Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
3
Replies

Control Plane Policing Practicalities...

UTVi-NetAdmin
Level 1
Level 1

‎01-07-2009 07:05 AM - edited ‎03-06-2019 03:17 AM

Hi,

According to the following:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html

in order to help tighten a CoPP Policy:

"...Step 3. Review Identified Packets and Begin to Filter Access to the Route Processor

... The "permit ip any any" access-list entry will log a number of packet matches. Some form of analysis will be required to determine the exact nature of the unclassified packets."

Has anyone any idea how determine what kind of traffic is matching on the catchall class i.e 'permit ip any any'. In other words, define 'some form of analysis' mentioned above?

Any help appreciated.

Thanks,

Mark

Labels:
0 Helpful
3 Replies 3

Yudong Wu
Level 7
Level 7

‎01-07-2009 08:11 AM

I think you can add "permit ip any any log" then system should write a log message when there is a packet match this entry. You can check by "show log" if the logging buffer is turned on.

0 Helpful

UTVi-NetAdmin
Level 1
Level 1
In response to Yudong Wu

‎01-07-2009 08:20 AM

Hi Kevin,

Thanks for the response.

I get the following in 12.4(21a)i.e c7200-ik9s-mz.124-21a.bin on 7204VXR

ROUTER(config-ext-nacl)#9 permit tcp any 192.168.0.0 0.0.1.255 eq telnet log

class-map CoPP-post-undesirable : access-list with 'log' not supported, pls remove 'log' from access-list otherwise class-map CoPP-post-undesirable will not work properly

ROUTER(config-ext-nacl)#

I may be wrong here, but, from what I can see in the doc, I may need Control Plane Logging:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_cpl.html

Seems to require a 12.4T image also, going by Feature Navigator.

I hope I'm wrong (and I probably am...)

Thanks,

Mark

0 Helpful

Yudong Wu
Level 7
Level 7
In response to UTVi-NetAdmin

‎01-07-2009 08:29 AM

Hi Mark,

You are right. It looks like ACL for CoPP is handled in a different way. The feature you found should work for you.

I am not aware of any other way to capture the packet punted to CPU in 7204 router. But in 7600 router we could do a inband SPAN to capture those packets.

Thanks for pointing this out.

Kevin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card