PurposeCommand or Action
switch(config)# class-map type control-plane
match-any c-map2
switch(config-cmap)#
(Optional) match access-group name access-list-name
Step 9
Example:
switch(config-cmap)# match access-group name
IP-foo-1
Specifies a control plane policy map and enters policy map
configuration mode. The policy map name can have a
maximum of 64 characters and is case sensitive.
policy-map type control-plane policy-map-name
Example:
switch(config)# policy-map type control-plane
ClassMapA
switch(config-pmap)#
Step 10
Specifies a control plane class map name or the class
default and enters control plane class configuration mode.
class {class-map-name [insert-before class-map-name2]
| class-default}
Step 11
Example:
The class-default class map is always at the end of the
class map list for a policy map.
switch(config-pmap)# class ClassMap2
switch(config-pmap-c)#
Specifies the committed information rate (CIR). The rate
range is as follows:
Enter one of the following commands:
Step 12
• police [cir] {cir-rate [rate-type]}
The committed burst (BC) range is as follows:
• police [cir] {cir-rate [rate-type]} [bc] burst-size
[burst-size-type]
• police [cir] {cir-rate [rate-type]]} conform transmit
[violate drop]
Example:
switch(config-pmap-c)# police cir 52000 bc 1000
packets
Example:
switch(config-pmap-c)# police cir 3400 kbps bc
200 kbytes
Enters the control plane dynamic configuration mode.control-plane Dynamic mode
Example:
Step 13
switch(config)# control-plane dynamic mode
switch(config-cp-dyn)#
Specifies a policy map for the input traffic. ENd
service-policy-dynamic input policy-map-name
Example:
Step 14
switch(config-cp-dyn)# service-policy-dynamic
input PolicyMap1
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
485
Configuring Control Plane Policing
Configuring IP ACL Filtering for CoPP
To Next Page
Loading...
