Cisco Nexus 9000 Series Configuration Manual page 502
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring a Control Plane Policy Map
Command or Action
switch(config-pmap)# class ClassMapA
switch(config-pmap-c)#
Step 4
Enter one of the following commands:
• police [cir] {cir-rate [rate-type]}
• police [cir] {cir-rate [rate-type]} [bc] burst-size
[burst-size-type]
• police [cir] {cir-rate [rate-type]]} conform transmit
[violate drop]
Example:
switch(config-pmap-c)# police cir 52000 bc 1000
packets
Example:
switch(config-pmap-c)# police cir 3400 kbps bc
200 kbytes
Step 5
(Optional) logging drop threshold [drop-count [level
syslog-level]]
Example:
switch(config-pmap-c)# logging drop threshold 100
Step 6
(Optional) set cos cos-value
Example:
switch(config-pmap-c)# set cos 1
Step 7
exit
Example:
switch(config-pmap-c)# exit
switch(config-pmap)#
Step 8
exit
Example:
switch(config-pmap)# exit
switch(config)#
Step 9
(Optional) show policy-map type control-plane [expand]
[name class-map-name]
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
476
Configuring Control Plane Policing
Purpose
Specifies the committed information rate (CIR). The rate
range is as follows:
• 0 to 268435456 pps (for Cisco Nexus 9300 and 9500
Series and 3164Q, 31128PQ, 3232C, and 3264Q
switches)
• 0 to 80000000000 bps/gbps/kbps/mbps (for Cisco
Nexus 9200 Series switches)
Note
The CIR rate range starts with 0. In previous
releases, the CIR rate range starts with 1. A
value of 0 drops the packet.
The committed burst (BC) range is as follows:
• 1 to 1073741 packets (for Cisco Nexus 9300 and 9500
Series and 3164Q, 31128PQ, 3232C, and 3264Q
switches)
• 1 to 512000000 bytes/kbytes/mbytes (for Cisco Nexus
9200 Series switches)
The conform transmit action transmits the packet.
You can specify the BC and conform action for
Note
the same CIR.
Specifies the threshold value for dropped packets and
generates a syslog if the drop count exceeds the configured
threshold. The range for the drop-count argument is from
1 to 8000000000 bytes. The range for the syslog-level
argument is from 1 to 7, and the default level is 4.
Specifies the 802.1Q class of service (CoS) value. The
range is from 0 to 7. The default value is 0.
Exits policy map class configuration mode.
Exits policy map configuration mode.
Displays the control plane policy map configuration.
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
