Classes of traffic
The different classes of traffic that can be individually configured are:
acl-logging
: Access Control List logging packets.arp-broadcast
: Address Resolution Protocol packets with a broadcast destination MAC address.arp-unicast
: Address Resolution Protocol packets with a switch system destination MAC address.bfd-control
: Bidirectional Forwarding Detection (BFD) control packets with a destination IP address owned by the switch.bgp-ipv4
: Border Gateway Protocol packets with a destination IPv4 address owned by the switch and the Layer 4 protocol is TCP.dhcp
: Dynamic Host Configuration Protocol packets with a local destination address and the Layer 4 protocol is UDP. Also includes snooped DHCP packets if DHCP snooping is enabled.hypertext
: Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) packets.icmp-broadcast-ipv4
: Internet Control Message Protocol packets with the broadcast destination IPv4 address 255.255.255.255 or a destination IPv4 subnet broadcast address.icmp-multicast-ipv6
: Internet Control Message Protocol packets with a well-known multicast destination IPv6 address.icmp-unicast-ipv4
: Internet Control Message Protocol packets with a destination IPv4 address owned by the switchicmp-unicast-ipv6
: Internet Control Message Protocol packets with a destination IPv6 address owned by the switch.igmp
: Internet Group Management Protocol packets.ip-exceptions
: Internet Protocol exception packets with TTL == 1 that are forwarded through the switch (or hop limit == 1 in the case of ipv6), as well as ICMP redirects.ipsec
: Internet Protocol Security IPv4 or IPv6, unicast or configured multicast. All IPsec traffic received by the CPU will be regulated by the 'ipsec' class regardless of the encapsulated protocol.ipv4-options
: Unicast IPv4 packets including option headers.lacp
: Link Aggregation Control Protocol packets with the destination MAC address 01:80:c2:00:00:02.lldp
: Link Layer Discovery Protocol packets with the destination MAC address 01:80:c2:00:00:0e.loop-protect
: Loop Protection packets with the destination MAC address 09:00:09:09:13:a6.mirror-to-cpu
: Packets from mirroring session configured to deliver to the console.mld
: Multicast Listener Discovery packets of type V1 or V2 with an IPv6 address of FF00::/8, FF02::16 or FF02::2.mvrp
: Multiple VLAN Registration Protocol packets with the destination MAC address 01:80:c2:00:00:20 or 01:80:c2:00:00:21ntp
: Network Time Protocol packets with a destination address owned by the switch and the Layer 4 protocol is UDP.ospf-multicast
: Open Shortest Path First packets with the multicast destination IPv4 address 224.0.0.5 or 224.0.0.6, or IPv6 address FF02::5 or FF02::6. Also includes OSPF multicast packets received from a 6in6 tunnel.ospf-unicast
: Open Shortest Path First packets with a local destination IPv4 address or IPv6 address. Also includes OSPF unicast packets received from a 6in6 tunnel.pim
: Protocol Independent Multicast packets with the destination IPv4 address 224.0.0.13 or IPv6 address FF02::D, or Multicast Source Discovery Protocol (MSDP) packets, or with a destination IP address owned by the switch. Also includes PIM packets received from a 6in6 tunnel.sflow
: Packet headers sampled by the switch that will be sent to the sFlow collector.ssh
: Secure Shell (SSH) or Secure File Transfer Protocol (SFTP) packets. Dropping ssh packets will result in the connection to the CLI being lost.stp
: Spanning Tree Protocol (STP) packets with the destination MAC address 01:80:c2:00:00:00 or Per-VLAN Spanning Tree (PVST) packets with the destination MAC address 01:00:0c:cc:cc:cd.udld
: Unidirectional Link Detection packets with the destination MAC address 01:00:0c:cc:cc:cc or 00:e0:52:00:00:00.unknown-multicast
: Packets with an unknown multicast destination IP address. Also includes unknown multicast packets received from a 6in6 tunnel.unresolved-ip-unicast
: Packets to be software forwarded by management processor.vrrp
: Virtual Router Redundancy Protocol packets with the destination IPv4 address 224.0.0.18 or IPv6 address FF02:0:0:0:0:0:0:12.
All IPsec traffic received by the CPU will be regulated by the 'ipsec' class regardless of the encapsulated protocol.