Table of Contents
Advertisement
Configure Control Plane Policing
You can create a CoPP service policy on a per-protocol and/or a per-queue basis that serves as the system-
wide configuration for filtering and rate limiting control-plane traffic.
Configuring CoPP for Protocols
This section describes how to create a protocol-based CoPP service policy and apply it to control plane
traffic.
To create a protocol-based CoPP service policy, you must first create a Layer 2, Layer 3, and/or an IPv6 ACL
rule for specified protocol traffic. Then, create a QoS input policy to rate-limit the protocol traffic permitted
by the ACL. Associate the ACL and QoS policy for each protocol in a QoS input policy-map and apply the
complete protocol-based rate-limiting configuration to control-plane traffic.
For complete information about creating ACL rules and QoS policies, see
Quality of Service
(QoS).
1
Create a Layer 2 extended ACL for specified protocol traffic.
CONFIGURATION mode
mac access-list extended name cpu-qos
permit {arp | frrp | gvrp | isis | lacp | lldp | stp}
2
Create a Layer 3 extended ACL for specified protocol traffic.
CONFIGURATION mode
ip access-list extended name cpu-qos
permit {bgp | dhcp | dhcp-relay | ftp | icmp | igmp | msdp | ntp |
ospf | pim | rip | ssh | telnet | vrrp}
3
Create an IPv6 ACL for specified protocol traffic.
CONFIGURATION mode
ipv6 access-list name cpu-qos
permit {bgp | icmp | icmp-nd-na | icmp-nd-ns | icmp-rd-ra | icmp-rd-
rs | ospf | vrrp}
4
Create a QoS input policy to rate limit input traffic.
CONFIGURATION mode
qos-policy-input name cpu-qos
rate-police [rate-kbps] [burst-kbytes] peak [rate-kbps] [burst-kbytes]
5
Create a QoS class map to filter protocol traffic.
CONFIGURATION mode
class-map match-any name cpu-qos
match [ ip | ipv6 | mac ] access-group name
6
Create a QoS input-policy map to associate filtered protocol traffic with the rate limiting configuration.
Access Control Lists (ACLs)
Control Plane Policing (CoPP)
and
273
Advertisement
Table of Contents
Troubleshooting
