01-07-2009 07:05 AM - edited 03-06-2019 03:17 AM
Hi,
According to the following:
in order to help tighten a CoPP Policy:
"...Step 3. Review Identified Packets and Begin to Filter Access to the Route Processor
... The "permit ip any any" access-list entry will log a number of packet matches. Some form of analysis will be required to determine the exact nature of the unclassified packets."
Has anyone any idea how determine what kind of traffic is matching on the catchall class i.e 'permit ip any any'. In other words, define 'some form of analysis' mentioned above?
Any help appreciated.
Thanks,
Mark
01-07-2009 08:11 AM
I think you can add "permit ip any any log" then system should write a log message when there is a packet match this entry. You can check by "show log" if the logging buffer is turned on.
01-07-2009 08:20 AM
Hi Kevin,
Thanks for the response.
I get the following in 12.4(21a)i.e c7200-ik9s-mz.124-21a.bin on 7204VXR
ROUTER(config-ext-nacl)#9 permit tcp any 192.168.0.0 0.0.1.255 eq telnet log
class-map CoPP-post-undesirable : access-list with 'log' not supported, pls remove 'log' from access-list otherwise class-map CoPP-post-undesirable will not work properly
ROUTER(config-ext-nacl)#
I may be wrong here, but, from what I can see in the doc, I may need Control Plane Logging:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_cpl.html
Seems to require a 12.4T image also, going by Feature Navigator.
I hope I'm wrong (and I probably am...)
Thanks,
Mark
01-07-2009 08:29 AM
Hi Mark,
You are right. It looks like ACL for CoPP is handled in a different way. The feature you found should work for you.
I am not aware of any other way to capture the packet punted to CPU in 7204 router. But in 7600 router we could do a inband SPAN to capture those packets.
Thanks for pointing this out.
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide