Step 1 |
configure terminal
switch# configure terminal
switch(config)#
|
Enters global
configuration mode.
|
Step 2 |
hardware rate-limiter
access-list-log
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter access-list-log 200
|
Configures rate
limits in packets per second for packets copied to the supervisor module for
access list logging. The range is from 0 to 30000.
|
Step 3 |
hardware rate-limiter
copy
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter copy 30000
|
Configures rate
limits in packets per second for data and control packets copied to the
supervisor module. The range is from 0 to 30000.
Note
|
Layer 3
control, multicast direct-connect, and ARP request packets are controlled by
the Layer 2 copy rate limiter. The first two types of packets are also
controlled by Layer 3 rate limiters, and the last two types are also subject to
control plane policing (CoPP).
|
|
Step 4 |
hardware rate-limiter
f1 {rl-1 |
rl-2 |
rl-3 |
rl-4 |
rl-5 {packets |
disable} } [module
module
[port
start
end]]
switch(config)# hardware rate-limiter f1 rl-1 1000
|
Configures rate
limits in packets per second for F1 Series module packets. The range is from 0
to 30000.
Note
|
The
f1 {rl-1 |
rl-2 |
rl-3 |
rl-4 |
rl-5 } rate
limiters are the only rate limiters that are supported on F1 Series modules.
The other rate limiters are applicable only to the
F2 Series
and M1 Series modules.
|
|
Step 5 |
hardware rate-limiter layer-2
l2pt
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-2 l2pt 30000
|
Configures
rate limits in packets per second for Layer 2 tunnel protocol packets. The
range is from 0 to 30000.
|
Step 6 |
hardware rate-limiter
layer-2 mcast-snooping
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-2 mcast-snooping 20000
|
Configures
rate limits in packets per second for Layer 2 multicast-snooping packets. The
range is from 0 to 30000.
|
Step 7 |
hardware rate-limiter
layer-2 port-security
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-2 port-security 100000
|
Configures
rate limits in packets per second for port-security packets. The range is from
0 to 30000.
|
Step 8 |
hardware rate-limiter
layer-2 storm-control
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-2 storm-control 10000
|
Configures
rate limits in packets per second for broadcast, multicast, and unknown unicast
storm-control traffic. The range is from 0 to 30000.
|
Step 9 |
hardware rate-limiter
layer-2 vpc-low
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-2 vpc-low 10000
|
Configures
rate limits in packets per second for Layer 2 control packets over the VPC low
queue. The range is from 0 to 30000.
|
Step 10 |
hardware rate-limiter
layer-3 control
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-3 control 20000
|
Configures
rate limits in packets per second for Layer 3 control packets. The range is
from 0 to 30000.
|
Step 11 |
hardware rate-limiter
layer-3 glean
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-3 glean 200
|
Configures
rate limits in packets per second for Layer 3 glean packets. The range is from
0 to 30000.
|
Step 12 |
hardware rate-limiter
layer-3 glean-fast
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-3 glean-fast 500
|
Configures
rate limits in packets per second for Layer 3 glean fast-path packets. This
command sends packets to the supervisor from F2e, M1, or M2 Series modules. The
range is from 0 to 30000.
Glean fast
path optimizes the processing of glean packets by the supervisor. Specifically,
the line card provides the information needed to trigger an ARP within the
packet and relieves the supervisor from having to look up this information. The
packets sent to the supervisor using the glean fast path are rate limited
Note
|
Glean fast
path is enabled by default. If glean fast-path programming does not occur due
to adjacency resource exhaustion, the system falls back to regular glean
programming.
|
|
Step 13 |
hardware rate-limiter
layer-3 mtu
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-3 mtu 1000
|
Configures
rate limits in packets per second for Layer 3 MTU failure redirected packets.
The range is from 0 to 30000.
|
Step 14 |
hardware rate-limiter
layer-3 multicast
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-3 multicast 20000
|
Configures
rate limits in packets per second for Layer 3 multicast packets in packets per
second. The range is from 0 to 30000.
|
Step 15 |
hardware rate-limiter
layer-3 ttl
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter layer-3 ttl 1000
|
Configures
rate limits in packets per second for Layer 3 failed Time-to-Live redirected
packets. The range is from 0 to 30000.
|
Step 16 |
hardware rate-limiter
receive
{packets |
disable} [module
module [port
start
end]]
switch(config)# hardware rate-limiter receive 40000
|
Configures
rate limits in packets per second for packets redirected to the supervisor
module. The range is from 0 to 30000.
|
Step 17 |
exit
switch(config)# exit
switch#
|
Exits global
configuration mode.
|
Step 18 |
(Optional)
show hardware
rate-limiter [access-list-log |
copy
|
f1 {rl-1 |
rl-2 |
rl-3 |
rl-4 |
rl-5} |
layer-2 {l2pt |
mcast-snooping |
port-security |
storm-control |
vpc-low} |
layer-3 {control |
glean |
glean-fast |
mtu |
multicast |
ttl}
|
module
module |
receive]
switch# show hardware rate-limiter
|
(Optional)
Displays the
rate limit configuration.
|
Step 19 |
(Optional)
copy running-config
startup-config
switch# copy running-config startup-config
|
(Optional)
Copies the
running configuration to the startup configuration.
|