06-27-2012 07:30 AM - edited 03-07-2019 07:29 AM
I am trying to police cdp traffic (amound other traffic types) on my border routers 2800 series.
When I setup the class-map to include cdp I receive an error.
class-map COPP_4
match protocol arp
match protocol cdp
Unsupported protocol in 'match protocol'
Here is the policer configlet:
class COPP_4
police 256000 4000 conform-action transmit exceed-action drop
I see some folks mention layer-2 protocols ALWAYS fall into the class-default, but arp is accepted (without error) so I am not sure.
Any ideas?
Tks
Frank
06-27-2012 08:30 AM
Hi there,
try using this match clause under the class-map: match access-group name system-cpp-cdp see if you have this predifined ACL for cdp, not sure if its there for C2800 !
HTH
plz Rate if it helped,
Soroush.
06-27-2012 09:45 AM
Nada; I also checked my ASR1002 routers 15.x IOS and the match access-group name syntax exist but no preconfigured names (system-cpp-cdp) exist. Is there something I need to enable first to have the preconfigured options to show up?
Tks
Frank
06-27-2012 12:03 PM
actually i've seen this work on cisco 4500 chasis. wasnt sure if ur device supports it.
by the way I did extensive research n could not find a thing to match CDP in a class map, i think what u said earlier, class-default is where u got CDP. bind the service policy to control-plane cef-exception.
i think its best to limit ARP and other packets for CoPP using pps rate (packet per sec.) instead of bit rate, in policy-map.
Hope it Helps,
Soroush.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide