RES: [c-nsp] Limiting number of ARP entries for 802.1q subinterfaces

Murilo Antonio Pugliese mpugliese at diveo.net.br
Thu Sep 15 10:39:12 EDT 2005 

Ok, so it's feasible to limit the amount of learned MAC addresses 
on L3 802.1q subinterface of a 7600 Series Router. 

And so, are you guys confident that this functionality cannot be achieve 
at a 7500 Series Router ?


-----Mensagem original-----
De: Rubens Kuhl Jr. [mailto:rubensk at gmail.com]
Enviada em: quinta-feira, 15 de setembro de 2005 11:08
Para: Marko Milivojevic
Cc: cisco-nsp at puck.nether.net
Assunto: Re: [c-nsp] Limiting number of ARP entries for 802.1q
subinterfaces


I would add 
switchport port-security violation restrict 

'shutdown' action is probably unwanted.

Also of notice is a possible bug with IPv6 router discovery MACs that
somehow got into port-security static MAC table. Disabling IPv6
provided a workaround.


Rubens

On 9/15/05, Marko Milivojevic <markom at pangalactic.net> wrote:
> 
>         It may not work in your environment (definitely won't work for 7500), but
> 7600 is essentially a switch. Being that, it allows you to do:
> 
> int fa0/1
>   switchport
>   switchport trunk encapsulation do1q
>   switchport mode trunk
>   switchport trunk allowed vlan 200
>   switchport port-security
>   ! this is from the head -- check syntax
>   switchport port-security maximum 50 vlan 200
> !
> interface vlan200
>   ip address ...
> !
> 
>         The configuration above will effectively limit the number of learnet MAC
> addresses in VLAN 200 on interface Fa0/1, while still providing L3
> "termination".
> 
> Marko.
> 
> Everton da Silva Marques wrote:
> > Is there an option to limit the maximum
> > number of MAC addresses that a 7500/7600
> > router is willing to learn for one L3
> > 802.1q subinterface? Something like:
> >
> > interface FastEthernet0/1.200
> >  encapsulation dot1q 200
> >  ip arp cache maximum-mac-addresses 50
> >
> > Otherwise, would anyone suggest another
> > way to create a similar, per-VLAN limit
> > for ARP entries?
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list