Configuring Layer 2 Control Packet Qos - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 57
Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Layer 2 Control Packet QoS
Layer 2 control packet QoS enables you to police control packets arriving on a physical port or LAN.
This section includes these topics:
•
•
•
•
•
•
Understanding Layer 2 Control Packet QoS
You might want to police incoming Layer 2 control packets such as STP, CDP, VTP, SSTP, BPDU,
EAPOL and LLDP on a specific port before the packets reach CPU. This could serve as a first line of
defense before aggregate traffic is subjected to policing (through CoPP). By default, policers cannot be
applied to Layer 2 control packets in the input direction. This prevents users from inadvertently policing
or dropping critical Layer 2 control packets.
While this approach protects a user who is wrongly policing control packets, it introduces a more serious
problem. If a flood of Layer 2 control packets is received on any of the switch interfaces at a very high
rate due to a DoS attack or to a loop introduced in the customer network because of misconfiguration,
CPU utilization can increase quickly. This can have adverse impacts such as loss of protocol keep-alives
and routing protocol updates. The Layer 2 control packet QoS feature allows you to police Layer 2
control packets at the port, VLAN, or port- VLAN level in the input direction.
Default Configuration
Layer 2 control packet QoS is disabled by default.
Enabling Layer 2 Control Packet QoS
To enable Layer 2 control packet QoS, perform this task:
Command
Step 1
Switch# config terminal
Step 2
Switch(config)# [no] qos control-packets
[bpdu-range | cdp-vtp | eapol | sstp |
protocol-tunnel | lldp]
Step 3
Switch(config)# end
Step 4
Switch# show run | inc qos control-packets
Table 57-1
Understanding Layer 2 Control Packet QoS, page 57-15
Default Configuration, page 57-15
Enabling Layer 2 Control Packet QoS, page 57-15
Disabling Layer 2 Control Packet QoS, page 57-17
Layer 2 Control Packet QoS Configuration Examples, page 57-18
Layer 2 Control Packet QoS Guidelines and Restrictions, page 57-20
lists the types of packets impacted by this feature.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Configuring Layer 2 Control Packet QoS
Purpose
Enters configuration mode.
Enables QoS on all or a specific packet type.
Use the no keyword to disable QoS on all or a specific
packet type.
Exits configuration mode.
Verifies the configuration.
57-15
Advertisement
Chapters
Table of Contents
Troubleshooting
