Greetings. I have an ASR920 (ASR-920-4SZ-A to be precise), which I know is a bit different in various ways from other IOS/IOS-XE. However, I'm experiencing the same confusion on an ASR 1001-X I have. On our 2921 routers, we have CPP enabled in order to drop certain things. The policy-map we have that we apply to the control-plane looks like this:
policy-map CONTROL-PLANE_PMAP class CONTROL-PLANE_CMAP drop
When I go into the policy-map on the ASR920, I don't have a "drop" action.
(config)#policy-map CONTROL-PLANE_PMAP (config-pmap)#class CONTROL-PLANE_CMAP (config-pmap-c)#? Policy-map class configuration commands: bandwidth Bandwidth exit Exit from class action configuration mode no Negate or set default values of a command police Police priority Strict Scheduling Priority for this Class queue-limit Queue Max Threshold for Tail Drop random-detect Enable Random Early Detection as drop policy service-policy Configure QoS Service Policy set Set QoS values shape Traffic Shaping
Unfortunately, "drop" isn't on the list. According to this, it should be. The software version we're running is from 2017:
Cisco IOS XE Software, Version 03.18.03.SP.156-2.SP3-ext Cisco IOS Software, ASR920 Software (PPC_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 15.6(2)SP3, RELEASE SOFTWARE (fc4)
I will upgrade if I know this is an option in the new version. If there is another way to accomplish dropping certain traffic (besides applying an ACL to every interface, which is a last resort) I'm certainly open to that. I did just think of something (a route-map with "ip local policy" but I will still ask my question in case anybody knows why "drop" is not a policy-map option.
1. Log into CLI of DNAC:
ssh maglev@< DNAC appliance IP> -p 2222
2. Run this curl command to get token to get member id:
curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
Purpose of the document
This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C...
Do you currently have hands-on networking experience? If you do, we'd love to hear from you!
Your feedback will be reviewed and analyzed by our team to directly influence a networking management and monitoring product.
Take the 20-min or les...