29-4
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter29 Conf iguring Control-Plane Security
Configuring Control-Plane Security
This example shows the default policers assigned to NNIs. Most protocols have no policers assigned to
NNIs. A value of 255 means that no policer is assigned to t he po rt f or t he p rot ocol .
Switch #show platform policer cpu interface gigabitethernet 0/1
Policers assigned for CPU protection
=========================================================
Feature Policer Physical
Index Policer
=========================================================
Gi0/1
STP 1 255
LACP 2 255
8021X 3 255
RSVD_STP 4 255
PVST_PLUS 5 255
CDP 6 255
DTP 7 255
UDLD 8 255
PAGP 9 255
VTP 10 255
CISCO_L2 11 255
KEEPALIVE 12 255
SWITCH_MAC 13 255
SWITCH_ROUTER_MAC 14 255
SWITCH_IGMP 15 255
SWITCH_L2PT 16 255
Configuring Control-Plane Security
CPU policers are pre-allocated. You can configure only the rate-limiting threshold. The configured
threshold applies to all protocols and all UNIs.
Note During normal Layer 2 operation, you cannot ping the switch through a UNI. This restrict ion does not
apply to NNIs. See the “Using Ping” section on page 36-10 for ways to enable ping in a test situation.
Beginning in privileged EXEC mode, follow these steps to set the threshold rate for CPU protection:
To return to the default threshold rate, use the no policer cpu uni global configuration command.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 policer cpu uni rate Configure the CPU protection policing threshold rate. The range is
from 8000 to 409500 bits per second (bps). The default, if none is
configured, is 160000 bps.
Step3 end Return to privileged EXEC mode.
Step4 show policer cpu uni rate Verify the configured CPU policer rate.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.