Quality of Service (QoS) Configuration Guide, Cisco IOS XE Fuji 16.8.x (Catalyst 9400 Switches)

Restrictions for CoPP

Restrictions for control plane policing (CoPP) include the following:

Only ingress CoPP is supported. The system-cpp-policy policy-map is available on the control place interface, only in the ingress direction.  
Only the system-cpp-policy policy-map can be installed on the control plane interface.
The system-cpp-policy policy-map and the seventeen system-defined classes cannot be modified or deleted.
Only the police action is allowed under the system-cpp-policy policy-map. Further, the police rate can be configured only in packets per second (pps).
Removing the policer rate configuration, disables CoPP on all affected queues.

Information About Control Plane Policing

This chapter describes how control plane policing (CoPP) works on your device and how to configure it.

CoPP Overview

The CoPP feature improves security on your device by protecting the CPU from unnecessary traffic, or DoS traffic, and by prioritizing control plane and management traffic.

Your device is typically segmented into three planes of operation, each with its own objective:

The data plane, to forward data packets.
The control plane, to route data correctly.
The management plane, to manage network elements.

You can use CoPP to protect most of the CPU-bound traffic and ensure routing stability, reachability, and packet delivery. Most importantly, you can use CoPP to protect the CPU from a DoS attack.

CoPP uses the modular QoS command-line interface (MQC) and CPU queues to achieve these objectives. Different types of control plane traffic are grouped together based on certain criteria, and assigned to a CPU queue. You can manage these CPU queues by configuring dedicated policers in hardware. For example, you can modify the policer rate for certain CPU queues (traffic-type), or you can disable the policer for a certain type of traffic.

Although the policers are configured in hardware, CoPP does not affect CPU performance or the performance of the data plane. But since it limits the number of packets going to CPU, the CPU load is controlled. This means that services waiting for packets from hardware may see a more controlled rate of incoming packets (the rate being user-configurable).

System-Defined Aspects of CoPP

When you power-up the device for the first time, the system automatically performs the following tasks:

It looks for policy-map system-cpp-policy . If it does not detect this policy-map, it creates and installs it on the control-plane.
It creates seventeen class-maps under system-cpp-policy .

The next time you power-up the device, the system detects the policy and class maps that have already been created.
Once the policy is installed, sixteen (out of the thirty-two) CPU queues are enabled by default with their respective default rate. The CPU queues enabled by default and their default rates are indicated in the table System-Defined Values for CoPP.
In Cisco IOS XE Everest 16.6.1, CoPP is enabled on all queues by default. Users must increase the CPU punt rate, and the policer rate under the system-cpp-policy.

The following table lists the class-maps that the system creates when you load the device. It lists the policer that corresponds to each class-map and one or more CPU queues that are grouped under each class-map. There is a one-to-one mapping of class-maps to policers; and one or more CPU queues map to a class-map.

