EasyManua.ls Logo

Cisco WS-C6506 - Page 434

Cisco WS-C6506
1488 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
15-38
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Using VACLs in Your Network
Console> (enable) show rate-limit
Configured Rate Limiter Settings:
Rate Limiter Type Status Rate (pps) Burst
-------------------- ------ -------------- -----
VACL LOG On 2500 1
ARP INSPECTION On 1000 1
FIB RECEIVE Off * *
FIB GLEAN Off * *
L3 SEC FEATURES Off * *
Console> (enable)
Configuring Rate Limiting on a Per-Port Basis
You can rate limit the number of ARP traffic-inspection packets that are sent to the supervisor engine
CPU on a per-port basis. If the rate exceeds the drop-threshold, the excess packets are dropped (and
counted toward the shutdown-threshold limit). If the rate exceeds the shutdown-threshold, the port
that is specified by mod/port is shut down. By default, both threshold values are 0 (no per-port rate
limiting is applied). The maximum value for both thresholds is 1000 packets-per second (pps).
To rate limit the number of ARP traffic-inspection packets that are sent to the CPU per port, perform this
task in privileged mode:
This example shows how to rate limit the number of ARP traffic-inspection packets that are sent to the
CPU on a per-port basis. The drop-threshold is set to 700, and the shutdown threshold is set to 800 for
port 3/1:
Console> (enable) set port arp-inspection 3/1 drop-threshold 700 shutdown-threshold 800
Drop Threshold=700, Shutdown Threshold=800 set on port 3/1.
Console> (enable)
Console> (enable) show port arp-inspection 3/1
Port Drop Threshold Shutdown Threshold
------------------------ -------------- ------------------
3/1 700 800
Console> (enable)
Configuring the errdisable-timeout Option for ARP Traffic Inspection
You configure the errdisable-timeout option for ARP traffic inspection by using the set
errdisable-timeout {enable | disable} arp-inspection command. For detailed information on the
errdisable-timeout option, see the “Configuring a Timeout Period for Ports in errdisable State” section
on page 4-12.
Task Command
Step 1
Rate limit the number of ARP traffic-inspection
packets that are sent to the supervisor engine CPU on
a per-port basis.
set port arp-inspection mod/port
drop-threshold packets_per_second
shutdown-threshold packets_per_second
set port arp-inspection mod/port
drop-threshold packets_per_second
set port arp-inspection mod/port
shutdown-threshold packets_per_second
Step 2
Display the drop and shutdown thresholds. show port arp-inspection {[mod/port] | [mod]}

Table of Contents

Related product manuals