CHAPTER 4
Control Plane Policing
The Control Plane Policing feature allows you to configure a quality of service (QoS) filter that manages
the traffic flow of control plane packets to protect the control plane of routers and switches against
reconnaissance and denial-of-service (DoS) attacks. In this way, the control plane (CP) can help maintain
packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch.
•
Finding Feature Information, page 29
•
Restrictions for Control Plane Policing, page 29
•
Information About Control Plane Policing, page 30
•
How to Use Control Plane Policing, page 36
•
Configuration Examples for Control Plane Policing, page 42
•
Additional References, page 42
•
Feature Information for Control Plane Policing, page 43
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Control Plane Policing
Input Rate-Limiting Support
Input rate-limiting is performed in silent (packet discard) mode. Silent mode enables a router to silently discard
packets using policy maps applied to input control plane traffic with the service-policy input command. For
more information, see the “Input Rate-Limiting and Silent Mode Operation” section.
QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
29
To Next Page
Loading...
