Use the show ip arp inspection statistics command to display packet statistics on DAI-configured VLANs.
Advanced Integrated Security Features on High-End Catalyst Switches
In addition to the features previously discussed, several integrated security features are available on high-end
catalyst switches such as the Catalyst 6500 series and the Catalyst 7600 series switches. These features provide
protection from excessive or unnecessary traffic and against various types of DoS attacks.
The Cisco Catalyst series switches offer a strong set of integrated security features, including the following:
hardware- and software-based CPU rate limiters (for DoS protection), user-based rate limiting, hardware-based
MAC learning, uRPF check in hardware, TCP intercept hardware acceleration, and most important, the Control
Plane Policing (CoPP) feature. CoPP is also supported on all Cisco Integrated Services Routers (ISRs). One of the
main advantages is that most of these integrated security features are based on hardware and can be enabled
concurrently with no performance penalty.
Control Plane Policing (CoPP) Feature
The traffic managed by a device can be divided into three functional components or planes:
Data plane
Management plane
Control plane
The vast majority of traffic flows through the device via the data plane; however, the route processor handles
certain traffic, such as routing protocol updates, remote-access services, and network management traffic such as
SNMP.
Pages:
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198