Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference, Release 5.1.x
Excessive Punt Flow Trap Commands
Downloads: This chapterpdf (PDF - 1.37MB) The complete bookPDF (PDF - 4.66MB) | Feedback

Excessive Punt Flow Trap Commands

Excessive Punt Flow Trap Commands

This module describes the Cisco IOS XR software commands used to configure the Excessive Punt Flow Trap commands for Broadband Network Gateway (BNG) on the Cisco ASR 9000 Series Router. For details regarding the related configurations, refer to the Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide.

lpts punt excessive-flow-trap

To activate the Excessive Punt Flow Trap feature and to enter the control plane policer configuration mode, use the lpts punt excessive-flow-trap command in global configuration mode. To exit the control plane policer configuration mode and disable the Excessive Punt Flow Trap feature, use the no form of this command.

lpts punt excessive-flow-trap { subscriber-interfaces | non-subscriber-interfaces | penalty-rate | penalty-timeout }

no lpts punt excessive-flow-trap { subscriber-interfaces | non-subscriber-interfaces | penalty-rate | penalty-timeout }

Syntax Description

subscriber-interfaces

Enables the Excessive Punt Flow Trap for subscriber interfaces.

non-subscriber-interfaces

Enables the Excessive Punt Flow Trap for non-subscriber interfaces.

penalty-rate

Sets the penalty policing rate for a protocol.

penalty-timeout

Sets the penalty timeout for a protocol.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to enable the Excessive Punt Flow Trap feature in the global configuration mode:
RP/0/RSP0/CPU0:router(config)# lpts punt excessive-flow-trap
RP/0/RSP0/CPU0:router(config-control-plane-policer)# 

Related Commands

Command

Description

show lpts punt excessive-flow-trap

Displays the running configuration for the Excessive Punt Flow Trap feature.  

lpts punt excessive-flow-trap non-subscriber-interfaces

To enable the Excessive Punt Flow Trap feature on non-subscriber interfaces, use the lpts punt excessive-flow-trap non-subscriber-interfaces command in global configuration mode. To disable the Excessive Punt Flow Trap feature on subscriber interfaces, use the no form of this command.

lpts punt excessive-flow-trap non-subscriber-interfaces

no lpts punt excessive-flow-trap non-subscriber-interfaces

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to enable the Excessive Punt Flow Trap feature on the non-subscriber interfaces in the global configuration mode:
RP/0/RSP0/CPU0:router(config)# lpts punt excessive-flow-trap non-subscriber-interfaces
RP/0/RSP0/CPU0:router(config)# 

Related Commands

Command

Description

show lpts punt excessive-flow-trap

Displays the running configuration for the Excessive Punt Flow Trap feature.  

lpts punt excessive-flow-trap penalty-rate

To set the penalty policing rate for a protocol, use the lpts punt excessive-flow-trap penalty-rate command in global configuration mode. To restore the default penalty-rate, use the no form of this command.

lpts punt excessive-flow-trap penalty-rate { trace | arp | icmp | dhcp | pppoe | ppp | igmp | ip | l2tp | all | interface | information } penalty_rate

no punt excessive-flow-trap penalty-rate { trace | arp | icmp | dhcp | pppoe | ppp | igmp | ip | l2tp | all | interface | information }

Syntax Description

default

Sets the default penalty policing rate for all protocols.

arp

Sets the penalty policing rate for the ARP protocol.

icmp

Sets the penalty policing rate for the ICMP protocol.

dhcp

Sets the penalty policing rate for the DHCP protocol.

pppoe

Sets the penalty policing rate for the PPPoE protocol.

ppp

Sets the penalty policing rate for the PPP protocol.

igmp

Sets the penalty policing rate for the IGMP protocol.

ip

Sets the penalty policing rate for the IPv4 protocol.

l2tp

Sets the penalty policing rate for the L2TP protocol.

