RES: [c-nsp] Limiting number of ARP entries for 802.1q subinterfaces

Marko Milivojevic markom at PanGalactic.net
Thu Sep 15 12:14:56 EDT 2005 

	Well, 7500 is not a switch - what I suggested and Rubens refined was 
(ab)using the switching abilities of 6500^W7600 :-)

Murilo Antonio Pugliese wrote:
> Ok, so it's feasible to limit the amount of learned MAC addresses 
> on L3 802.1q subinterface of a 7600 Series Router. 
> 
> And so, are you guys confident that this functionality cannot be achieve 
> at a 7500 Series Router ?
> 
> 
> -----Mensagem original-----
> De: Rubens Kuhl Jr. [mailto:rubensk at gmail.com]
> Enviada em: quinta-feira, 15 de setembro de 2005 11:08
> Para: Marko Milivojevic
> Cc: cisco-nsp at puck.nether.net
> Assunto: Re: [c-nsp] Limiting number of ARP entries for 802.1q
> subinterfaces
> 
> 
> I would add 
> switchport port-security violation restrict 
> 
> 'shutdown' action is probably unwanted.
> 
> Also of notice is a possible bug with IPv6 router discovery MACs that
> somehow got into port-security static MAC table. Disabling IPv6
> provided a workaround.
> 
> 
> Rubens
> 
> On 9/15/05, Marko Milivojevic <markom at pangalactic.net> wrote:
> 
>>        It may not work in your environment (definitely won't work for 7500), but
>>7600 is essentially a switch. Being that, it allows you to do:
>>
>>int fa0/1
>>  switchport
>>  switchport trunk encapsulation do1q
>>  switchport mode trunk
>>  switchport trunk allowed vlan 200
>>  switchport port-security
>>  ! this is from the head -- check syntax
>>  switchport port-security maximum 50 vlan 200
>>!
>>interface vlan200
>>  ip address ...
>>!
>>
>>        The configuration above will effectively limit the number of learnet MAC
>>addresses in VLAN 200 on interface Fa0/1, while still providing L3
>>"termination".
>>
>>Marko.
>>
>>Everton da Silva Marques wrote:
>>
>>>Is there an option to limit the maximum
>>>number of MAC addresses that a 7500/7600
>>>router is willing to learn for one L3
>>>802.1q subinterface? Something like:
>>>
>>>interface FastEthernet0/1.200
>>> encapsulation dot1q 200
>>> ip arp cache maximum-mac-addresses 50
>>>
>>>Otherwise, would anyone suggest another
>>>way to create a similar, per-VLAN limit
>>>for ARP entries?
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list