Filter
Top Products
29-3
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
78-17058-01
Chapter 29 Configuring Control-Plane Security
Understanding Control-Plane Security
The switch automatically allocates 27 control-plane security policers for CPU protection. At system
bootup, it assigns a policer to each port numbered 0 to 26. The policer assigned to a port determines if
the protocol packets arriving on the port are rate-limited or dropped. A policer of 26 means a drop policer
and is a global policer; any traffic type shown as 26 on any port is dropped. A policer of a value of 0 to
25 means that a rate-limiting policer is assigned to the port for the protocol. The policers 0 to 23 are
logical identifiers for Fast Ethernet ports 1 to 24; policers 24 and 25 refer to Gigabit Ethernet ports 1 and
2, respectively. A policer value of 255 means that no policer is assigned to a protocol.
To see what policer actions are assigned to the protocols on an interface, enter the show platform
policer cpu interface interface-id privileged EXEC command. This example shows the default policer
configuration for a UNI. Because the port is Fast Ethernet 1, the identifier for rate-limited protocols is
0; a display for Fast Ethernet port 5 would display an identifier of 4. The Policer Index refers to the
specific protocol.
Switch# show platform policer cpu interface fastethernet 0/1
Policers assigned for CPU protection
=========================================================
Feature Policer Physical
Index Policer
=========================================================
Fa0/1
STP 1 26
LACP 2 26
8021X 3 26
RSVD_STP 4 26
PVST_PLUS 5 26
CDP 6 26
DTP 7 26
UDLD 8 26
PAGP 9 26
VTP 10 26
CISCO_L2 11 26
KEEPALIVE 12 0
SWITCH_MAC 13 26
SWITCH_ROUTER_MAC 14 26
SWITCH_IGMP 15 0
SWITCH_L2PT 16 26
CISCO_L2 (any other Cisco Layer 2 protocols
with the MAC address 01:00:0c:cc:cc:cc)
Dropped – Rate-limited if CDP,
DTP, UDLD, PAGP,
or VTP are Layer 2
tunneled
KEEPALIVE (MAC address, SNAP
encapsulation, LLC, Org ID, or HDLC packets)
Rate-limited – –
SWITCH L2PT Dropped Rate-limited when Layer 2
protocol tunneling is
enabled for any protocol.
Rate-limited
1. Layer 2 protocol traffic is rate-limited when Layer 2 protocol tunneling is enabled for any protocol on any port.
Table 29-1 CPU Protection Actions When Layer 2 Protocol Packets Are Received on a UNI (continued)
Protocol Default When Feature Is Enabled
When Layer 2
Protocol Tunneling
Is Enabled
1