146
The following illustration shows an example how to setting CoPP to deny/permit control packets to switch.
4.4.1. CoPP Configuration Examples
Figure 4-5:CoPP Configuration Topology
1. Create an extended ACL named test and configure rules for the ACL that deny ICMP, telnet and ssh
packets that matches the specified Source IP address (172.16.2.100/24).
(QCT) (Config)#ip access-list test
(QCT) (Config-ipv4-acl)#deny icmp 172.16.2.100 0.0.0.255 any
(QCT) (Config-ipv4-acl)#deny tcp 172.16.2.100 0.0.0.255 any eq 22
(QCT) (Config-ipv4-acl)#deny tcp 172.16.2.100 0.0.0.255 any eq telnet
2. Permit ICMP packets for the specified source IP address (172.16.1.100/24) and rate-limit is 1000kbps.
(QCT) (Config-ipv4-acl)#permit icmp 172.16.1.100 0.0.0.255 any rate-limit 1000 1
3. Permit any other packets.
(QCT) (Config-ipv4-acl)#permit every
(QCT) (Config-ipv4-acl)#exit
4. Binding ACL to control plane.
(QCT) (Config)#interface control-plane
(QCT) (if-control-plane)#ip access-group test
5. Verify the configuration.
To Next Page
Loading...
Need help?
General