Command Default

The default packets per seconds(pps) is 10 pps.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to set the penalty policing rate of 4 pps for the ARP protocol in the global configuration mode:
RP/0/RSP0/CPU0:router(config)# lpts punt excessive-flow-trap penalty-rate arp 4
RP/0/RSP0/CPU0:router(config)# 

Related Commands

Command

Description

lpts punt excessive-flow-trap

Enables the Excessive Punt Flow Trap feature.  

lpts punt excessive-flow-trap penalty-timeout

To set the penalty timeout value for a protocol, use the lpts punt excessive-flow-trap penalty-timeout command in global configuration mode. To restore the default penalty timeout value, use the no form of this command.

lpts punt excessive-flow-trap penalty-timeout { trace | arp | icmp | dhcp | pppoe | ppp | igmp | ip | l2tp | all | interface | information } timeout

no lpts punt excessive-flow-trap penalty-timeout { trace | arp | icmp | dhcp | pppoe | ppp | igmp | ip | l2tp | all | interface | information }

Syntax Description

default

Sets the default penalty timeout for all protocols.

arp

Sets the penalty timeout for the ARP protocol.

icmp

Sets the penalty timeout for the ICMP protocol.

dhcp

Sets the penalty timeout for the DHCP protocol.

pppoe

Sets the penalty timeout for the PPPoE protocol.

ppp

Sets the penalty timeout for the PPP protocol.

igmp

Sets the penalty timeout for the IGMP protocol.

ip

Sets the penalty timeout for the IPv4 protocol.

l2tp

Sets the penalty timeout for the L2TP protocol.

Command Default

The default value in minutes is 15.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to set the penalty timeout value of 70 minutes for the DHCP protocol in the global configuration mode:
RP/0/RSP0/CPU0:router(config)# lpts punt excessive-flow-trap penalty-timeout dhcp 70
RP/0/RSP0/CPU0:router(config)# 

Related Commands

Command

Description

lpts punt excessive-flow-trap

Enables the Excessive Punt Flow Trap feature.  

lpts punt excessive-flow-trap subscriber-interfaces

To enable the Excessive Punt Flow Trap feature on subscriber interfaces, use the lpts punt excessive-flow-trap subscriber-interfaces command in global configuration mode. To disable the Excessive Punt Flow Trap feature on subscriber interfaces, use the no form of this command.

lpts punt excessive-flow-trap subscriber-interfaces

no lpts punt excessive-flow-trap subscriber-interfaces

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to enable the Excessive Punt Flow Trap feature for subscriber interfaces in the global configuration mode:
RP/0/RSP0/CPU0:router(config)# lpts punt excessive-flow-trap subscriber-interfaces
RP/0/RSP0/CPU0:router(config)# 

Related Commands

Command

Description

show lpts punt excessive-flow-trap

Displays the running configuration for the Excessive Punt Flow Trap feature.  

show lpts punt excessive-flow-trap

To display the running configuration for the Excessive Punt Flow Trap feature, use the show lpts punt excessive-flow-trap command in the EXEC mode.

show lpts punt excessive-flow-trap { protocol | interface | type | interface-path-id | information }

Syntax Description

protocol
Enter the protocol type.
  • arp—Displays ARP bad actors.
  • icmp—Displays ICMP bad actors.
  • dhcp—Displays DHCP bad actors.
  • pppoe—Displays PPPoE bad actors.
  • ppp—Displays PPP bad actors.
  • igmp—Displays IGMP bad actors.
  • ipv4—Displays IPv4 bad actors.
  • l2tp—Displays L2TP bad actors.
  • all—Displays bad actors for all protocols.
interface

Displays the bad actors on an interface. For more information on the interface types, use the question mark (?) online help function.

type

Specifies the interface type. For more information, use the question mark (?) online help function.

interface-path-id

Either a physical interface instance or a virtual interface instance as follows:

  • Physical interface instance. Naming notation is rack/slot/module/port and a slash between values is required as part of the notation.
    • rack: Chassis number of the rack.
    • slot: Physical slot number of the modular services card or line card.
    • module: Module number. A physical layer interface module (PLIM) is always 0.
    • port: Physical port number of the interface.
    Note   

    In references to a Management Ethernet interface located on a route processor card, the physical slot number is alphanumeric (RSP0 ) and the module is CPU0. Example: interface MgmtEth0/RSP0 /CPU0/0.

  • Virtual interface instance. Number range varies depending on interface type.

