Cisco ME 3400G-2CS - Ethernet Access Switch Software Configuration Manual page 534

Chapter 29 Configuring Control-Plane Security
Table 29-1 CPU Protection Actions When Layer 2 Protocol Packets Are Received on a UNI (continued)
Protocol
CISCO_L2 (any other Cisco Layer 2 protocols
with the MAC address 01:00:0c:cc:cc:cc)
KEEPALIVE (MAC address, SNAP
encapsulation, LLC, Org ID, or HDLC packets)
SWITCH L2PT
1. Layer 2 protocol traffic is rate-limited when Layer 2 protocol tunneling is enabled for any protocol on any port.
The switch automatically allocates 27 control-plane security policers for CPU protection. At system
bootup, it assigns a policer to each port numbered 0 to 26. The policer assigned to a port determines if
the protocol packets arriving on the port are rate-limited or dropped. A policer of 26 means a drop policer
and is a global policer; any traffic type shown as 26 on any port is dropped. A policer of a value of 0 to
25 means that a rate-limiting policer is assigned to the port for the protocol. The policers 0 to 23 are
logical identifiers for Fast Ethernet ports 1 to 24; policers 24 and 25 refer to Gigabit Ethernet ports 1 and
2, respectively. A policer value of 255 means that no policer is assigned to a protocol.
To see what policer actions are assigned to the protocols on an interface, enter the show platform
policer cpu interface interface-id privileged EXEC command. This example shows the default policer
configuration for a UNI. Because the port is Fast Ethernet 1, the identifier for rate-limited protocols is
0; a display for Fast Ethernet port 5 would display an identifier of 4. The Policer Index refers to the
specific protocol.
Switch# show platform policer cpu interface fastethernet 0/1
Policers assigned for CPU protection
=========================================================
Feature
=========================================================
Fa0/1
STP
LACP
8021X
RSVD_STP
PVST_PLUS
CDP
DTP
UDLD
PAGP
VTP
CISCO_L2
KEEPALIVE
SWITCH_MAC
SWITCH_ROUTER_MAC
SWITCH_IGMP
SWITCH_L2PT
78-17058-01
Default When Feature Is Enabled
Dropped –
Rate-limited –
Dropped Rate-limited when Layer 2
protocol tunneling is
enabled for any protocol.
Policer
Index
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Understanding Control-Plane Security
When Layer 2
Protocol Tunneling
Is Enabled
Rate-limited if CDP,
DTP, UDLD, PAGP,
or VTP are Layer 2
tunneled
–
Rate-limited
Physical
Policer
26
26
26
26
26
26
26
26
26
26
26
0
26
26
0
26
1
29-3