Control Plane Policing CDP

fsebera · ‎06-27-2012

I am trying to police cdp traffic (amound other traffic types) on my border routers 2800 series.

When I setup the class-map to include cdp I receive an error.

class-map COPP_4

match protocol arp

match protocol cdp

Unsupported protocol in 'match protocol'

Here is the policer configlet:

class COPP_4

police 256000 4000 conform-action transmit exceed-action drop

I see some folks mention layer-2 protocols ALWAYS fall into the class-default, but arp is accepted (without error) so I am not sure.

Any ideas?

Tks

Frank

smehrnia · ‎06-27-2012

Hi there,

try using this match clause under the class-map: match access-group name system-cpp-cdp see if you have this predifined ACL for cdp, not sure if its there for C2800 !

HTH

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.

fsebera · ‎06-27-2012

Nada; I also checked my ASR1002 routers 15.x IOS and the match access-group name syntax exist but no preconfigured names (system-cpp-cdp) exist. Is there something I need to enable first to have the preconfigured options to show up?

Tks

Frank

smehrnia · ‎06-27-2012

actually i've seen this work on cisco 4500 chasis. wasnt sure if ur device supports it.

by the way I did extensive research n could not find a thing to match CDP in a class map, i think what u said earlier, class-default is where u got CDP. bind the service policy to control-plane cef-exception.

i think its best to limit ARP and other packets for CoPP using pps rate (packet per sec.) instead of bit rate, in policy-map.

Hope it Helps,

Soroush.

Hope it Helps!

Soroush.