Rate-limit
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 10:01 AM
Hi everybody.
I have two Summit x670 (15.4.1.3) switches and I'd like to limit inbound broadcast, multicast and unknown unicast packets on specific ports. So, I've configured rate-limit to 500pps.
config port 3 rate-limit flood broadcast 500
config port 3 rate-limit flood multicast 500
config port 3 rate-limit flood unknown-destmac 500Then I see the output of "show ports 3 stat" command. I see only 10-20 pps, but Flood Rate Exceeded counter is increasing and I have log messages like
Flood Rate Limiting activated on Port 3
I have two Summit x670 (15.4.1.3) switches and I'd like to limit inbound broadcast, multicast and unknown unicast packets on specific ports. So, I've configured rate-limit to 500pps.
config port 3 rate-limit flood broadcast 500
config port 3 rate-limit flood multicast 500
config port 3 rate-limit flood unknown-destmac 500Then I see the output of "show ports 3 stat" command. I see only 10-20 pps, but Flood Rate Exceeded counter is increasing and I have log messages like
Flood Rate Limiting activated on Port 3
23 REPLIES 23
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 10:51 AM
Ok. But I have about 50 vlans on this port.
Anyway, this is an output of show l2stats vlan Default command.
Bridge interface on VLAN Default:
Total number of packets to CPU = 5.
Total number of packets learned = 48.
Bridge interface on VLAN Default:
Total number of packets to CPU = 8.
Total number of packets learned = 70.
Bridge interface on VLAN Default:
Total number of packets to CPU = 11.
Total number of packets learned = 104.
Bridge interface on VLAN Default:
Total number of packets to CPU = 14.
Total number of packets learned = 132.
Bridge interface on VLAN Default:
Total number of packets to CPU = 16.
Total number of packets learned = 142.
Bridge interface on VLAN Default:
Total number of packets to CPU = 18.
Total number of packets learned = 174.
Anyway, this is an output of show l2stats vlan Default command.
Bridge interface on VLAN Default:
Total number of packets to CPU = 5.
Total number of packets learned = 48.
Bridge interface on VLAN Default:
Total number of packets to CPU = 8.
Total number of packets learned = 70.
Bridge interface on VLAN Default:
Total number of packets to CPU = 11.
Total number of packets learned = 104.
Bridge interface on VLAN Default:
Total number of packets to CPU = 14.
Total number of packets learned = 132.
Bridge interface on VLAN Default:
Total number of packets to CPU = 16.
Total number of packets learned = 142.
Bridge interface on VLAN Default:
Total number of packets to CPU = 18.
Total number of packets learned = 174.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 10:39 AM
hello broadcast packets directly hit cpu.
unknown unicast [mac learning]
Total number of packets learned = 38837.
clear l2stats
show l2stats vlan-run this command 5 times with 1 sec interval to see how many
packets are hitting cpu.
unknown unicast [mac learning]
Total number of packets learned = 38837.
clear l2stats
show l2stats vlan
packets are hitting cpu.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 10:32 AM
I can write an acl like.
entry BCAST {
if {
ethernet-destination-address ff:ff:ff:ff:ff:ff;
}
then {
packet-count bcast-pkt;
}
}As to "show l2stats". I don't see any broadcast or multicast counters in output of this command. I see only
Bridge interface on VLAN Default:
Total number of packets to CPU = 2923.
Total number of packets learned = 38837.
Total number of IGMP control packets snooped = 255.
Total number of IGMP data packets switched = 218.
Total number of MLD control packets snooped = 0.
Total number of MLD data packets switched = 0.
entry BCAST {
if {
ethernet-destination-address ff:ff:ff:ff:ff:ff;
}
then {
packet-count bcast-pkt;
}
}As to "show l2stats". I don't see any broadcast or multicast counters in output of this command. I see only
Bridge interface on VLAN Default:
Total number of packets to CPU = 2923.
Total number of packets learned = 38837.
Total number of IGMP control packets snooped = 255.
Total number of IGMP data packets switched = 218.
Total number of MLD control packets snooped = 0.
Total number of MLD data packets switched = 0.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 10:16 AM
can you write an acl to count the ingress packets.
just to confirm what packets are seen.
show l2stats for that specific vlan.
see how many packets are multicast and how many are broadcast.
clear l2stats
show l2stats vlan
just to confirm what packets are seen.
show l2stats for that specific vlan.
see how many packets are multicast and how many are broadcast.
clear l2stats
show l2stats vlan
