[c-nsp] Problem configuring Control Plane Policing (CoPP) on 7200VXR in 12.4

Rodney Dunn rodunn at cisco.com
Wed Dec 21 10:25:42 EST 2005


Ok...we'd need to see the full policy you were trying to apply
to determine what about the policy it wasn't liking.

Rodney

 On Wed, Dec 21, 2005 at 03:37:52PM +0100, Johannes Resch wrote:
> Hi Rodney!
> 
> On Wed, December 21, 2005 14:45, Rodney Dunn said:
> > Can you try 12.4(4)T and see if you see the same problem?
> 
> Exactly the same behaviour there (c7200-spservicesk9-mz.124-4.T.bin).
> 
> 
> > Some things I've looked at seem to imply we didn't support
> > named ACL's for some CoPP configurations until later code.
> > Not sure what the logic was there..
> 
> Problem is, numbered ACLs won't work either.
> I rewrote all ACLs to numbered IP ACLs (range 100-199), and got this:
> 
> router(config-cp)#service-policy input COPP-POLICY
> 'match access-group' not supported on control-plane
> error: failed to install policy map COPP-POLICY
> 
> But:
> I was just testing with a minimal policy (one class, one ACL) and suddenly
> it was possible to assign it as control-plane policy - both using named
> and numbered ACLs.
> So it seems that something in the original policy or classes is the problem.
> (I only used match criteria also listed in the cisco CoPP whitepaper,
> however)
> 
> regards,
> -jr
> 
> > On Wed, Dec 21, 2005 at 12:32:10PM +0100, Johannes Resch wrote:
> >> Hi,
> >>
> >> According to cisco's release notes and feature navigator, IOS 12.4
> >> should
> >> include CoPP features.
> >> I started to build a test setup on a 7204VXR (NPE-G1) and 12.4(3b),
> >> usinge
> >> the image c7200-pk9u2-mz.124-3b.bin ("SERVICE PROVIDER IPSEC 3DES LAWFUL
> >> INTERCEPT").
> >>
> >> I configured extended IP ACLs and classes, based upon the cisco CoPP
> >> whitepaper.
> >> (http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_white_paper09186a0080211f39.shtml)
> >>
> >> But, as soon as I try to actually assign the policy-map, I get:
> >>
> >> router(config-cp)#service-policy input COPP-POLICY
> >> 'match access-group name' not supported on control-plane
> >> error: failed to install policy map COPP-POLICY
> >>
> >> Am I missing anything here?
> >>
> >> Regards,
> >> -jr
> >>
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> >


More information about the cisco-nsp mailing list