1.CoPP和CPPr
CoPP--Control Plane Policing 是指直接在Control Plane实施的service policy
CPPr--Control Plane Protection 是指在Control Plane的cef-exception,host,transit三个子接口下面实施的service policy
其中,CoPP不需要cef的支持,但是CPPr需要cef的支持,如果关闭cef会有如下提示:
R2(config)#no ip cef
R2(config)#
*Mar 1 00:26:44.431: %CP-4-CPPR_DISABLED: Removing security features on host, transit and cef-exception paths
R2(config)#
*Mar 1 00:26:44.447: %CP-5-FEATURE: Control-plane Policing feature disabled from Control plane host path
2.确定CPPr流量
!
class-map type logging match-any LOG
match packets dropped
match packets error
match packets permitted
!
policy-map type logging LOG
class LOG
!
control-plane host
service-policy type logging input LOG
control-plane transit
service-policy type logging input LOG
control-plane cef-exception
service-policy type logging input LOG
======================================
show control-plane counters
clear control-plane *
======================================
配置完成后,通过发送不同的流量来测试到底什么流量属于不同子接口的流量:
host:
%CP-6-IP: PERMIT 10.1.1.1 -> 10.1.1.8 icmp
%CP-6-TCP: PERMIT 20.1.1.2(64562) -> 10.1.1.1(23)
transit:(与硬件有关)
%CP-6-IP: PERMIT 20.1.1.2 -> 224.0.0.5 ospf
%CP-6-UDP: PERMIT 10.1.1.8(138) -> 10.1.1.255(138)
cef-exception:
%CP-6-ARP: PERMIT 10.1.1.8 -> 10.1.1.1
2221
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