For more information about the syntax for the router, use the question mark (?) online help function.

information

Displays the Excessive Punt Flow Trap feature information.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

lpts

read

basic-services

read, write

Examples

The show running-config output for the above show lpts punt excessive-flow-trap command is:
RP/0/RSP0/CPU0:router# show running-config lpts punt excessive-flow-trap
lpts punt excessive-flow-trap
 penalty-rate arp 15
 penalty-rate pppoe 25
 penalty-timeout arp 2
 non-subscriber-interfaces

This table describes the significant fields shown in the display.

Table 1 show lpts punt excessive-flow-trap Field Descriptions

Field

Description

penalty-rate

The penalty policing rate for a protocol. For arp the value is 15 and for pppoe the value is 2.

penalty-timeout

The penalty timeout value for a protocol. For arp the value is 2.

Related Commands

Command

Description

lpts punt excessive-flow-trap

Enables the Excessive Punt Flow Trap feature.  

show lpts punt excessive-flow-trap information

To display the Excessive Punt Flow Trap feature information, use the show lpts punt excessive-flow-trap information command in the EXEC mode.

show lpts punt excessive-flow-trap information

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

lpts

read

basic-services

read, write

Examples

This is an example of show lpts punt excessive-flow-trap information command with ARP and PPPoE protocols configured with non-default values:

RP/0/RSP0/CPU0:router# show lpts punt excessive-flow-trap information

--------------------------------------------------------------
  Global Default Values -
         Police Rate: 10 pps
     Penalty Timeout: 15 mins

--------------------------------------------------------------
              Police         Penalty
              Rate (pps)     Timeout (mins)
 Protocol   Default Config   Default Config   Punt Reasons
 --------   --------------   --------------   ----------------
 ARP           10     15        15      2     ARP
                                              Reverse ARP
                                              Dynamic ARP Inspection (DAI)

 ICMP          10     -         15     -      ICMP
                                              ICMP-local
                                              ICMP-app
                                              ICMP-control
                                              ICMP-default

 DHCP          10     -         15     -      DHCP Snoop Request
                                              DHCP Snoop Reply

 PPPOE         10     25        15     -      PPP over Ethernet (PPPoE)
                                              PPPoE packets for RSP
                                              PPPoE packet/config mismatch
                                              PPPoE packet/config mismatch for RSP

 PPP           10     -         15     -      Point-to-Point Protocol (PPP)
                                              PPP packets for RSP

 IGMP          10     -         15     -      IGMP
                                              IGMP Snoop
                                              MLD Snoop

 IPv4/v6       10     -         15     -      IP Subscriber (IPSUB)
                                              IPv4 options
                                              IPv4 FIB
                                              IPv4 TTL exceeded
                                              IPv4 fragmentation needed
                                              IPv4/v6 adjacency
                                              IPV4/v6 unknown IFIB
                                              UDP-known
                                              UDP-listen
                                              Generic Routing Encap (GRE) bad flags
                                              UDP-default
                                              TCP-known
                                              TCP-listen
                                              TCP-cfg-peer
                                              TCP-default
                                              Raw-listen
                                              Raw-default

 L2TP          10     -         15     -      Layer 2 Tunneling Protocol, version 2 (L2TPv2)
                                              L2TPv2-default
                                              L2TPv2-known
                                              L2TPv3

The corresponding show running-config output for the above show lpts punt excessive-flow-trap information command is:
RP/0/RSP0/CPU0:router# show running-config lpts punt excessive-flow-trap
lpts punt excessive-flow-trap
 penalty-rate arp 15
 penalty-rate pppoe 25
 penalty-timeout arp 2
 non-subscriber-interfaces

This table describes the significant fields shown in the display.

Table 2 show lpts punt excessive-flow-trap information Field Descriptions

Field

Description

penalty-rate

The penalty policing rate for a protocol. For arp the value is 15 and for pppoe the value is 25.

penalty-timeout

The penalty timeout value for a protocol. For arp the value is 2.

Related Commands

Command

Description

lpts punt excessive-flow-trap

Enables the Excessive Punt Flow Trap feature.  

show lpts punt excessive-flow-trap interface

To display the penalty status of an interface for one or all protocols, use the show lpts punt excessive-flow-trap interface command in the EXEC mode.

show lpts punt excessive-flow-trap interface type interface-path-id [ protocol ]

Syntax Description

type

Specifies the interface type. For more information, use the question mark (?) online help function.

interface-path-id

Either a physical interface instance or a virtual interface instance:

  • Physical interface instance. Naming notation is rack/slot/module/port and a slash between values is required as part of the notation.
    • rack: Chassis number of the rack.
    • slot: Physical slot number of the modular services card or line card.
    • module: Module number. A physical layer interface module (PLIM) is always 0.
    • port: Physical port number of the interface.
    Note   

    In references to a Management Ethernet interface located on a route processor card, the physical slot number is alphanumeric (RSP0 ) and the module is CPU0. Example: interface MgmtEth0/RSP0 /CPU0/0.

