[c-nsp] Cat4500 High CPU with Multicast Stream
Antonio Soares
amsoares at netcabo.pt
Thu Jul 14 08:24:06 EDT 2011
Guys,
The CoPP config did work perfectly. This was our config:
Switch(config)# qos
Switch(config)# macro global apply system-cpp
Switch(config)# policy-map system-cpp-policy
Switch(config-pmap)# system-cpp-all-systems-on-subnet
Switch(config-pmap-c)# police 32000 1000 conform-action transmit
exceed-action drop
Switch(config-pmap)# system-cpp-all-routers-on-subnet
Switch(config-pmap-c)# police 32000 1000 conform-action transmit
exceed-action drop
Switch(config-pmap)# class system-cpp-ip-mcast-linklocal
Switch(config-pmap-c)# police 32000 1000 conform-action transmit
exceed-action drop
No side effects until now :)
Thanks for all the contributions.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
-----Original Message-----
From: Antonio Soares [mailto:amsoares at netcabo.pt]
Sent: quarta-feira, 13 de Julho de 2011 18:17
To: 'Phil Mayers'
Cc: 'cisco-nsp at puck.nether.net'
Subject: RE: [c-nsp] Cat4500 High CPU with Multicast Stream
I will be applying CoPP today:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configur
ation/guide/cntl_pln.html
Something like:
Switch(config)# qos
Switch(config)# macro global apply system-cpp
Switch(config)# policy-map system-cpp-policy
Switch(config-pmap)# class system-cpp-ip-mcast-linklocal
Switch(config-pmap-c)# police 32000 1000 conform-action transmit
exceed-action drop
Switch(config-pmap-c)# end
I will let you know if it works as expected.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
-----Original Message-----
From: Phil Mayers [mailto:p.mayers at imperial.ac.uk]
Sent: quarta-feira, 13 de Julho de 2011 16:53
To: Antonio Soares
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cat4500 High CPU with Multicast Stream
On 07/13/2011 04:46 PM, Antonio Soares wrote:
> Thanks, I'm feeling better now :)
>
> So in my case, one 4500 with "ip routing" enabled and "ip
multicast-routing"
> disabled, what could be simple and quick to implement ?
I'm not familiar with Cat4500 I'm afraid.
On a 6500 I would do this:
ip access-list standard DENY_MULTI
deny 224.0.0.0 15.255.255.255
int VlanXXX
ip multicast boundary DENY_MULTI
...it might work on that platform. As others have pointed out, some
legitimate traffic uses 224.0.0.0/24 e.g. HSRP, VRRP, PIM, OSPF, etc. so
be careful with this.
Or use a plain access list on the ethernet port.
More information about the cisco-nsp
mailing list