Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
51525354555657585960
57
OL-11615-01
Currently, multicast packets are handled only by the software-based CoPP at the RP level. However,
there are CPU rate limiters available that can rate limit multicast packets to the CPU in hardware.
These CPU rate limiters include the Multicast FIB-miss rate limiter and the Multicast Partial-SC rate
limiter. These CPU rate limiters can be used in combination with ACLs and software CoPP to
provide protection against multicast and DoS attacks.
CoPP is not supported in hardware for broadcast packets. The combination of ACLs, traffic storm
control, and CoPP software protection provides protection against broadcast DoS attacks.
With PFC3A, egress QoS and CoPP cannot be configured at the same time. In this situation, CoPP
is performed in software, and a warning message is generated.
In the rare situation where a large QoS configuration is being used, it is possible that the system
could run out of TCAM space. When this scenario occurs, CoPP can be performed in software. Use
the show platform hardware capacity command to monitor TCAM space.
You must ensure that the CoPP policy does not filter critical traffic such as routing protocols or
interactive access to the switches. Filtering this traffic could prevent remote access to the switch,
requiring a console connection.
Supervisor Engines 32 and 720 support built-in special-case rate limiters, which are useful for
situations where an ACL cannot be used (for example, TTL, MTU, and IP options). When you
enable the special-case rate limiters, you should be aware that the special-case rate limiters will
override the CoPP policy for packets matching the rate-limiter criteria.
CoPP does not support ACEs with the log keyword.
CoPP uses hardware QoS TCAM resources. Use the show platform hardware capacity and show
tcam utilization commands to verify the TCAM use.
ACE hit counters in hardware are only for ACL logic. You can rely on software ACE hit counters
and the show access-list, show policy-map control-plane, and show mls ip qos commands to
troubleshoot evaluate CPU traffic.
CoPP on Catalyst 4500
The Catalyst 4500 Series switches support CoPP on all supervisor engines compatible with Cisco IOS
release 12.2(31)SG. In this platform CoPP is implemented in hardware in a centralized, non-distributed
fashion. CoPP policies are centrally configured under the control-plane configuration mode, and then
enforced in hardware by the classification TCAM and QoS policers of the supervisor engine. This CoPP
model is shown in
Figure 5.