Strict Default Copp Policy - For Cisco Nx-Os Release 7.0(3)I3(1 - Cisco Nexus 3600 NX-OS Security Configuration Manual

page of 154

/ 154
Contents
Table of Contents
Bookmarks

Table of Contents

Control Plane Protection

The copp-system-class-normal-igmp class has the following configuration:

class-map type control-plane match-any copp-system-p-class-normal-igmp

match access-group name copp-system-p-acl-igmp

The copp-system-class-redirect class has the following configuration:

class-map type control-plane match-any copp-system-p-class-redirect

match access-group name copp-system-p-acl-ptp

The copp-system-class-undesirable class has the following configuration:

class-map type control-plane match-any copp-system-p-class-undesirable

match access-group name copp-system-p-acl-undesirable

match exception multicast sg-rpf-failure

The copp-system-class-fcoe class has the following configuration:

class-map type control-plane match-any copp-system-p-class-fcoe

match access-group name copp-system-p-acl-mac-fcoe

The copp-system-class-fcoe class is not supported for Cisco Nexus 9200 Series switches.

Note

Strict Default CoPP Policy - For Cisco NX-OS Release 7.0(3)I3(1)

On Cisco Nexus 9200 Series switches, the strict CoPP policy has the following configuration:

policy-map type control-plane copp-system-p-policy-strict

class copp-system-p-class-l3uc-data

set cos 1

police cir 800 kbps bc 32000 bytes conform transmit violate drop

class copp-system-p-class-critical

set cos 7

police cir 36000 kbps bc 1280000 bytes conform transmit violate drop

class copp-system-p-class-important

set cos 6

police cir 2500 kbps bc 1280000 bytes conform transmit violate drop

class copp-system-p-class-multicast-router

set cos 6

police cir 2600 kbps bc 128000 bytes conform transmit violate drop

class copp-system-p-class-management

set cos 2

police cir 10000 kbps bc 32000 bytes conform transmit violate drop

class copp-system-p-class-multicast-host

set cos 1

police cir 1000 kbps bc 128000 bytes conform transmit violate drop

class copp-system-p-class-l3mc-data

set cos 1

police cir 2400 kbps bc 32000 bytes conform transmit violate drop

class copp-system-p-class-normal

set cos 1

police cir 1400 kbps bc 32000 bytes conform transmit violate drop

class copp-system-p-class-ndp

set cos 6

police cir 1400 kbps bc 32000 bytes conform transmit violate drop

class copp-system-p-class-normal-dhcp

set cos 1

police cir 1300 kbps bc 32000 bytes conform transmit violate drop

class copp-system-p-class-normal-dhcp-relay-response

set cos 1

police cir 1500 kbps bc 64000 bytes conform transmit violate drop

class copp-system-p-class-normal-igmp

set cos 3

police cir 3000 kbps bc 64000 bytes conform transmit violate drop

class copp-system-p-class-redirect

set cos 1

police cir 280 kbps bc 32000 bytes conform transmit violate drop

Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x

116

Configuring Control Plane Policing

Table of Contents

Show Quick Links

Quick Links:
Authentication, Authorization, and Accounting
Ssh and Telnet

Hide quick links:

Table of Contents

Strict Default Copp Policy - For Cisco Nx-Os Release 7.0(3)I3(1 - Cisco Nexus 3600 NX-OS Security Configuration Manual

Strict Default CoPP Policy - For Cisco NX-OS Release 7.0(3)I3(1)

Hide quick links:

Related Manuals for Cisco Nexus 3600 NX-OS

Related Content for Cisco Nexus 3600 NX-OS

Table of Contents