EasyManuals Logo

Cisco Catalyst 4500 Series Software Configuration Guide

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1522 background imageLoading...
Page #1522 background image
57-18
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 57 Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Layer 2 Control Packet QoS
Layer 2 Control Packet QoS Configuration Examples
You can use CoPP and Layer 2 control packet QoS together to prevent DoS attacks to the CPU. In the
following example, BPDUs arriving on interface gi3/1, VLAN 1 and VLAN 2 are limited to 32 Kbps and
34 Kbps, respectively. Aggregate BPDU traffic to CPU then is further rate-limited to 50 Kbps using
CoPP.
Switch(config)# qos control-packets
Switch(config)# policy-map police_bpdu_1
Switch(config-pmap)# class system-control-packet-bpdu-range
Switch(config-pmap-c)# police 32k 1000
Switch(config-pmap-c-police)# exit
Switch(config-pmap-c)# exit
Switch(config-pmap)# policy-map police_bpdu_2
Switch(config-pmap)# class system-control-packet-bpdu-range
Switch(config-pmap-c)# police 34k
Switch(config-pmap-c-police)# exit
Configuring Layer 2 Control Packet QoS
Switch(config)# interface gi3/1
Switch(config-if)# vlan-range 1
Switch(config-if-vlan-range)# service-policy in police_bpdu_1
Switch(config-if-vlan-range)# exit
Switch(config-if)# interface gi3/2
Switch(config-if)# vlan-range 2
Switch(config-if-vlan-range)# service-policy in police_bpdu_1
Switch(config-if-vlan-range)# exit
Configuring Control Plane Policy
CDP-VTP mac access-list extended system-control-packet-cdp-vtp
permit any host 0100.0ccc.cccc
class-map match-any system-control-packet-cdp-vtp
match access-group name system-control-packet-cdp-vtp
EAPOL mac access-list extended system-control-packet-eapol
permit any any 0x888E
class-map match-any system-control-packet-eapol
match access-group name system-control-packet-eapol
LLDP mac access-list extended system-control-packet-lldp
permit any host 0180.c200.000e
class-map match-any system-control-packet-lldp
match access-group name system-control-packet-lldp
PROTOCOL
TUNNEL
mac access-list extended system-control-packet-protocol-tunnel
permit any host 0100.0ccd.cdd0
class-map match-any system-control-packet-protocol-tunnel
match access-group name system-control-packet-protocol-tunnel
Table 57-2 Packet Types and Auto-Generated MACL/Class Maps
Packet Type Auto-Generated MACL/Class Map

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals