Configuring Control Plane Policing
Parameters
Default policy
Scale factor
value
Configuring CoPP
This section describes how to configure CoPP.
Configuring a Control Plane Class Map
You must configure control plane class maps for control plane policies.
You can classify traffic by matching packets based on existing ACLs. The permit and deny ACL keywords
are ignored in the matching.
You can configure policies for IP version 4 (IPv4) and IP version 6 (IPv6) packets.
Before you begin
Ensure that you have configured the IP ACLs if you want to use ACE hit counters in the class maps.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Default
9 policy entries
Note
The maximum number of supported policies with associated class
maps is 128.
1.00
configure terminal
class-map type control-plane [match-all | match-any] class-map-name
(Optional) match access-group name access-list-name
(Optional) match exception {ip | ipv6} icmp redirect
(Optional) match exception {ip | ipv6} icmp unreachable
(Optional) match exception {ip | ipv6} option
match protocol arp
exit
(Optional) show class-map type control-plane [class-map-name]
(Optional) copy running-config startup-config
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Purpose
Enters global configuration mode.
Configuring CoPP
473