Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CoPP issues

Required by regulations to implement CoPP on our routers, I installed  the following configuration on a C2811 router  pair with integrated DSU/CSU cards connecting a point T1.  STAC compression(software) is configured on the serial interfaces  and the link is often congested.

>>ip access-list extended CoPP_CRITICAL

>>remark our control plane adjacencies are critical permit tcp

>>X.Y.10.0 0.0.0.255  eq tacacs any permit tcp X.Y.10.0 0.0.0.255

>>any eq 22 deny ip any any

>>

>>ip access-list extended CoPP_IMPORTANT permit udp host 128.38.10.240

>>any eq snmp permit udp host X.Y.10.241 any eq snmp permit udp host

>>X.Y..26.1 eq ntp any deny ip any any

>>

>>ip access-list extended CoPP_NORMAL

>>remark we will want to rate limit ICMP traffic permit icmp any any

>>echo permit icmp any any echo-reply permit icmp any any time-exceeded

>>permit icmp any any unreachable deny ip any any

>>

>>ip access-list extended CoPP_UNDESIRABLE remark other management plane

>>traffic that should not be received permit udp any any eq ntp permit

>>udp any any eq snmptrap permit tcp any any eq 22 permit tcp any any eq

>>23 remark other control plane traffic not configured on router deny ip

>>any any

>>

>>ip access-list extended CoPP_DEFAULT

>>permit ip any any

>>policy-map CONTROL_PLANE_POLICY

>>class CoPP_CRITICAL

>>police 512000 8000 conform-action transmit exceed-action transmit

>>class CoPP_IMPORTANT police 256000 4000 conform-action transmit

>>exceed-action drop class CoPP_NORMAL police 128000 2000 conform-action

>>transmit exceed-action drop class CoPP_UNDESIRABLE police 8000 1000

>>conform-action drop exceed-action drop class CoPP_DEFAULT police 64000

>>1000 conform-action transmit exceed-action drop

This configuration severely degraded the IP traffic flow and I had to remove it. Not having any practical experince with CoPP I'm looking for help and suggestions on how to best implement in this scenario. Thanks

1 REPLY

CoPP issues

Hi,

I suggest you refer to this QoS design guide as an example of a CoPP policy to deploy on your router

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSWAN_40.html#wp131455

Don't forget to rate posts that are helpful.

266
Views
0
Helpful
1
Replies