Table 1. System-Defined Values for CoPP
Class Maps Names	Policer Index (Policer No.)	CPU queues (Queue No.)	CPU Queues Enabled by Default	Default Policer Rate—in packets per second (pps)
system-cpp-police-control -low-priority	WK_CPP_POLICE_CONTROL _LOW_PRI(3)	WK_CPU_Q_ICMP_REDIRECT(6) WK_CPU_Q_GENERAL_PUNT(25)	No	500
system-cpp-police-data	WK_CPP_POLICE_DATA(0)	WK_CPU_Q_ICMP_GEN(3) WK_CPU_Q_BROADCAST(12)	Yes	200
system-cpp-default	WK_CPP_POLICE_DEFAULT _POLICER	WK_CPU_Q_DHCP_SNOOPING WK_CPU_Q_SHOW_FORWARD	No	1000
system-cpp-police-dot1x-auth	WK_CPP_POLICE_DOT1X(11)	WK_CPU_Q_DOT1X_AUTH(0)	No	1000
system-cpp-police-forus	WK_CPP_POLICE _FORUS(14)	WK_CPU_Q_FORUS_ADDR _RESOLUTION(5) WK_CPU_Q_FORUS_TRAFFIC(2)	No	1000
system-cpp-police-l2-control	WK_CPP_POLICE_L2 _CONTROL(1)	WK_CPU_Q_L2_CONTROL(1)	No	500
system-cpp-police-l2lvx-control
system-cpp-police-multicast	WK_CPP_POLICE _MULTICAST(9)	WK_CPU_Q_TRANSIT_TRAFFIC(18) WK_CPU_Q_MCAST_DATA(30)	Yes	500
system-cpp-police-multicast- end-station	WK_CPP_POLICE _MULTICAST_SNOOPING(15)	WK_CPU_Q_MCAST_END_ STATION_SERVICE(20)	Yes	200
system-cpp-police- protocol-snooping	WK_CPP_POLICE_PR	WK_CPU_Q_PROTO_ SNOOPING(16)	No	500
system-cpp-police- punt-webauth	WK_CPP_POLICE_ PUNT_WEBAUTH(7)	WK_CPU_Q_ PUNT_WEBAUTH(22)	No	1000
system-cpp-police- routing-control	WK_CPP_POLICE_ ROUTING_ CONTROL(2)	WK_CPU_Q_ROUTING_ CONTROL(4)	yes	500
system-cpp-police- stackwise-virt-control
system-cpp-police- sw-forward	WK_CPP_POLICE_SW _FWD(13)	WK_CPU_Q_SW_ FORWARDING_Q(14) WK_CPU_Q_SGT_CACHE_ FULL(27) WK_CPU_Q_LOGGING(21)	Yes	1000
system-cpp-police-sys-data	WK_CPP_POLICE_SYS _DATA(10)	WK_CPU_Q_LEARNING_ CACHE_OVFL(13) WK_CPU_Q_CRYPTO_ CONTROL(23) WK_CPU_Q_EXCEPTION(24) WK_CPU_Q_EGR_EXCEPTION(28) WK_CPU_Q_NFL_SAMPLED_ DATA(26) WK_CPU_Q_GOLD_PKT(31) WK_CPU_Q_RPF_FAILED(19)	Yes	100
system-cpp-police- topology-control	WK_CPP_POLICE_ TOPOLOGY_ CONTROL(8)	WK_CPU_Q_TOPOLOGY_ CONTROL(15)	No	13000

Upgrade from IOS XE 3.x to IOS XE 16.x.x :
- If your device, before upgrade, did not have a policy system-cpp-policy, then on upgrade, a default policy is created.
- If your device, before upgrade, had a policy named system-cpp-policy, then on upgrade, the policy is not re-generated. Execute cpp sytem-default command to get the default policy working.
- We recommend that you to execute thecpp sytem-default command to get the latest default policer rates, during a major image upgrade.
Downgrade from IOS XE 16.x.x to IOS XE 3.x:
- The policy system-cpp policy is retained in the device but is not installed on control plane. You can delete the policy.
Downgrade from IOS XE 16.x.x to IOS XE 3.x and then upgrade to IOS XE 16.x.x:
- If you delete the policy after downgrade to 3.x and then upgrade to16.x.x, the policy is generated with defaults.
- If you do not delete the policy after downgrade to 3.x, then on upgrade to 16.x.x, the policy is not regenerated. Execute cpp sytem-default command to get the default policy working.

User-Configurable Aspects of CoPP

You can perform these tasks to manage control plane traffic:

Enable or disable a policer for CPU queues.

Enable a policer for CPU queue, by configuring a policer action (in packets per second) under the corresponding class-map, within the system-cpp-policy policy-map.

Disable a policer for CPU queue, by removing the policer action under the corresponding class-map, within the system-cpp-policy policy-map.
Change the policer rate, by configuring a policer rate action (in packets per second) under the corresponding class-map, within the system-cpp-policy policy-map.
Set the policer for CPU queues to their default values, by entering the cpp system-default command in global configuration mode.

Enabling a CPU Queue or Changing the Policer Rate

The procedure to enable a CPU queue and change the policer rate of a CPU queue is the same. Follow these steps:

SUMMARY STEPS

enable
configure terminal
policy-map policy-map-name
class class-name
police rate rate pps
service-policy input policy-name
end
show running-config | begin system-cpp-policy

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters the global configuration mode.

Step 3

policy-map policy-map-name

Example:


Device(config)# policy-map system-cpp-policy
Device(config-pmap)#

Enters the policy map configuration mode.

Step 4

class class-name

Example:


Device(config-pmap)# class system-cpp-police-protocol-snooping
Device(config-pmap-c)#

Enters the class action configuration mode. Enter the name of the class that corresponds to the CPU queue you want to enable. See the table, System-Defined Values for CoPP.

Step 5

police rate rate pps

Example:


Device(config-pmap-c)# police rate 100 pps

Specifies an upper limit on the number of incoming packets processed per second, for the specified traffic class.

