-packets
Switch(config)# policy-map police_bpdu_1
Switch(config-pmap)# class system-control-packet-bpdu-range
Switch(config-pmap-c)# police 32k 1000
Switch(config-pmap-c-police)# exit
Switch(config-pmap-c)# exit
Switch(config-pmap)# policy-map police_bpdu_2
Switch(config-pmap)# class system-control-packet-bpdu-range
Switch(config-pmap-c)# police 34k
Switch(config-pmap-c-police)# exit
Configuring Layer 2 Control Packet QoS
Switch(config)# interface gi3/1
Switch(config-if)# vlan-range 1
Switch(config-if-vlan-range)# service-policy in police_bpdu_1
Switch(config-if-vlan-range)# exit
Switch(config-if)# interface gi3/2
Switch(config-if)# vlan-range 2
Switch(config-if-vlan-range)# service-policy in police_bpdu_1
Switch(config-if-vlan-range)# exit
Configuring Control Plane Policy
CDP-VTP mac access-list extended system-control-packet-cdp-vtp
permit any host 0100.0ccc.cccc
class-map match-any system-control-packet-cdp-vtp
match access-group name system-control-packet-cdp-vtp
EAPOL mac access-list extended system-control-packet-eapol
permit any any 0x888E
class-map match-any system-control-packet-eapol
match access-group name system-control-packet-eapol
LLDP mac access-list extended system-control-packet-lldp
permit any host 0180.c200.000e
class-map match-any system-control-packet-lldp
match access-group name system-control-packet-lldp
PROTOCOL
TUNNEL
mac access-list extended system-control-packet-protocol-tunnel
permit any host 0100.0ccd.cdd0
class-map match-any system-control-packet-protocol-tunnel
match access-group name system-control-packet-protocol-tunnel
Table 57-2 Packet Types and Auto-Generated MACL/Class Maps
Packet Type Auto-Generated MACL/Class Map

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Administration Guide
Administration Guide1814 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals