[c-nsp] sup720 protection on the 6500/7600
hjan
hjan at libero.it
Sun Feb 18 04:36:20 EST 2007
vince anton ha scritto:
> Looks like the tools available are CoPP and 'mls ip cef rate-limit' to limit
> traffic punted the MSFC, and the 'mls rate-limit' options, some of which are
> enabled by default.
>
CoPP is the tools!
> Also, is there a way to view the rate and therefore basline legit traffic
> punted to the MSFC in order to come up with a meaningful value for 'mls ip
> cef rate-limit' for a given network ?
>
You can setup a mirror session for traffic punted to cpu in this way:
conf t
monitor session 1 source interface some_not_used_interface
monitor session 1 destination interface g5/2 #the SUP 720 rj45 gigabit
interface connected to a PC with wireshark
exit
remote command switch test monitor add 1 rp-inband tx #all traffic
punted to cpu in mirrored to g5/2
In this way you can understood the control-plane traffic and you can
tune up CoPP policy rate-limiting.
Regards,
Gianluca
More information about the cisco-nsp
mailing list