Solved: Cannot edit control-plane policy

Colin Higgins · ‎04-09-2018

I have a Catalyst 3650 switch running 16.3 code, and I want to edit the system-cpp-policy that is attached to the control-plane by default

Because of a security advisory, I need to drop udp 18999 traffic on the switch.

So I created a class-map for the traffic called undesirable-udp, but when I go to the system-cpp-policy and try to apply that map with a drop action, I get the following message

"undesirable-udp is not a valid class in system-cpp-policy: class rejected"

anyone know what is going on here?

Reza Sharifi · ‎04-09-2018

The system-cpp-policy can't be deleted or modified.

Have a look at this link and see section "restrictions for CoPP"

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-1/configuration_guide/b_161_consolidated_3850_cg/b_161_consolidated_3850_cg_chapter_01011101.pdf

HTH

View solution in original post

Reza Sharifi · ‎04-09-2018

The system-cpp-policy can't be deleted or modified.

Have a look at this link and see section "restrictions for CoPP"

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-1/configuration_guide/b_161_consolidated_3850_cg/b_161_consolidated_3850_cg_chapter_01011101.pdf

HTH

Colin Higgins · ‎04-09-2018

So I would have to remove the system-cpp-policy altogether and apply a different policy on the control plane?