  • Virtual interface instance. Number range varies depending on interface type.

For more information about the syntax for the router, use the question mark (?) online help function.

protocol
Specifies the protocol type.
  • arp—Displays ARP bad actors.
  • icmp—Displays ICMP bad actors.
  • dhcp—Displays DHCP bad actors.
  • pppoe—Displays PPPoE bad actors.
  • ppp—Displays PPP bad actors.
  • igmp—Displays IGMP bad actors.
  • ipv4—Displays IPv4 bad actors.
  • l2tp—Displays L2TP bad actors.
  • all—Displays bad actors for all protocols.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

lpts

read

basic-services

read, write

Examples

The sample output for the show lpts punt excessive-flow-trap ip command is:
RP/0/RSP0/CPU0:router# show lpts punt excessive-flow-trap ip
Interface: Bundle-Ether1.100               
         Intf Handle: 0x08000320                            Location: 0/6/CPU0
            Protocol: IPv4/v6                            Punt Reason: Raw-default
        Penalty Rate: 10 pps                         Penalty Timeout: 15 mins                         
      Time Remaining: 14 mins 31 secs

This table describes the significant fields shown in the display.

Table 3 show lpts punt excessive-flow-trap interface Field Descriptions

Field

Description

Intf Handle

The interface handler for the Bundle Ether interface.

location

The location of the interface.

protocol

Specifies if it uses the IPv4 or IPv6 protocol.

punt reason

The reason to punt the excessive flow trap.

penalty-rate

The penalty policing rate for a protocol in pps.

penalty-timeout

The penalty timeout value for a protocol in minutes.

Related Commands

Command

Description

lpts punt excessive-flow-trap

Enables the Excessive Punt Flow Trap feature.  

show lpts punt excessive-flow-trap protocol

To display a list of interfaces that are in the penalty box for one or all protocols, use the show lpts punt excessive-flow-trap protocol command in the EXEC mode.

show lpts punt excessive-flow-trap protocol

Syntax Description

protocol
Enter the protocol type.
  • arp—Displays ARP bad actors.
  • icmp—Displays ICMP bad actors.
  • dhcp—Displays DHCP bad actors.
  • pppoe—Displays PPPoE bad actors.
  • ppp—Displays PPP bad actors.
  • igmp—Displays IGMP bad actors.
  • ipv4—Displays IPv4 bad actors.
  • l2tp—Displays L2TP bad actors.
  • all—Displays bad actors for all protocols.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The protocol option in the show lpts punt excessive-flow-trap protocol command points to the protocol type. The show output for each of the protocol differs depending on the protocol type you select on the router.

Task ID

Task ID Operation

lpts

read

basic-services

read, write

Examples

The sample output for the show lpts punt excessive-flow-trap ip command is:
RP/0/RSP0/CPU0:router# show lpts punt excessive-flow-trap ip
Interface: Bundle-Ether1.100               
         Intf Handle: 0x08000320                            Location: 0/6/CPU0
            Protocol: IPv4/v6                            Punt Reason: Raw-default
        Penalty Rate: 10 pps                         Penalty Timeout: 15 mins                         
      Time Remaining: 14 mins 31 secs

This table describes the significant fields shown in the display.

Table 4 show lpts punt excessive-flow-trap interface Field Descriptions

Field

Description

Intf Handle

The interface handler for the Bundle Ether interface.

location

The location of the interface.

protocol

Specifies if it uses the IPv4 or IPv6 protocol.

punt reason

The reason to punt the excessive flow trap.

penalty-rate

The penalty policing rate for a protocol in pps.

penalty-timeout

The penalty timeout value for a protocol in minutes.

Related Commands

Command

Description

lpts punt excessive-flow-trap

Enables the Excessive Punt Flow Trap feature.