Table of Contents
Advertisement
Control Plane Protection
Related Topics
Changing or Reapplying the Default CoPP Policy, on page 133
Default Class Maps - For Cisco NX-OS Release 7.0(3)I3(1)
The copp-system-class-critical class has the following configuration:
class-map type control-plane match-any copp-system-p-class-critical
match access-group name copp-system-p-acl-bgp
match access-group name copp-system-p-acl-rip
match access-group name copp-system-p-acl-vpc
match access-group name copp-system-p-acl-bgp6
match access-group name copp-system-p-acl-ospf
match access-group name copp-system-p-acl-rip6
match access-group name copp-system-p-acl-eigrp
match access-group name copp-system-p-acl-ospf6
match access-group name copp-system-p-acl-eigrp6
match access-group name copp-system-p-acl-auto-rp
match access-group name copp-system-p-acl-mac-l3-isis
The copp-system-class-exception class has the following configuration:
class-map type control-plane match-any copp-system-p-class-exception
match exception ip option
match exception ip icmp unreachable
match exception ipv6 option
match exception ipv6 icmp unreachable
The copp-system-class-exception-diag class has the following configuration:
class-map type control-plane match-any copp-system-p-class-exception-diag
match exception ttl-failure
match exception mtu-failure
The copp-system-class-important class has the following configuration:
class-map type control-plane match-any copp-system-p-class-important
match access-group name copp-system-p-acl-hsrp
match access-group name copp-system-p-acl-vrrp
match access-group name copp-system-p-acl-hsrp6
match access-group name copp-system-p-acl-vrrp6
match access-group name copp-system-p-acl-mac-lldp
The copp-system-class-l2-default class has the following configuration:
class-map type control-plane match-any copp-system-p-class-l2-default
match access-group name copp-system-p-acl-mac-undesirable
The copp-system-class-l2-unpoliced class has the following configuration:
class-map type control-plane match-any copp-system-p-class-l2-unpoliced
match access-group name copp-system-p-acl-mac-stp
match access-group name copp-system-p-acl-mac-lacp
match access-group name copp-system-p-acl-mac-cfsoe
match access-group name copp-system-p-acl-mac-sdp-srp
match access-group name copp-system-p-acl-mac-l2-tunnel
match access-group name copp-system-p-acl-mac-cdp-udld-vtp
The copp-system-class-l3mc-data class has the following configuration:
class-map type control-plane match-any copp-system-p-class-l3mc-data
match exception multicast rpf-failure
match exception multicast dest-miss
The copp-system-class-l3uc-data class has the following configuration:
class-map type control-plane match-any copp-system-p-class-l3uc-data
match exception glean
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
114
Configuring Control Plane Policing
Hide quick links:
Advertisement
Table of Contents
