Table of Contents
Advertisement
Configuring Control Plane Policing
class copp-system-p-class-exception
set cos 1
police cir 150 kbps bc 32000 bytes conform transmit violate drop
class copp-system-p-class-exception-diag
set cos 1
police cir 150 kbps bc 32000 bytes conform transmit violate drop
class copp-system-p-class-monitoring
set cos 1
police cir 150 kbps bc 128000 bytes conform transmit violate drop
class copp-system-p-class-l2-unpoliced
set cos 7
police cir 50 mbps bc 8192000 bytes conform transmit violate drop
class copp-system-p-class-undesirable
set cos 0
police cir 200 kbps bc 32000 bytes conform transmit violate drop
class copp-system-p-class-nat-flow
set cos 7
police cir 800 kbps bc 64000 bytes conform transmit violate drop
class copp-system-p-class-l2-default
set cos 0
police cir 400 kbps bc 32000 bytes conform transmit violate drop
class class-default
set cos 0
police cir 400 kbps bc 32000 bytes conform transmit violate drop
On Cisco Nexus 9300 and 9500 Series and 3164Q, 31128PQ, 3232C, and 3264Q switches, the strict CoPP
policy has the following configuration:
policy-map type control-plane copp-system-p-policy-strict
class copp-system-p-class-l3uc-data
set cos 1
police cir 250 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-critical
set cos 7
police cir 19000 pps bc 128 packets conform transmit violate drop
class copp-system-p-class-important
set cos 6
police cir 3000 pps bc 128 packets conform transmit violate drop
class copp-system-p-class-multicast-router
set cos 6
police cir 3000 pps bc 128 packets conform transmit violate drop
class copp-system-p-class-management
set cos 2
police cir 3000 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-multicast-host
set cos 1
police cir 2000 pps bc 128 packets conform transmit violate drop
class copp-system-p-class-l3mc-data
set cos 1
police cir 3000 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-normal
set cos 1
police cir 1500 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-ndp
set cos 6
police cir 1500 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-normal-dhcp
set cos 1
police cir 300 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-normal-dhcp-relay-response
set cos 1
police cir 400 pps bc 64 packets conform transmit violate drop
class copp-system-p-class-normal-igmp
set cos 3
police cir 6000 pps bc 64 packets conform transmit violate drop
class copp-system-p-class-redirect
set cos 1
police cir 1500 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-exception
set cos 1
police cir 50 pps bc 32 packets conform transmit violate drop
class copp-system-p-class-exception-diag
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
Control Plane Protection
117
Hide quick links:
Advertisement
Table of Contents
