Understanding Control-Plane Security
25 means that a rate-limiting policer is assigned to the port for the protocol. The policers 0 to 23 are
logical identifiers for Fast Ethernet ports 1 to 24; policers 24 and 25 refer to Gigabit Ethernet ports 1 and
2, respectively. A policer value of 255 means that no policer is assigned to a protocol.
To see what policer actions are assigned to the protocols on an interface, enter the show platform
policer cpu interface interface-id privileged EXEC command.
This example shows the default policer configuration for a UNI. Because the port is Fast Ethernet 1, the
identifier for rate-limited protocols is 0; a display for Fast Ethernet port 5 would display an identifier of
4. The Policer Index refers to the specific protocol. The ASIC number shows when the policer is on a
different ASIC.
Because UNIs do not support STP, CDP, LLDP, LACP, and PAgP, these packets are dropped (physical
policer of 26). These protocols are disabled by default on ENIs as well, but you can enable them. When
enabled on ENIs, the control packets are rate limited and a rate-limiting policer is assigned to the port
for these protocols (physical policer of 22).
Switch# show platform policer cpu interface fastethernet 0/3
Policers assigned for CPU protection
===================================================================
Feature
===================================================================
Fa0/1
STP
LACP
8021X
RSVD_STP
PVST_PLUS
CDP
LLDP
DTP
UDLD
PAGP
VTP
CISCO_L2
KEEPALIVE
CFM
SWITCH_MAC
SWITCH_ROUTER_MAC
SWITCH_IGMP
SWITCH_L2PT
This example shows the policers assigned to a ENI when control protocols are enabled on the interface.
A value of 22 shows that protocol packets are rate limited for that protocol. When the protocol is not
enabled, the defaults are the same as for a UNI.
Switch# show platform policer cpu interface fastethernet0/23
Policers assigned for CPU protection
===================================================================
Feature
===================================================================
Fa0/23
STP
LACP
8021X
RSVD_STP
PVST_PLUS
CDP
LLDP
DTP
UDLD
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
32-4
Chapter 32
Policer
Physical
Index
Policer
1
26
2
26
3
26
4
26
5
26
6
26
7
26
8
26
9
26
10
26
11
26
12
26
13
0
14
255
15
26
16
26
17
0
18
26
Policer
Physical
Index
Policer
1
26
2
22
3
26
4
26
5
26
6
22
7
26
8
26
9
26
Configuring Control-Plane Security
Asic
Num
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Asic
Num
0
0
0
0
0
0
0
0
0
OL-9639-07