Layer 2 Control Packet Qos Configuration Examples - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring Layer 2 Control Packet QoS
TCAM resources are not consumed when the interface is in a down state.
Note
Table 51-2
feature on the corresponding packet type.
Table 51-2
Packet Type
BPDU-range
SSTP
CDP-VTP
EAPOL
LLDP
PROTOCOL
TUNNEL
Layer 2 Control Packet QoS Configuration Examples
You can use CoPP and Layer 2 control packet QoS together to prevent DoS attacks to the CPU. In the
following example, BPDUs arriving on interface gi3/1, VLAN 1 and VLAN 2 are limited to 32 Kbps and
34 Kbps, respectively. Aggregate BPDU traffic to CPU then is further rate-limited to 50 Kbps using
CoPP.
Switch(config)# qos control-packets
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
51-14
displays the auto-generated MACLs and class maps that are created when you enable the
Packet Types and Auto-Generated MACL/Class Maps
Auto-Generated MACL/Class Map
mac access-list extended system-control-packet-bpdu-range
permit any 0180.c200.0000 0000.0000.000c
class-map match-any system-control-packet-bpdu-range
match access-group name system-control-packet-bpdu-range
mac access-list extended system-control-packet-sstp
permit any host 0100.0ccc.cccd
class-map match-any system-control-packet-sstp
match access-group name system-control-packet-sstp
mac access-list extended system-control-packet-cdp-vtp
permit any host 0100.0ccc.cccc
class-map match-any system-control-packet-cdp-vtp
match access-group name system-control-packet-cdp-vtp
mac access-list extended system-control-packet-eapol
permit any any 0x888E
class-map match-any system-control-packet-eapol
match access-group name system-control-packet-eapol
mac access-list extended system-control-packet-lldp
permit any host 0180.c200.000e
class-map match-any system-control-packet-lldp
match access-group name system-control-packet-lldp
mac access-list extended system-control-packet-protocol-tunnel
permit any host 0100.0ccd.cdd0
class-map match-any system-control-packet-protocol-tunnel
match access-group name system-control-packet-protocol-tunnel
Chapter 51
Configuring Control Plane Policing and Layer 2 Control Packet QoS
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
