Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
51525354555657585960
60
OL-11615-01
Step 5 After the traffic is classified, you apply a policy action to each class, indicating whether to permit all
packets, to drop all packets, or to drop packets crossing a specified rate limit for that particular class. To
apply these policy actions use the policy-map command, which has the following syntax:
Switch(config)# policy-map system-cpp-policy
The policy-map command defines the policy map name and enables a configuration mode for defining
the policy. Remember that only the system-cpp-policy policy-map can be attached to the control-plane.
You then use the class command to associate one or more traffic classes with the policy. You use the
police command to define the policy action to apply. The syntax for these commands is as follows:
Switch(config-pmap)# class <
class-map-name
>
Switch(config-pmap-c)# police [aggregate
name
]
rate burst
[conform-action {drop |
transmit}] [{exceed-action {drop | transmit}}]
Catalyst 4500 Series Switch CoPP Considerations and Restrictions
The following are important considerations and known restrictions that should be taken into account
prior configuring CoPP:
Only ingress CoPP is supported, so only the input keyword is supported in control-plane related
CLIs.
Use the system-defined class maps for policing control plane traffic.
ARP support is limited to Gratuitous ARPs (destination MAC in the 0180.C200.0020 -
0180.C200.002F range). Broadcast ARPs are not currently supported by CoPP.
Control plane traffic can be policed only using CoPP. Traffic cannot be policed at the input interface
or VLAN even though a policy-map containing the control-plane traffic is accepted when the
policy-map is attached to an interface or VLAN.
System-defined class maps cannot be used in policy-maps for regular QoS.
Use ACLs and class-maps to identify data plane and management plane traffic that are handled by
CPU. User-defined class maps should be added to the system-cpp-policy policy-map for CoPP.
The policy-map named system-cpp-policy is dedicated for CoPP. When attached to the
control-plane, it cannot be detached.
The default system-cpp-policy map does not define actions for the system-defined class maps, which
means no policing.
The only action supported in system-cpp-policy policy-map is police.
Do not use the log keyword in the CoPP policy ACLs.
Both MAC and IP ACLs can be used to define data plane and management plane traffic classes.
However, if a packet also matches a pre-defined ACL for the control plane traffic, the police action
(or no police action) of the control plane class will be taken as the control plane classes appear above
user-defined classes in the service policy. This is the same MQC semantic.
The exceeding action policed-dscp-transmit is not supported for CoPP.
CoPP is not enabled unless the global QoS is enabled and police action is specified.