Configuring Layer 2 Control Packet Qos - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 51
Configuring Control Plane Policing and Layer 2 Control Packet QoS
permit any 0180.c200.0000 0000.0000.000f Extended MAC access list
system-cpp-cdp
permit any host 0100.0ccc.cccc
Extended MAC access list system-cpp-cgmp
permit any host 0100.0cdd.dddd
Extended MAC access list system-cpp-dot1x
permit any host 0180.c200.0003
system-cpp-sstp
permit any host 0100.0ccc.cccd
To display one CoPP access list, enter the show access-lists system-cpp-cdp command:
Switch# show access-list system-cpp-cdp
Extended MAC access list system-cpp-cdp
permit any host 0100.0ccc.cccc
Switch#
Configuring Layer 2 Control Packet QoS
Layer 2 control packet QoS enables you to police control packets arriving on a physical port or LAN.
This section includes these topics:
•
•
•
•
•
•
Understanding Layer 2 Control Packet QoS
You might want to police incoming Layer 2 control packets such as STP, CDP, VTP, SSTP, BPDU,
EAPOL and LLDP on a specific port before the packets reach CPU. This could serve as a first line of
defense before aggregate traffic is subjected to policing (through CoPP). By default, policers cannot be
applied to Layer 2 control packets in the input direction. This prevents users from inadvertently policing
or dropping critical Layer 2 control packets.
While this approach protects a user who is wrongly policing control packets, it introduces a more serious
problem. If a flood of Layer 2 control packets is received on any of the switch interfaces at a very high
rate due to a DoS attack or to a loop introduced in the customer network because of misconfiguration,
CPU utilization can increase quickly. This can have adverse impacts such as loss of protocol keep-alives
and routing protocol updates. The Layer 2 control packet QoS feature allows you to police Layer 2
control packets at the port, VLAN, or port- VLAN level in the input direction.
Default Configuration
Layer 2 control packet QoS is disabled by default.
OL_28731-01
Understanding Layer 2 Control Packet QoS, page 51-11
Default Configuration, page 51-11
Enabling Layer 2 Control Packet QoS, page 51-12
Disabling Layer 2 Control Packet QoS, page 51-13
Layer 2 Control Packet QoS Configuration Examples, page 51-14
Layer 2 Control Packet QoS Guidelines and Restrictions, page 51-16
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring Layer 2 Control Packet QoS
51-11
Advertisement
Chapters
Table of Contents
Troubleshooting
