Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch

OL-11615-01

Step 4 After the traffic is classified, you apply a policy action to each class, indicating whether to permit all

packets, to drop all packets, or to drop packets crossing a specified rate limit for that particular class. To

apply these policy actions use the policy-map command, which has the following syntax:

Router((config-pmap)# policy-map

service_policy_name

The policy-map command defines the policy map name and enables a configuration mode for defining

the policy. You then use the class command to associate one or more traffic classes with the policy. You

use the police command to define the policy action to apply. The syntax for these commands is as

follows:

Router((config-pmap)# class

traffic_class_name

Router((config-pmap-c)# police cir

bits-per-second

[bc

conform-burst-bytes

] [be

excess-burst-bytes

] [conform-action

action

] [exceed-action

action

]

Step 5 Apply the defined CoPP policy to the control plane by using the service-policy command from

control-plane configuration mode.

Router((config)# control-plane

Router((config-cp)# service-policy input

service_policy_name

Catalyst 6500 Series Switch CoPP Considerations and Restrictions

The following are important considerations and known restrictions that should be taken into account

prior to configuring CoPP:

• Because CoPP relies on the QoS implementation, CoPP policies are downloaded to the PFC and

DFCs only if QoS is enabled. For this reason, ensure that the mls qos command is enabled at the

global configuration mode for the PFC and each DFC where CoPP is required.

• CoPP does not support the definition of non-IP traffic classes except for the class-default. ACLs can

be used instead of non-IP classes to drop non-IP traffic. At the same time, class-default can be used

to limit non-IP traffic that reaches the RP CPU.

• On Supervisors 32 and 720, ARP policing is done with a QoS rate limiter rather than CoPP. Even

though there is a match protocol arp for CoPP on these supervisors, this type of traffic is processed

in software. Therefore, ARP policing should be configured with the hardware-based QoS rate limiter

using the mls qos protocol arp police bps command.

• Currently, only one match criteria is supported for each traffic class. To define multiple match rules

with a match-any criteria, split the match access-group statements among multiple class maps

instead of grouping them together.

• Prior to Cisco IOS software Release 12.2(18)SXE, only one match criteria was allowed for each

traffic class. When using one of these earlier releases, to define multiple match rules with a

match-any criteria, split the match access-group statements among multiple class maps instead of

grouping them together.

• Prior to Cisco IOS software Release 12.2(18)SXE, the MQC class-default was not supported on

Supervisor 720. This is a minor limitation because the class-default could be emulated with a normal

class configured with an ip permit any rule.

• Omitting the policy parameters in a class causes the class to be handled by software-based CoPP.

Use the police command and set the policy parameters to ensure the class is handled by

hardware-based CoPP.