[c-nsp] Baseline CoPP policies?

Sun Jul 26 03:14:05 EDT 2009

Here are a couple of links that helped me out when I needed it the first time

This one contains some info about CoPP, thought it's quite an old document, it's still relevant
http://aharp.ittns.northwestern.edu/papers/copp.html

You may also consider securing the device all around, not only by CoPP, here's some useful info about Cisco security, this one is maintained and updated regularly.
http://www.cymru.com/Documents/secure-ios-template.html

Hope this helps
Ziv

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Roland Dobbins
Sent: Saturday, July 25, 2009 5:25 PM
To: Cisco-nsp
Subject: Re: [c-nsp] Baseline CoPP policies?

On Jul 25, 2009, at 7:54 PM, <nasir.shaikh at bt.com>  
<nasir.shaikh at bt.com> wrote:

> So I am thinking that an iACL on the interface should also be  
> sufficient till I have had
> the time to develop and test the CoPP config.

Correct - and if you're running a Sup720, so that ACL counters work,  
you can put in some permits prior to your denies so that the iACL  
serves as a classification ACL for CoPP.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

         Unfortunately, inefficiency scales really well.

		   -- Kevin Lawton

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************