51-15
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 51 Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Layer 2 Control Packet QoS
Switch(config)# policy-map police_bpdu_1
Switch(config-pmap)# class system-control-packet-bpdu-range
Switch(config-pmap-c)# police 32k 1000
Switch(config-pmap-c-police)# exit
Switch(config-pmap-c)# exit
Switch(config-pmap)# policy-map police_bpdu_2
Switch(config-pmap)# class system-control-packet-bpdu-range
Switch(config-pmap-c)# police 34k
Switch(config-pmap-c-police)# exit
Configuring Layer 2 Control Packet QoS
Switch(config)# interface gi3/1
Switch(config-if)# vlan-range 1
Switch(config-if-vlan-range)# service-policy in police_bpdu_1
Switch(config-if-vlan-range)# exit
Switch(config-if)# interface gi3/2
Switch(config-if)# vlan-range 2
Switch(config-if-vlan-range)# service-policy in police_bpdu_1
Switch(config-if-vlan-range)# exit
Configuring Control Plane Policy
Switch(config)# macro global apply system-cpp
Switch(config)# policy-map system-cpp-policy
Switch(config-pmap)# class system-cpp-bpdu-range
Switch(config-pmap-c)# police 50k
Switch(config-pmap-c-police)# exit
Switch(config-pmap-c)# exit
Note To reduce the consumption of policer resources, you can also use named-aggregate policers applied to a
group of ports or VLANs.
Note Do not modify class maps and MACLs that are auto-generated by the system. This action can cause
unexpected behavior when the switch reloads or when the running configuration is updated from a file.
To refine or modify system-generated class maps or MACLs, apply user-defined class maps and MACLs.
Note User defined class map names must begin with the prefix system-control-packet. If not, certain hardware
(Catalyst 4924, Catalyst 4948, Catalyst 4948-10GE, Supervisor Engine II-Plus, Supervisor Engine
II+10GE, Supervisor Engine V, and Supervisor Engine V-10GE) might not perform the configured QoS
action.
For example, the following are valid user-defined class map names to police Layer 2 control packets
because they begin with the prefix system-control-packet:
system-control-packet-bpdu1
system-control-packet-control-packet
No such restrictions exist on the names you can use for user-defined MACLs (access-groups).
The following example shows how to create user-defined MACLs and class maps to identify EAPOL and
BPDU packets. Because the auto-generated class map system-control-packet-bpdu range matches three
packet types (BPDU, EAPOL, and OAM), policing this traffic class affects all three packet types. To
police BPDU and EAPOL packets at different rates, you can set user-defined MACL and class map as
follows:
Switch(config)# mac access-list extended system-control-packet-bpdu
To Next Page
Loading...
