EasyManuals Logo

Cisco Catalyst 4500 Series Administration Guide

Cisco Catalyst 4500 Series
1814 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1350 background imageLoading...
Page #1350 background image
51-14
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 51 Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Layer 2 Control Packet QoS
Note TCAM resources are not consumed when the interface is in a down state.
Table 51-2 displays the auto-generated MACLs and class maps that are created when you enable the
feature on the corresponding packet type.
Layer 2 Control Packet QoS Configuration Examples
You can use CoPP and Layer 2 control packet QoS together to prevent DoS attacks to the CPU. In the
following example, BPDUs arriving on interface gi3/1, VLAN 1 and VLAN 2 are limited to 32 Kbps and
34 Kbps, respectively. Aggregate BPDU traffic to CPU then is further rate-limited to 50 Kbps using
CoPP.
Switch(config)# qos control-packets
Table 51-2 Packet Types and Auto-Generated MACL/Class Maps
Packet Type Auto-Generated MACL/Class Map
BPDU-range mac access-list extended system-control-packet-bpdu-range
permit any 0180.c200.0000 0000.0000.000c
class-map match-any system-control-packet-bpdu-range
match access-group name system-control-packet-bpdu-range
SSTP mac access-list extended system-control-packet-sstp
permit any host 0100.0ccc.cccd
class-map match-any system-control-packet-sstp
match access-group name system-control-packet-sstp
CDP-VTP mac access-list extended system-control-packet-cdp-vtp
permit any host 0100.0ccc.cccc
class-map match-any system-control-packet-cdp-vtp
match access-group name system-control-packet-cdp-vtp
EAPOL mac access-list extended system-control-packet-eapol
permit any any 0x888E
class-map match-any system-control-packet-eapol
match access-group name system-control-packet-eapol
LLDP mac access-list extended system-control-packet-lldp
permit any host 0180.c200.000e
class-map match-any system-control-packet-lldp
match access-group name system-control-packet-lldp
PROTOCOL
TUNNEL
mac access-list extended system-control-packet-protocol-tunnel
permit any host 0100.0ccd.cdd0
class-map match-any system-control-packet-protocol-tunnel
match access-group name system-control-packet-protocol-tunnel

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Message Guide
Message Guide146 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Datasheet
Datasheet11 pages
Preview: Overview
Overview46 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals