Restrictions for CoPP
Restrictions for control plane policing (CoPP) include the following:
Only ingress CoPP is supported. The system-cpp-policy policy-map is available on the control plane interface, and only in the ingress direction.
Only the system-cpp-policy policy-map can be installed on the control plane interface.
The system-cpp-policy policy-map and the system-defined classes cannot be modified or deleted.
Only the police action is allowed under the system-cpp-policy policy-map. The police rate for system-defined classes must be configured only in packets per second (pps); for user-defined class maps this must be configured only in bits per second (bps).
When setting the policer rate, note that a clock frequency limitation causes differences in the
default rateand the
set ratevalues displayed for some classes (even if you set the default rate for all classes). See the User-Configurable Aspects of CoPP and Example: Setting the Default Policer Rates for All CPU Queues topics in this chapter for more information.
One or more CPU queues are part of each class-map. Where multiple CPU queues belong to one class-map, changing the policer rate of a class-map affects all CPU queues that belong to that class-map. Similarly, disabling the policer in a class-map disables all queues that belong to that class-map. See Table: System-Defined Values for CoPP for information about which CPU queues belong to each class-map.
The show run command does not display information about classes configured under
system-cpp policy, when they are left at default values. Use the show policy-map system-cpp-policy or the show policy-map control-plane commands instead.
You can continue use the show run command to display information about custom policies.