[c-nsp] Limiting number of ARP entries for 802.1q subinterfaces
Marko Milivojevic
markom at PanGalactic.net
Thu Sep 15 07:14:53 EDT 2005
It may not work in your environment (definitely won't work for 7500), but
7600 is essentially a switch. Being that, it allows you to do:
int fa0/1
switchport
switchport trunk encapsulation do1q
switchport mode trunk
switchport trunk allowed vlan 200
switchport port-security
! this is from the head -- check syntax
switchport port-security maximum 50 vlan 200
!
interface vlan200
ip address ...
!
The configuration above will effectively limit the number of learnet MAC
addresses in VLAN 200 on interface Fa0/1, while still providing L3
"termination".
Marko.
Everton da Silva Marques wrote:
> Is there an option to limit the maximum
> number of MAC addresses that a 7500/7600
> router is willing to learn for one L3
> 802.1q subinterface? Something like:
>
> interface FastEthernet0/1.200
> encapsulation dot1q 200
> ip arp cache maximum-mac-addresses 50
>
> Otherwise, would anyone suggest another
> way to create a similar, per-VLAN limit
> for ARP entries?
More information about the cisco-nsp
mailing list