Note

The rate you specify is applied to all CPU queues that belong to the class-map you have specified.

Step 6

service-policy input policy-name

Example:


Device(config)# control-plane
Device(config-cp)#service-policy input system-cpp-policy
Device(config-cp)#

Installs system-cpp-policy in FED. This command is required for you to see the FED policy. Not configuring this command will lead to an error.

Step 7

end

Example:


Device(config-pmap-c)# end

Returns to the privileged EXEC mode.

Step 8

show running-config | begin system-cpp-policy

Example:


Device# show running-config | begin system-cpp-policy

Displays the rates configured for the various traffic types.

Disabling a CPU Queue

Follow these steps to disable a CPU queue:

SUMMARY STEPS

enable
configure terminal
policy-map policy-map-name
class class-name
no police rate rate pps
end
show running-config | begin system-cpp-policy

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters the global configuration mode.

Step 3

policy-map policy-map-name

Example:


Device(config)# policy-map system-cpp-policy
Device(config-pmap)#

Enters the policy map configuration mode.

Step 4

class class-name

Example:


Device(config-pmap)# class system-cpp-police-protocol-snooping
Device(config-pmap-c)#

Enters the class action configuration mode. Enter the name of the class that corresponds to the CPU queue you want to disable. See the table, System-Defined Values for CoPP.

Step 5

no police rate rate pps

Example:


Device(config-pmap-c)# no police rate 100 pps

Disables incoming packet processing for the specified traffic class.

Note

This disables all CPU queues that belong to the class-map you have specified.

Step 6

end

Example:


Device(config-pmap-c)# end

Returns to the privileged EXEC mode.

Step 7

show running-config | begin system-cpp-policy

Example:


Device# show running-config | begin system-cpp-policy

Displays the rates configures for the various traffic types.

Setting the Default Policer Rates for All CPU Queues

Follow these steps to set the policer rates for all CPU queues to their default rates:

SUMMARY STEPS

enable
configure terminal
cpp system-default
end
show platform hardware fed active qos queue stats internal cpu policer

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters the global configuration mode.
Step 3	cpp system-default Example: `Device(config)# cpp system-default Defaulting CPP : Policer rate for all classes will be set to their defaults`	Sets the policer rates for all the classes to the default rate.
Step 4	end Example: `Device(config)# end`	Returns to the privileged EXEC mode.
Step 5	show platform hardware fed active qos queue stats internal cpu policer Example: `Device# show platform hardware fed active qos queue stats internal cpu policer`	Displays device-specific internal queue information.

Example: Enabling a CPU Queue or Changing the Policer Rate of a CPU Queue

This example shows how to enable a CPU queue or to change the policer rate of a CPU queue. Here the class system-cpp-police-protocol-snooping CPU queue is enabled with the policer rate of 100 pps .


Device> enable
Device# configure terminal
Device(config)# policy-map system-cpp-policy
Device(config-pmap)# class system-cpp-police-protocol-snooping
Device(config-pmap-c)# police rate 100 pps
Device(config-pmap-c)# end


Device# show running-config | begin system-cpp-policy

policy-map system-cpp-policy
 class system-cpp-police-data
  police rate 200 pps
 class system-cpp-police-sys-data
  police rate 100 pps
 class system-cpp-police-sw-forward
  police rate 1000 pps
 class system-cpp-police-multicast
  police rate 500 pps
 class system-cpp-police-multicast-end-station
  police rate 2000 pps
 class system-cpp-police-punt-webauth
 class system-cpp-police-l2-control
 class system-cpp-police-routing-control
  police rate 500 pps
 class system-cpp-police-control-low-priority
 class system-cpp-police-wireless-priority1
 class system-cpp-police-wireless-priority2
 class system-cpp-police-wireless-priority3-4-5
 class system-cpp-police-topology-control
 class system-cpp-police-dot1x-auth
 class system-cpp-police-protocol-snooping
  police rate 100 pps
 class system-cpp-police-forus
 class system-cpp-default

<output truncated>

Example: Setting the Default Policer Rates for All CPU Queues

This example shows how to set the policer rates for all CPU queues to their default and then verify the setting. A user-defined policy is applied on top of the system-default policy, which means that any control traffic matching the user-defined class map, is subject to the aggregate policer, under the user-defined CPP policer class. Statistics for the user defined traffic class are reported in Bytes.


