EasyManua.ls Logo

Cisco Catalyst 4500 Series - C H a P T E R 48 Configuring Control Plane Policing and Layer 2 Control Packet Qos

Cisco Catalyst 4500 Series
1610 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
48-2
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 48 Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Control Plane Policing
General Guidelines for Control Plane Policing, page 48-3
Default Configuration, page 48-4
Configuring CoPP for Control Plane Traffic, page 48-4
Configuring CoPP for Data Plane and Management Plane Traffic, page 48-5
Control Plane Policing Configuration Guidelines and Restrictions, page 48-8
Policing IPv6 Control Traffic, page 48-16
About Control Plane Policing
The control plane policing (CoPP) feature increases security on the Catalyst 4500 series switch by
protecting the CPU from unnecessary or DoS traffic and giving priority to important control plane and
management traffic. The classification TCAM and QoS policers provide CoPP hardware support.
Note CoPP is supported on the following: Supervisor 6-E and Catalyst 4900M beginning with Cisco IOS
Release 12.2(50)SG; Supervisor 6L-E in Cisco IOS Release 12.2(52)X0; Catalyst 4948-E beginning
with Cisco IOS Release 12.2(54)X0; Supervisor Engine 7-E beginning with Cisco IOS XE 3.1.0SG;
Supervisor Engine 7L-E beginning with Cisco IOS XE 3.2.0XO.
Traffic managed by the CPU is divided into three functional components or planes:
Data plane
Management plane
Control plane
You can use CoPP to protect most of CPU-bound traffic and to ensure routing stability, reachability, and
packet delivery. Most importantly, you can use CoPP to protect the CPU from a DoS attack.
By default, you receive a list of predefined ACLs matching a selected set of Layer 2 and Layer 3 control
plane packets. You can further define your preferred policing parameters for each of these packets and
modify the matching criteria of these ACLs.
The following table lists the predefined ACLs.
Predefined Named ACL Description
system-cpp-dot1x MAC DA = 0180.C200.0003
system-cpp-lldp MAC DA = 0180.C200.000E
system-cpp-mcast-cfm MAC DA = 0100.0CCC.CCC0 - 0100.0CCC.CCC7
system-cpp-ucast-cfm MAC DA = 0100.0CCC.CCC0
system-cpp-bpdu-range MAC DA = 0180.C200.0000 - 0180.C200.000F
system-cpp-cdp MAC DA = 0100.0CCC.CCCC (UDLD/DTP/VTP/Pagp)
system-cpp-sstp MAC DA = 0100.0CCC.CCCD
system-cpp-cgmp MAC DA = 01.00.0C.DD.DD.DD
system-cpp-hsrpv2 IP Protocol = UDP, IPDA = 224.0.0.102
system-cpp-ospf IP Protocol = OSPF, IP DA matches 224.0.0.0/24
system-cpp-igmp IP Protocol = IGMP, IP DA matches 224.0.0.0/3

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Administration Guide
Administration Guide1814 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals