[c-nsp] How to CoPP (Control Plane Policing) configuration?
PlaWanSai RMUTT CPE IX
pws_admin at thaicpe.com
Thu Jun 13 23:24:30 EDT 2013
I can't apply policy. Why?
test-co3600--33(config)#control-plane
test-co3600--33(config-cp)#service-policy input CoPP2
Only eq operator supported for Control Plane policy
QoS: Configuration failed. Invalid class params
QoS: Control plane policy invalid
error: failed to install policy map CoPP2
test-co3600--33(config-cp)#
policy-map CoPP2
class CoPP-NORMAL
police 3000000 93750 conform-action transmit exceed-action drop
class-map match-all CoPP-NORMAL
match access-group 122
access-list 122 remark *** ACL for CoPP-NORMAL
access-list 122 permit icmp any any ttl-exceeded
access-list 122 permit icmp any any port-unreachable
access-list 122 permit icmp any any echo-reply
access-list 122 permit icmp any any echo
Thank you very much.
-----Original Message-----
From: Luis Anzola [mailto:anzolex at gmail.com]
Sent: Friday, June 14, 2013 10:03 AM
To: PlaWanSai RMUTT CPE IX
Cc: Mack McBride; <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] How to CoPP (Control Plane Policing) configuration?
Hi Folks,
One of the best practices is to configure your policies in a OPEN fashion
with no drops, allowing all traffic pointing to the CPU so that you can take
advantage of the QoS MIBs to monitor and get after a period of time a
baseline which you can use to create the right policing at the control
plane.
Best regards,
Sent from my iPhone
On Jun 13, 2013, at 9:47 PM, PlaWanSai RMUTT CPE IX <pws_admin at thaicpe.com>
wrote:
> Can I use this for determining?
> http://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/software/
> releas
> e/15.2_2_S/configuration/guide/swcopp.html#wp1166449
> Now, I separated to 5 access-lists.
> 1. For LDP and BGP.
> 2. For telnet, SSH, SNMP, NTP, TACACS, ftp, and TFTP.
> 3. For ICMP.
> 4. For traffic that fragments.
> 5. For All
> I don't know these are enough. And What is a number should be use for
> police each access-list?
>
> Thank you very much.
>
> -----Original Message-----
> From: Mack McBride [mailto:mack.mcbride at viawest.com]
> Sent: Friday, June 14, 2013 1:22 AM
> To: PlaWanSai RMUTT CPE IX; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] How to CoPP (Control Plane Policing) configuration?
>
> First step is determining what is actually hitting your control plane
> and what the maximum traffic levels for that traffic should be.
>
> For some platforms like the 6500 you have to deal with traffic
> requiring ARP And ICMP responses as well as what should be hitting the
> cpu for control and routing protocols. There are also spanning-tree
> packets and other things that have to be accounted for.
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf
> Of PlaWanSai RMUTT CPE IX
> Sent: Thursday, June 13, 2013 3:03 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] How to CoPP (Control Plane Policing) configuration?
>
> Could you please how to CoPP (Control Plane Policing) configuration?
>
> It has a best practice for each model?
>
> Now, I want configuration for ME-3600x.
>
>
>
> Thank you very much.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list