Device> enable
Device# configure terminal
Device(config)# cpp system-default
Defaulting CPP : Policer rate for all classes will be set to their defaults
Device(config)# end

Device# configure terminal
Device(config)# class-map match-any class-cpp-user
Device(config-cmap)# match dscp cs1
Device(config-cmap)# exit
Device(config)# policy-map system-cpp-policy
Device(config-pmap)# class system-cpp-policy
Device(config-pmap)# exit
Device(config)# policy-map system-cpp-policy
Device(config-pmap)# class class-cpp-user
Device(config-pmap-c)# police rate 2m bps 
Device(config-pmap-c)# end
Device# show platform hardware fed active qos queue stats internal cpu policer

CPU Queue Statistics 
============================================================================================
(default) (set) Queue Queue
QId  PlcIdx  Queue     Name              Enabled    Rate  Rate  Drop(Bytes)  Drop(Frames)
--------------------------------------------------------------------------------------------
0    11      DOT1X     Auth               Yes        1000  1000  0            0 
1    1       L2        Control            Yes        2000  2000  0            0 
2    14      Forus     traffic            Yes        1000  1000  0            0 
3    0       ICMP      GEN                Yes        600   600   0            0 
4    2       Routing   Control            Yes        5400  5400  0            0 
5    14      Forus     Address resolution Yes        1000  1000  0            0 
6    0       ICMP      Redirect           Yes        600   600   0            0 
7    16      Unused                       Yes        1000  1000  0            0 
8    4       L2        LVX Cont Pack      Yes        1000  1000  0            0 
9    16      EWLC      Control            Yes        1000  1000  0            0 
10   16      EWLC      Data               Yes        1000  1000  0            0 
11   13      L2        LVX Data Pack      Yes        1000  1000  0            0 
12   0       BROADCAST                    Yes        600   600   0            0 
13   10      Learning  cache ovfl         Yes        100   200   0            0 
14   13      Sw        forwarding         Yes        1000  1000  0            0 
15   8       Topology  Control            Yes        13000 13000 0            0 
16   12      Proto     Snooping           Yes        2000  2000  0            0 
17   16      DHCP      Snooping           Yes        1000  1000  0            0 
18   9       Transit   Traffic            Yes        500   400   0            0 
19   10      RPF       Failed             Yes        100   200   0            0 
20   15      MCAST     END STATION        Yes        2000  2000  0	     0 
21   13      LOGGING                      Yes        1000  1000  0  	   0 
22   7       Punt      Webauth            Yes 	1000  1000  0 	    0 
23   10      Crypto    Control 	    Yes 	100   200   0 	    0 
24   10      Exception 		     Yes 	100   200   0 	    0 
25   3	General   Punt 		Yes 	200   200   0 	    0 
26   10      NFL       SAMPLED DATA       Yes 	100   200   0 	    0 
27   2       Low       Latency 	    Yes 	5400  5400  0            0 
28   10      EGR       Exception 	  Yes 	100   200   0 	    0 
29   5       Stackwise Virtual Control    Yes 	8000  8000  0 	    0 
30   9       MCAST     Data 		Yes 	500   400   0 	    0 
31   10      Gold      Pkt 		 Yes 	100   200   0 	    0 

* NOTE: CPU queue policer rates are configured to the closest hardware supported value

CPU Queue Policer Statistics 
====================================================================
Policer Policer Accept Policer Accept Policer Drop Policer Drop
Index Bytes Frames Bytes Frames
-------------------------------------------------------------------
0 0 0 0 0 
1 10364 137 0 0 
2 0 0 0 0 
3 0 0 0 0 
4 0 0 0 0 
5 0 0 0 0 
6 0 0 0 0 
7 0 0 0 0 
8 4160 65 0 0 
9 0 0 0 0 
10 0 0 0 0 
11 0 0 0 0 
12 0 0 0 0 
13 0 0 0 0 
14 0 0 0 0 
15 0 0 0 0 
16 0 0 0 0 
17 0 0 0 0 

