Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
797
Views
15
Helpful
4
Replies

5548uo copp not working

blackmetal
Level 1
Level 1

‎09-30-2020 08:36 AM

Hello,

i have a N5K-5548UP-AF and it supports only 3 copp rules which available in system, the problem is when someone from inside or from outside (internet) send tcp syn attacks udp flood,... to the switch my cpu will be %100,

how can i protect my control plane?

if i want to use acl on my uplink and downlink to my accesss witch i should add 900-1k ip address (because i have different gateways) and make my works really hard.

THank you.

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎09-30-2020 08:58 AM

Hi,

Is the 5548 facing the Internet directly? Are you using private IPs or public?

 

HTH

blackmetal
Level 1
Level 1

‎09-30-2020 09:01 AM

yes it has bgp and my interface vlan ips are reachable from internet, but this is not important because if someone send attacks from inside to my gateway i face the same issue,

thank you.

Reza Sharifi
Hall of Fame
Hall of Fame
In response to blackmetal

‎09-30-2020 11:47 AM

What type of attacks are they? If it is ICMP, you can use an access list to make sure the IPs on the switch are no responding to ICMP.

HTH

blackmetal
Level 1
Level 1

‎09-30-2020 11:55 AM

they are different type of attack such as udp flood, syn ...

i am curoius why does copp on 5548up does not mitigate and shape them?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card