Thanks, can you know how to do that and apply to my VLAN ?

Thanks

Control plane policing to protect the control plane of Cisco IOS routers and switches itself against reconnaissance and denial-of-service (DoS) attacks, not for traffic "through" the device. If it's transit traffic, use QoS?

Hello,

I want to protect from ddos my customers. I'have 100Gbps in uplink but I want to protect some customers with only drop ip source automatically if they send more than 80 Mb/s to my customers.

I was in impression you like to to protect the switch with DDoS attacks, but if you looking Data devices connected on the switch.

Most of the nexus are in DC environment, they do not directly expose to Internet - Most of the DC environment protected with FW

IDS / IPS is the best option here, rather limited on switch ( still you can have ACL

example :

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x_chapter_010010.htm...

https://networkbitbucket.wordpress.com/2017/06/30/qos-acls-on-the-nexus-7k-platform/

Hi

Yes, but actually I use N9K for my edge router because I need to augmente capacity instead filtering of my network ^^. But now, i'have the capacity, so I check if can I do anything with my nexus for that.

But yes, I understand I must use a firewall

But I'm afraid that the firewall's CPU will overload in the event of an attack.

Do you have an idea of a model that is inexpensive and that would do the job?