Categories
CCNP Enterprise Core (350-401) Cisco Security

Configuring Access Control Lists (ACL) for Control Plane Policing Policies (CoPP)

After network traffic rates to the control plane have been identified, an access list can be built for matching traffic in a class map.

ip access-list extended ACL-CoPP-ICMP
 permit icmp any any echo-reply
 permit icmp any any ttl-exceeded
 permit icmp any any unreadable
 permit icmp any any echo

These access lists do not deny traffic, but are simply for matching against various protocols, in this case, ICMP.

class-map match-all CLASS-CoPP-ICMP
 match access-group name ACL-CoPP-ICMP

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.