Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch

OL-11615-01

Note CoPP is not enforced in hardware unless MLS QoS is globally enabled using the mls qos command.

Another important characteristic of CoPP in Supervisors 720 and 32 is that it does not support the

definition of non-IP traffic classes, with the exception of the class-default. Class-default is a default class

for all remaining traffic destined to the RP that does not match any other class. This default class allows

you to specify how to treat traffic that is not explicitly associated with any other user-defined classes.

The class-default is the only class in CoPP capable of handling both IP and non-IP traffic. User-defined

classes can only handle IP traffic.

Compared to the hardware-base rate limiters present on Supervisors 32 and 720 (refer to

Hardware-Based Rate Limiters on Supervisors 32 and 720, page 72), CoPP provides more granularity

and control. However, there are certain types of traffic that CoPP does not support in hardware, and for

which the hardware-based rate limiters might provide better support. For example, CoPP supports

multicast and broadcast traffic in software only, the available hardware-based rate limiters should be

used instead. ARP is another good example. CoPP cannot rate limit ARP packets neither in software or

hardware, the ARP policing rate limiter should be used instead. Other packet types not supported in

hardware include packets with TTL equal to 1, packets that fail the MTU check, packets with IP options,

and IP packets with errors.

CoPP helps protect the RP of Catalyst 6500 Series switches in more than one way. From a policing

perspective, by filtering traffic sent to the RP, CoPP ensures that only the expected protocols are allowed.

This effectively shields the control plane from unwanted and potentially malicious traffic. On the other

hand, by rate limiting the traffic sent to the RP, CoPP provides protection against large volumes of

packets that might be part of a DoS attack. This helps maintain network stability even during an attack.

For more information about CoPP on the Supervisors 32 and 720, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/dos.htm

Configuring CoPP on Supervisors 720 and 32 (Catalyst 6500)

To configure CoPP on Supervisors 720 and 32 (Catalyst 6500), perform the following steps:

Step 1 To enable CoPP on Supervisors 32 and 720, first enable MLS QOS:

Router(config)# mls qos

Step 2 Optionally, define the necessary ACLs to be used to match traffic classes:

Router((config)# ip access-list extended

access-list-name

Router((config-ext-nacl)# {permit | deny}

protocol

source

source-wildcard

destination

destination-wildcard

[precedence

precedence

] [tos

tos

] [established] [fragments]

Step 3 Classify the control plane traffic using the class-map command. The syntax for this command is as

follows:

Router((config)# class-map

traffic_class_name

The class-map command defines the class map name and enables a configuration mode for defining the

class. Within the traffic class configuration mode, use the match command to associate specific traffic

with the class. The syntax for this command is as follows:

Router((config-cmap)# match {ip precedence} |{ip dscp} |

access-group

Note Currently only one match clause is supported per class-map in Supervisors 32 and 720.