Concept Guide
Conguring CoPP for Protocols
This section lists the commands necessary to create and enable the service-policies for CoPP.
For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) and Quality of Service (QoS).
The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the desired protocol type. Then,
create a QoS input policy to rate-limit the protocol tracs according to the ACL. The ACL and QoS policies are nally assigned to a control-
plane service policy for each port-pipe.
1 Create a Layer 2 extended ACL for control-plane trac policing for a particular protocol.
CONFIGURATION mode
mac access-list extended name cpu-qos
permit {arp | frrp | gvrp | isis | lacp | lldp | stp}
2 Create a Layer 3 extended ACL for control-plane trac policing for a particular protocol.
CONFIGURATION mode
ip access-list extended name cpu-qos
permit {bgp | dhcp | dhcp-relay | ftp | icmp | igmp | mcast-catch-all | msdp | ntp | ospf |
pim | ip | ssh | telnet | vrrp}
3 Create an IPv6 ACL for control-plane trac policing for a particular protocol.
CONFIGURATION mode
ipv6 access-list name cpu-qos
permit {bgp | icmp | vrrp}
4 Create a QoS input policy for the router and assign the policing.
CONFIGURATION mode
qos-policy-input name
cpu-qos rate-police rate-police-value
5 Create a QoS class map to dierentiate the control-plane trac and assign to an ACL.
CONFIGURATION mode
class-map match-any name
cpu-qos match {ip | mac | ipv6} access-group name
6 Create a QoS input policy map to match to the class-map and qos-policy for each desired protocol.
CONFIGURATION mode
policy-map-input name
cpu-qos class-map name qos-policy name
7 Enter Control Plane mode.
CONFIGURATION mode
control-plane-cpuqos
8 Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL
and QoS rules creates with the cpu-qos keyword.
Control Plane Policing (CoPP)
267