[c-nsp] Limiting number of ARP entries for 802.1q subinterfaces
Kenny Sallee
k_sallee at yahoo.com
Thu Sep 15 11:08:49 EDT 2005
Just curious: why would you want to limit the number
of learned MAC Addresses?
Kenny
--- oboehmer at cisco.com wrote:
> I'm not really sure if the previous suggestions
> address your issue. You
> don't want to limit the number of mac-addresses
> learned over a given
> switchport, but you want to limit the number of ARP
> entries resolved via
> ARP on a routed/L3 interface.
>
> I don't know of any (Rodney?), but which problem are
> you trying to
> solve?
>
> One obvious solution would be to use a smaller
> networks (a /24 on the
> interface can have at most 253 ARP entries, so you
> have a natural limit)
> ;-)
>
> oli
>
>
> Murilo Antonio Pugliese <> wrote on Thursday,
> September 15, 2005 4:39
> PM:
>
> > Ok, so it's feasible to limit the amount of
> learned MAC addresses
> > on L3 802.1q subinterface of a 7600 Series Router.
> >
> > And so, are you guys confident that this
> functionality cannot be
> > achieve at a 7500 Series Router ?
> >
> >
> > -----Mensagem original-----
> > De: Rubens Kuhl Jr. [mailto:rubensk at gmail.com]
> > Enviada em: quinta-feira, 15 de setembro de 2005
> 11:08
> > Para: Marko Milivojevic
> > Cc: cisco-nsp at puck.nether.net
> > Assunto: Re: [c-nsp] Limiting number of ARP
> entries for 802.1q
> > subinterfaces
> >
> >
> > I would add
> > switchport port-security violation restrict
> >
> > 'shutdown' action is probably unwanted.
> >
> > Also of notice is a possible bug with IPv6 router
> discovery MACs that
> > somehow got into port-security static MAC table.
> Disabling IPv6
> > provided a workaround.
> >
> >
> > Rubens
> >
> > On 9/15/05, Marko Milivojevic
> <markom at pangalactic.net> wrote:
> >>
> >> It may not work in your environment
> (definitely won't work
> >> for 7500), but 7600 is essentially a switch.
> Being that, it allows
> >> you to do:
> >>
> >> int fa0/1
> >> switchport
> >> switchport trunk encapsulation do1q
> >> switchport mode trunk
> >> switchport trunk allowed vlan 200
> >> switchport port-security
> >> ! this is from the head -- check syntax
> >> switchport port-security maximum 50 vlan 200
> >> !
> >> interface vlan200
> >> ip address ...
> >> !
> >>
> >> The configuration above will effectively
> limit the number of
> >> learnet MAC addresses in VLAN 200 on interface
> Fa0/1, while still
> >> providing L3 "termination".
> >>
> >> Marko.
> >>
> >> Everton da Silva Marques wrote:
> >>> Is there an option to limit the maximum
> >>> number of MAC addresses that a 7500/7600
> >>> router is willing to learn for one L3
> >>> 802.1q subinterface? Something like:
> >>>
> >>> interface FastEthernet0/1.200
> >>> encapsulation dot1q 200
> >>> ip arp cache maximum-mac-addresses 50
> >>>
> >>> Otherwise, would anyone suggest another
> >>> way to create a similar, per-VLAN limit
> >>> for ARP entries?
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >>
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the cisco-nsp
mailing list