[c-nsp] All multicast punting to CPU on 6500

Robert Williams Robert at CustodianDC.com
Sun Dec 16 11:00:14 EST 2012


Sorry ignore my last, I had the documentation for 15M open, this box is running 12SX and that doesn't support it, typically.

If anyone has any other suggestions or alternative ideas then do let me know - cheers!



Robert Williams
Custodian Data Centre
Email: Robert at CustodianDC.com
http://www.CustodianDC.com


Robert Williams
Backline / Operations Team
Custodian DataCentre
tel: +44 (0)1622 230382
email: Robert at CustodianDC.com
http://www.custodiandc.com/disclaimer.txt

-----Original Message-----
From: Robert Williams
Sent: 16 December 2012 15:27
To: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] All multicast punting to CPU on 6500

Hi,

I've now tried the MAC filtering at the CoPP level. Cisco documentation says "MAC-based matching is done in software only" - which is slightly better than allowing the CPU to process it unnecessarily (correct me if I'm wrong there?).

So to attempt to catch the traffic at the Software CoPP level I've setup a very basic class:



mac access-list extended CoPP-MC-MAC
  permit   any 0100.5e00.0000 0000.00ff.ffff

class-map match-any CoPP-MC-MAC
  match access-group name CoPP-MC-MAC

policy-map CoPP
  class CoPP-MC-MAC
   police 32000 4470 4470    conform-action transmit     exceed-action drop



It applies without error, however, I'm not getting any matches against the policy.

Clearly I'm destined to work on this all day! Any pointers welcome, cheers...




More information about the cisco-nsp mailing list