[c-nsp] sup720 protection on the 6500/7600

[Saku Ytti]

On (2007-02-18 03:17 +0100), Gert Doering wrote:

> On Sat, Feb 17, 2007 at 08:30:16PM +0200, Saku Ytti wrote:
> > CSCsf96383 - Fails to program CoPP at hardware, ran only in MSFC.
> 
> How can you see whether CoPP is done in hardware or not?

I'll raise you one, attached is the silly little perl script
to check it. It's essentially two commands 'show vlan internal  usage | i
Control Plane Protection' to check which VLAN is used for CoPP and
then 'remote command switch show tcam interface vlan $vlan qos type2 ip | i
MAU' to check how many rules are in hardware.

I run it like this in crontab:
45 07 * * * for a in $(/usr/local/bin/cgrep -c -t P "^\!Chassis type:.*7600
router"|grep $DOMAIN); do /home/ytti/bin/chkCoPP $a|mail -e -a "From:
chkCoPP script <ytti@$DOMAIN>" -s "CoPP in $a is not properly programmed"
ytti@$DOMAIN; done

-- 
  ++ytti
-------------- next part --------------
#!/usr/bin/perl -w

use strict;

my $login='foo';
my $pass='baz';

my $node = shift(@ARGV);
if(not $node) { print "node not given\nUsage: $0 node\nn"; exit 42; }

use Net::Telnet::Cisco;

my @o;
my $t=Net::Telnet::Cisco->new(host=>$node);
$t->login($login, $pass);
$t->cmd('term len 0');
@o=$t->cmd("show vlan internal  usage | i Control Plane Protection");
my ($vlan)=$o[0]=~/^([\d]+)/;
@o=$t->cmd("remote command switch show tcam interface vlan $vlan qos type2 ip | i MAU");
my $lines=scalar(@o)-1;
if($lines==0) { print "CoPP not programmed to hardware\n"; }
elsif($lines<50) { print "less than expected amount of CoPP rules in hardware\n"; }
$t->close();