Hello,
I read COPP and what I understood is its not interface level, its route processor level...
http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html
To define appropriate policies for your CoPP configuration, you need to identify all of the traffic flows and packet rates for those flows that may be seen by CoPP. Typically, ACLs are used for the traffic flow identification task and, in most cases, the protocols as well as the source and destination IP addresses are well known. It is still quite likely that some surprise traffic flows will arise. The definition of these ACLs is one of the most critical steps in the CoPP process. MQC uses these ACLs to define the traffic classes, which in turn become the object of the policy actions (policing). Appropriate granularity in the distribution of protocols within these ACLs allows for better protection of the RP.
Management – ACL 121
! – ACL for CoPP Management class!
access-list 121 permit tcp <NOC block> eq telnet
access-list 121 permit tcp eq telnet established
access-list 121 permit tcp eq 22
access-list 121 permit tcp eq 22 established
access-list 121 permit udp eq snmp
access-list 121 permit tcp eq www
access-list 121 permit udp eq 443
access-list 121 permit tcp eq ftp
access-list 121 permit tcp eq ftp-data
access-list 121 permit udp eq syslog
access-list 121 permit udp eq domain
access-list 121 permit udp eq ntp
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
