[c-nsp] Problem configuring Control Plane Policing (CoPP) on 7200VXR in 12.4

Johannes Resch jr at xor.at
Wed Dec 21 09:37:52 EST 2005


Hi Rodney!

On Wed, December 21, 2005 14:45, Rodney Dunn said:
> Can you try 12.4(4)T and see if you see the same problem?

Exactly the same behaviour there (c7200-spservicesk9-mz.124-4.T.bin).


> Some things I've looked at seem to imply we didn't support
> named ACL's for some CoPP configurations until later code.
> Not sure what the logic was there..

Problem is, numbered ACLs won't work either.
I rewrote all ACLs to numbered IP ACLs (range 100-199), and got this:

router(config-cp)#service-policy input COPP-POLICY
'match access-group' not supported on control-plane
error: failed to install policy map COPP-POLICY

But:
I was just testing with a minimal policy (one class, one ACL) and suddenly
it was possible to assign it as control-plane policy - both using named
and numbered ACLs.
So it seems that something in the original policy or classes is the problem.
(I only used match criteria also listed in the cisco CoPP whitepaper,
however)

regards,
-jr

> On Wed, Dec 21, 2005 at 12:32:10PM +0100, Johannes Resch wrote:
>> Hi,
>>
>> According to cisco's release notes and feature navigator, IOS 12.4
>> should
>> include CoPP features.
>> I started to build a test setup on a 7204VXR (NPE-G1) and 12.4(3b),
>> usinge
>> the image c7200-pk9u2-mz.124-3b.bin ("SERVICE PROVIDER IPSEC 3DES LAWFUL
>> INTERCEPT").
>>
>> I configured extended IP ACLs and classes, based upon the cisco CoPP
>> whitepaper.
>> (http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_white_paper09186a0080211f39.shtml)
>>
>> But, as soon as I try to actually assign the policy-map, I get:
>>
>> router(config-cp)#service-policy input COPP-POLICY
>> 'match access-group name' not supported on control-plane
>> error: failed to install policy map COPP-POLICY
>>
>> Am I missing anything here?
>>
>> Regards,
>> -jr
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>




More information about the cisco-nsp mailing list