Layer 2 Control Packet Qos Guidelines And Restrictions - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Policing IPv6 Control Traffic
Layer 2 Control Packet QoS Guidelines and Restrictions
When using (or configuring) Layer 2 control packet QoS, consider these guidelines and restrictions:
•
•
•
•
Policing IPv6 Control Traffic
On Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, and Supervisor Engine 6L-E, IPv6 control
packets such as OSPF, PIM and MLD can be policed on a physical port, VLAN, or control plane by
configuring IPv6 ACLs to classify such traffic and then applying a QoS policy to police such traffic.
The following examples show how to police OSPFv6, PIMv6 and MLD control traffic received on a port.
This example shows how to configure a traffic class to identify OSPFv6 control packets by its destination
IP v6 address:
Switch# config terminal
Enter configuration commands, one per line.
Switch(config)# ipv6 access-list ospfv6
Switch(config-ipv6-acl)# permit ipv6 any host ff02:5
Switch(config-ipv6-acl)# exit
Switch(config)# class-map ospfv6Class
Switch(config-camp)# match access-group name ospfv6
Switch(config-camp)# exit
The following example shows how to configure a traffic class to identify PIMv6 control packets by its
destination IPv6 address:
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
51-16
Switch(config-ext-macl)# permit any host 0180.c200.0000
Switch(config-ext-macl)# exit
Switch(config)# class-map match-any system-control-packet-bpdu
Switch(config-cmap)# match access-group name system-control-packet-bpdu
Switch(config-cmap)# exit
Switch(config)# mac access-list extended system-control-packet-eapol
Switch(config-ext-macl)# permit any host 0180.c200.0003
Switch(config-ext-macl)# exit
Switch(config)# class-map match-any system-control-packet-eapol
Switch(config-cmap)# match access-group name system-control-packet-eapol
Switch(config-cmap)# exit
When you enable Layer 2 control packet QoS, it applies to all ports on the switch. If Layer 2 control
packets are not explicitly classified in the policy attached to port or VLAN, the actions in
class-default will be applied as per normal QoS rules.
Place classifiers that match control packets at the beginning of a policy map followed by other traffic
classes, ensuring that Layer 2 control packets are not subjected to inadvertent QoS actions.
The application of default class (class-default) actions depends on the type of supervisor engine:
Supervisor Engine V-10GE with NetFlow support—Actions associated with class-default are
–
never applied on unmatched control packets; a default permit action is applied. Only actions
associated with class maps that begin with system-control-packet are applied on control
packets.
All other supervisor engines—Actions associated with class-default are applied on unmatched
–
control packets.
If you enable the feature on a BPDU range, EAPOL packets are policed only after the initial 802.1X
authentication phase completes.
Chapter 51
Configuring Control Plane Policing and Layer 2 Control Packet QoS
End with CNTL/Z.
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
