Control Plane Policing Configuration Guidelines And Restrictions - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Configuring Control Plane Policing
*
Control Plane Policing Configuration Guidelines and Restrictions
When using (or configuring) control plane policing, consider these guidelines and restrictions:
All supervisor engines
When configuring CoPP, consider these guidelines:
•
•
•
•
•
•
•
•
Do not apply to Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, and Supervisor Engine 6L-E
•
•
•
•
1.
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
48-8
Class system-cpp-all-routers-on-subnet
Class system-cpp-ripv2
Class system-cpp-ip-mcast-linklocal
Class system-cpp-dhcp-cs
Class system-cpp-dhcp-sc
Class system-cpp-dhcp-ss
Class telnet-class
police 80000 1000 byte conform-action drop exceed-action drop
Only ingress CoPP is supported. Only the input keyword is supported in control plane-related CLIs.
Control plane traffic can be policed only through CoPP. Traffic cannot be policed at the input
interface or VLAN even though a policy map containing the control plane traffic is accepted when
the policy map is attached to an interface or VLAN.
Use ACLs and class maps to identify data plane and management plane traffic that are handled by
1
the CPU. U
ser defined class maps should be added to the system-cpp-policy policy map for CoPP.
The default system-cpp-policy policy map does not define actions for the system-defined class maps
(no policing).
The only action supported in system-cpp-policy is police.
You can use both MAC and IP ACLs to define data plane and management plane traffic classes.
However, if a packet also matches a predefined ACL for the control plane traffic, a police (or no
police) action will operate on the control plane class because the control plane classes appear above
the user-defined classes in the service policy.
The exceeding action policed-dscp-transmit is not supported for CoPP.
Do not use the log keyword in CoPP policy ACLs. Instead, if you want to determine if rogue packets
are arriving, view the output of the show policy-map interface command or use the span feature.
To police control plane traffic, use the system-defined class maps.
System-defined class maps cannot be used in policy maps for regular QoS.
The policy map named system-cpp-policy is dedicated for CoPP.
CoPP is not enabled unless global QoS is enabled and a police action is specified.
Chapter 48
Configuring Control Plane Policing and Layer 2 Control Packet QoS
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
