Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
0
Replies

CoPP Control Plane Policing Default Class

UncleJP
Level 1
Level 1

‎06-04-2020 06:34 AM

Studying for ENCOR, I came across this material on CoPP. The bolded text is what confused me. Why would you reverse the access lists from permit to deny? It seems like the embedded packet capture is all you need to discover what traffic is associating with the default class. 

 

Any input is appreciated

 

CoPP material:

 

Verifying the CoPP Policy
After the policy map has been applied to the control plane, it needs to be verified.
In Example 26-37, traffic matching CLASS-CoPP-Routing has exceeded the
configured rate. In addition, the default class sees traffic. To identify what is
happening, EPC could be used again to tweak the policies, if necessary. This
time, the access lists can be reversed from permit to deny as the filter to gather
unexpected traffic.

 


Example 26-37 Verifying the Policy for CoPP
R1# show policy-map control-plane input
Control Plane
Service-policy input: POLICY-CoPP
Class-map: CLASS-CoPP-ICMP (match-all)
154 packets, 8912 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name ACL-CoPP-ICMP
police:
cir 8000 bps, bc 1500 bytes, be 1500 bytes
conformed 154 packets, 8912 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
transmit
violated 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: CLASS-CoPP-IPsec (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name ACL-CoPP-IPsec
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
transmit
violated 0 packets, 0 bytes; actions:
transmit
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: CLASS-CoPP-Initialize (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name ACL-CoPP-Initialize
police:
cir 8000 bps, bc 1500 bytes, be 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
transmit
violated 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: CLASS-CoPP-Management (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name ACL-CoPP-Management
police:
cir 32000 bps, bc 1500 bytes, be 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
transmit
violated 0 packets, 0 bytes; actions:
transmit
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: CLASS-CoPP-Routing (match-all)
92 packets, 123557 bytes
5 minute offered rate 4000 bps, drop rate 0000 bps
Match: access-group name ACL-CoPP-Routing
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 5 packets, 3236 bytes; actions:
transmit
exceeded 1 packets, 1383 bytes; actions:
transmit
violated 86 packets, 118938 bytes; actions:
transmit
conformed 1000 bps, exceeded 1000 bps, violated 4000 bps
Class-map: class-default (match-any)
56 packets, 20464 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: any
police:
cir 8000 bps, bc 1500 bytes, be 1500 bytes
conformed 5 packets, 2061 bytes; actions:
transmit

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card