Cisco Systems 4500 Switch User Manual

Open as PDF

of 1504

44-11

Software Configuration Guide—Release 15.0(2)SG

OL-23818-01

Chapter 44 Configuring Control Plane Policing and Layer 2 Control Packet QoS

Configuring Layer 2 Control Packet QoS

permit any 0180.c200.0000 0000.0000.000f Extended MAC access list

system-cpp-cdp

permit any host 0100.0ccc.cccc

Extended MAC access list system-cpp-cgmp

permit any host 0100.0cdd.dddd

Extended MAC access list system-cpp-dot1x

permit any host 0180.c200.0003

system-cpp-sstp

permit any host 0100.0ccc.cccd

To display one CoPP access list, enter the show access-lists system-cpp-cdp command:

Switch# show access-list system-cpp-cdp

Extended MAC access list system-cpp-cdp

permit any host 0100.0ccc.cccc

Switch#

Configuring Layer 2 Control Packet QoS

Layer 2 control packet QoS enables you to police control packets arriving on a physical port or LAN.

This section includes these topics:

• Understanding Layer 2 Control Packet QoS, page 44-11

• Default Configuration, page 44-11

• Enabling Layer 2 Control Packet QoS, page 44-12

• Disabling Layer 2 Control Packet QoS, page 44-13

• Layer 2 Control Packet QoS Configuration Examples, page 44-14

• Layer 2 Control Packet QoS Guidelines and Restrictions, page 44-16

Understanding Layer 2 Control Packet QoS

You might want to police incoming Layer 2 control packets such as STP, CDP, VTP, SSTP, BPDU,

EAPOL and LLDP on a specific port before the packets reach CPU. This could serve as a first line of

defense before aggregate traffic is subjected to policing (through CoPP). By default, policers cannot be

applied to Layer 2 control packets in the input direction. This prevents users from inadvertently policing

or dropping critical Layer 2 control packets.

While this approach protects a user who is wrongly policing control packets, it introduces a more serious

problem. If a flood of Layer 2 control packets is received on any of the switch interfaces at a very high

rate due to a DoS attack or to a loop introduced in the customer network because of misconfiguration,

CPU utilization can increase quickly. This can have adverse impacts such as loss of protocol keep-alives

and routing protocol updates. The Layer 2 control packet QoS feature allows you to police Layer 2

control packets at the port, VLAN, or port- VLAN level in the input direction.

Default Configuration

Layer 2 control packet QoS is disabled by default.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems 4500 Switch User Manual