[c-nsp] Limiting number of ARP entries for 802.1q subinterfaces
Rubens Kuhl Jr.
rubensk at gmail.com
Thu Sep 15 10:08:13 EDT 2005
I would add
switchport port-security violation restrict
'shutdown' action is probably unwanted.
Also of notice is a possible bug with IPv6 router discovery MACs that
somehow got into port-security static MAC table. Disabling IPv6
provided a workaround.
On 9/15/05, Marko Milivojevic <markom at pangalactic.net> wrote:
> It may not work in your environment (definitely won't work for 7500), but
> 7600 is essentially a switch. Being that, it allows you to do:
> int fa0/1
> switchport trunk encapsulation do1q
> switchport mode trunk
> switchport trunk allowed vlan 200
> switchport port-security
> ! this is from the head -- check syntax
> switchport port-security maximum 50 vlan 200
> interface vlan200
> ip address ...
> The configuration above will effectively limit the number of learnet MAC
> addresses in VLAN 200 on interface Fa0/1, while still providing L3
> Everton da Silva Marques wrote:
> > Is there an option to limit the maximum
> > number of MAC addresses that a 7500/7600
> > router is willing to learn for one L3
> > 802.1q subinterface? Something like:
> > interface FastEthernet0/1.200
> > encapsulation dot1q 200
> > ip arp cache maximum-mac-addresses 50
> > Otherwise, would anyone suggest another
> > way to create a similar, per-VLAN limit
> > for ARP entries?
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp