[c-nsp] CoPP 4500 XE, ACL counters and capture question
selamat pagi
ketimun at gmail.com
Mon Nov 10 11:59:01 EST 2014
Hi,
I'm working on baselining CoPP on 4500 / Sup7-E, XE 03.03.02.SG
In order to find out what traffic hits the CPU, there are 2 points I'm not
clear about.
1) with "sh access-lists", the counter of ACL defined for CoPP do never
show a hit,
for other ACL on the box, counters increase
I tested with nameds and numbered ACLs, same issue
2) a capturie of data with the command "monitor capture" shows traffic that
should be classified in an other class-map, precinding the captured ACL.
e.g.
defined capture:
"monitor capture COPPIMP control-plane in file location slot0:IMPORT.pcap
size 5 access-list ACL-COPP-IMPORTANT"
policy-map COPP
class COPP-UNDESIRABLE-IPV4
police 32000 1500 conform-action transmit exceed-action transmit
class ACL-COPP-IMPORTANT
police 100000 1500 conform-action transmit exceed-action transmit
With above config, the capture file showstraffic, which should have been
included in the class COPP-UNDESIRABLE-IPV4.
Any idea what's wrong here ?
cheers, keti
More information about the cisco-nsp
mailing list