Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
51525354555657585960
52
OL-11615-01
Step 2 Optionally, enable error recovery from the dynamic ARP inspection error-disable state. By default, every
time the rate of incoming ARP packets exceeds the configured limit, the switch places the port in the
error-disabled state.
Enabling error-disable recovery allows ports to automatically emerge from this state after a specified
timeout period. Use the errdisable recovery global configuration command:
Switch(config)# errdisable recovery {cause arp-inspection | interval
interval
}
This example shows how to set an upper limit for the number of incoming packets (100 pps) and to
specify a burst interval (1 second):
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface g3/31
Switch(config-if)# ip arp inspection limit rate 100 burst interval 1
Switch(config-if)# exit
Switch(config)# errdisable recovery cause arp-inspection
Switch(config)# exit
For more information on Dynamic ARP Inspection on Catalyst 4500 Series switches running Cisco IOS,
refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_31s/conf/dynarp.htm
For more information on Dynamic ARP Inspection on Catalyst 6500 Series switches running Cisco IOS,
refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/dynarp.htm
Control Plane Policing
Control Plane Policing (CoPP) is a security infrastructure feature available on Catalyst 6500 and 4500
Series switches running Cisco IOS that allows the configuration of QoS policies that rate limit the traffic
handled by the main CPU of the switch. This protects the control plane of the switch from direct DoS
attacks and reconnaissance activity. This section provides implementation information for CoPP on
Supervisors 720 and 32 (Catalyst 6500), and Catalyst 4500 Series switches and provides additional
deployment instructions and guidelines. It includes the following topics:
CoPP Technology Overview, page 53
CoPP on Supervisors 720 and 32 (Catalyst 6500), page 54
CoPP on Catalyst 4500, page 57
Defining CoPP Traffic Classes, page 61
Recommended CoPP Deployment Methodology, page 62
Sample CoPP Configuration, page 64