CHAPTER 9
Configuring Control Plane Policing
This chapter contains the following sections:
•
About CoPP, page 109
•
Licensing Requirements for CoPP, page 125
•
Guidelines and Limitations for CoPP, page 125
•
Default Settings for CoPP, page 127
•
Configuring CoPP, page 127
•
Verifying the CoPP Configuration, page 135
•
Displaying the CoPP Configuration Status, page 137
•
Monitoring CoPP, page 137
•
Clearing the CoPP Statistics, page 138
•
Configuration Examples for CoPP, page 138
•
Additional References for CoPP, page 140
About CoPP
Control Plane Policing (CoPP) protects the control plane and separates it from the data plane, which ensures
network stability, reachability, and packet delivery.
This feature allows a policy map to be applied to the control plane. This policy map looks like a normal QoS
policy and is applied to all traffic entering the switch from a non-management port. A common attack vector
for network devices is the denial-of-service (DoS) attack, where excessive traffic is directed at the device
interfaces.
The Cisco NX-OS device provides CoPP to prevent DoS attacks from impacting performance. Such attacks,
which can be perpetrated either inadvertently or maliciously, typically involve high rates of traffic destined
to the supervisor module or CPU itself.
The supervisor module divides the traffic that it manages into three functional components or planes:
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
109
To Next Page
Loading...