CPP Classes to queue map 
======================================================================================
PlcIdx   CPP Class : 		      		Queues
--------------------------------------------------------------------------------------
0 	system-cpp-police-data : 			ICMP GEN/BROADCAST/ICMP Redirect/
10	system-cpp-police-sys-data :    		Learning cache ovfl/Crypto Control/Exception/EGR Exception/NFL SAMPLED DATA/Gold Pkt/RPF Failed/
13	system-cpp-police-sw-forward :  		Sw forwarding/LOGGING/L2 LVX Data Pack/
9 	system-cpp-police-multicast :   		Transit Traffic/MCAST Data/
15	system-cpp-police-multicast-end-station :     MCAST END STATION /
7	 system-cpp-police-punt-webauth : 	      Punt Webauth/
1 	system-cpp-police-l2-control : 		 L2 Control/
5 	system-cpp-police-stackwise-virt-control :    Stackwise Virtual Control/
2 	system-cpp-police-routing-control : 	   Routing Control/Low Latency/
3 	system-cpp-police-control-low-priority :      General Punt/
4 	system-cpp-police-l2lvx-control : 	     L2 LVX Cont Pack/
8 	system-cpp-police-topology-control : 	  Topology Control/
11	system-cpp-police-dot1x-auth : 		 DOT1X Auth/
12	system-cpp-police-protocol-snooping : 	 Proto Snooping/
14	system-cpp-police-forus : 		      Forus Address resolution/Forus traffic/
5 	system-cpp-police-stackwise-virt-control :    Stackwise Virtual Control/
16	system-cpp-default : 			    DHCP Snooping/Unused/EWLC Control/EWLC Data/
Device#

Monitoring CoPP

Follow these steps to display policer settings, such as, traffic types and policer rates (user-configured and default rates) for CPU queues.

SUMMARY STEPS

enable
show platform software fed active qos policy target status

DETAILED STEPS

Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

show platform software fed active qos policy target status

Example:

Device# show platform software fed active qos policy target status 

TCG status summary:

Loc Interface             IIF-ID           Dir State:(cfg,opr) Policy              
--- --------------------- ---------------- --- --------------- --------------------
?:255 Control Plane         0x00000001000001 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-0          0x00000001000002 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-1          0x00000001000003 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-2          0x00000001000004 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-3          0x00000001000005 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-4          0x00000001000006 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-5          0x00000001000007 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-6          0x00000001000008 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-7          0x00000001000009 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-8          0x0000000100000a OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-9          0x0000000100000b OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-10         0x0000000100000c OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-12         0x00000001000019 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-13         0x0000000100001a OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-14         0x0000000100001b OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-15         0x0000000100001c OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-16         0x0000000100001d OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-17         0x0000000100001e OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-18         0x0000000100001f OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-19         0x00000001000020 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-20         0x00000001000021 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-21         0x00000001000022 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-22         0x00000001000023 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-23         0x00000001000024 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-24         0x00000001000025 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-25         0x00000001000026 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-26         0x00000001000027 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-27         0x00000001000028 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-28         0x00000001000029 OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-29         0x0000000100002a OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-30         0x0000000100002b OUT VALID,SET_INHW  system-cpp-policy
?:255 CoPP-Queue-31         0x0000000100002c OUT VALID,SET_INHW  system-cpp-policy

Displays user-defined COPP policies.

By default, the system-cpp-policy is configured with the default policer rates. The following sample output from the show platform software fed active qos policy target status command displays all the 32 user-defined queues.

Additional References for CoPP

Related Topic	Document Title
MQC QoS Commands, and CoPP show commands	IP Multicast Routing chapter of Command Reference (Catalyst 9400 Series Switches)

MIBs


MIB	MIBs Link
All the supported MIBs for this release.	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

Technical Assistance


Description	Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.	http://www.cisco.com/support

Feature Information for Control Plane Policing

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 2. Feature Information for Control Plane Policing
Feature Name	Releases	Feature Information
Control Plane Policing	Cisco IOS XE Everest 16.6.1	The CoPP feature improves security on your device by protecting the CPU from unnecessary traffic, or DoS traffic, and by prioritizing control plane and management traffic. This feature was implemented on the following platforms: Cisco Catalyst 9400 Series Switches

Bias-Free Language

Results

Chapter: Configuring Control Plane Policing

Configuring Control Plane Policing

Restrictions for CoPP

Information About Control Plane Policing

CoPP Overview

System-Defined Aspects of CoPP

User-Configurable Aspects of CoPP

Enabling a CPU Queue or Changing the Policer Rate

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Disabling a CPU Queue

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Setting the Default Policer Rates for All CPU Queues

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example: Enabling a CPU Queue or Changing the Policer Rate of a CPU Queue

Example: Setting the Default Policer Rates for All CPU Queues

Monitoring CoPP

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Additional References for CoPP

Related Documents

MIBs

Technical Assistance

Feature Information for Control Plane Policing

Was this Document Helpful?

Contact Cisco