After network traffic rates to the control plane have been identified, an access list can be built for matching traffic in a class map.
ip access-list extended ACL-CoPP-ICMP permit icmp any any echo-reply permit icmp any any ttl-exceeded permit icmp any any unreadable permit icmp any any echo
These access lists do not deny traffic, but are simply for matching against various protocols, in this case, ICMP.
class-map match-all CLASS-CoPP-ICMP match access-group name ACL-CoPP-ICMP
Leave a Reply