https://supportforums.cisco.com/docs/DOC-28635

Hi

I can see that you are using match protocol in the class-map class-copp-layer2. This is not supported on SUP720/RSP720

class-map match-any class-copp-layer2

  match protocol arp

  match protocol cdp

Use hardware rate-limters for ARP and lauer 2 PDUs. That  is a better protection mechanism than CoPP Policy

mls qos protocol ARP police

mls rate-limit layer2 pdu

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dos.html

Thanks

Raju

Thanks Rajs, but it worked

1. when I removed Layer2 class map from policy map. and then applied the policy map on the control plan.

2. while policy map remain applied on the control plan, I added the layer 2 class map on the policy map. and It worked. 

However my switch rebooted due to I made changes on the extended ACLs . Ios version was 12.2(50) sy

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=%3Ca%20href='https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCte10790'%20target='_blank'%3ECSCte10790%3C/a%3...CSCte10790

c6500: device crashing on removing ace entry or entire acl

Regards,

Umair

Hi

good to know that the switch allowed to apply the service-policy after removing the layer 2 class-map

but when you added the layer 2 class-map, was the counters incrementing in the show policy-map control-plane output for that class?

ARP is not supported by CoPP in  SUP720. So even if you workaround the error message by adding the class-map after applying service-policy, it may not meet your requirement

MLS rate limiter is the way to rate-limit ARP on SUP720. mls rate-limter is implemented in HW. So that is better mechanism to rate-limit  than CoPP

Thanks

Raju

Hi Raju

Thanks for your comment. It worked on sup-720 and counters incrementing. see below

I tried the configs on sup2t, there comes the same error but as soon as I removed layer2 cdp from the policy map, it was accepted by the switch. Now im a bit skeptical .

//umair

----


#sh policy-map control-plane input class layer2arp-copp-class


Control Plane Interface


  Service-policy input: policy-default-autocopp


  Hardware Counters:


    class-map: layer2arp-copp-class (match-all)
      Match: protocol arp
      police :
        1000 pps 256 limit 256 extended limit
      Earl in slot 1 :
        30289 packets
        5 minute offered rate 14 pps
        aggregate-forwarded 30289 packets
                            action: transmit
        exceeded 0 packets action: transmit
        aggregate-forward 14 pps exceed 0 pps
      Earl in slot 2 :
        27078 packets
        5 minute offered rate 14 pps
        aggregate-forwarded 27078 packets
                            action: transmit
        exceeded 0 packets action: transmit
        aggregate-forward 15 pps exceed 0 pps
      Earl in slot 5 :
        0 packets
        5 minute offered rate 0 pps
        aggregate-forwarded 0 packets
                            action: transmit
        exceeded 0 packets action: transmit
        aggregate-forward 0 pps exceed 0 pps


  Software Counters:


    Class-map: layer2arp-copp-class (match-all)
      122740 packets, 7357728 bytes
      5 minute offered rate 13000 bps, drop rate 0000 bps
      Match: protocol arp
      police:
         rate 1000 pps, burst 256 packets
         peak-rate 1000 pps, peak-burst 256 packets
          conformed 122907 packets, 122907 bytes; action:
            transmit
          exceeded 0 packets, 0 bytes; action:
            transmit
          violated 0 packets, 0 bytes; action:
            transmit
          conformed 27 pps, exceeded 0 pps violated 0 pps

I just noticed, why the value of pps and bytes values are same ?

          conformed 122907 packets, 122907 bytes; action:

Regards,

Umair