Configuring Copp - Cisco WS-SUP32-GE-3B - Supervisor Engine 32 Software Configuration Manual

Configuring CoPP

•
•
•
•
Configuring CoPP
CoPP uses MQC to define traffic classification criteria and to specify the configurable policy actions for
the classified traffic. You must first identify the traffic to be classified by defining a class map. The class
map defines packets for a particular traffic class. After you have classified the traffic, you can create
policy maps to enforce policy actions for the identified traffic. The control-plane global configuration
command allows the CoPP service policies to be directly attached to the control plane.
For information on how to define the traffic classification criteria, refer to the
Classification" section on page
To configure CoPP, perform this task:
Command
Step 1
Router(config)# mls qos
Step 2
Router(config)# ip access-list extended
access-list-name
Router(config-ext-nacl)# {permit | deny}
protocol source source-wildcard
destination destination-wildcard
[precedence precedence] [tos tos]
[established] [log | log-input] [time-range
time-range-name] [fragments]
Step 3
Router(config)# class-map
traffic-class-name
Router(config-cmap)# match {ip precedence}
|{ip dscp} | access-group
Step 4
Router(config)# policy-map
service-policy-name
Router(config-pmap)# class
traffic-class-name
Router(config-pmap-c)# police
{bits-per-second [normal-burst-bytes]
[maximum-burst-bytes] [pir peak-rate-bps]}
|
action] [violate-action action]
Step 5
Router(config)# control-plane
Router(config-cp)#
Step 6
Router(config-cp)# service-policy input
service-policy-name
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
33-20
CoPP is not supported in hardware for multicast packets. The combination of ACLs, multicast CPU
rate limiters, and CoPP software protection provides protection against multicast DoS attacks.
CoPP does not support ACEs with the log keyword.
CoPP uses hardware QoS TCAM resources. Enter the show tcam utilization command to verify the
TCAM utilization.
CoPP does not support MAC ACLs.
[conform-action action] [exceed-action
33-22.
Purpose
Enables MLS QoS globally.
Defines ACLs to match traffic:
permit sets the conditions under which a
•
packet passes a named IP access list.
deny sets the conditions under which a packet
•
does not pass a named IP access list.
Note
Defines the packet classification criteria. Use the
match statements to identify the traffic associated
with the class.
Defines a service policy map. Use the class
traffic-class-name command to associate classes
to the service policy map. Use the police
statements to associate actions to the service
policy map.
Enters the control plane configuration mode.
Applies the QoS service policy to the control
plane.
Chapter 33 Configuring Denial of Service Protection
"Defining Traffic
You must configure ACLs in most cases to
identify the important or unimportant
traffic.
OL-11439-03