Re: CoPP - Question

 Once you match it, and have it higher in your policy-map, then it
wouldn't be considered for any lower matching anyway. So you can be as
specific or general as you need to be in order to achieve the effect you
are looking for!

Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,

JNCIE-M #153, JNCIS-ER, CISSP, et al.

JNCI-M, JNCI-ER

evil_at_ine.com

Internetwork Expert, Inc.

http://www.InternetworkExpert.com

Toll Free: 877-224-8987

Outside US: 775-826-4344

Knowledge is power.

Power corrupts.

Study hard and be Eeeeviiiil......

ccie_ka_at_gmx.de wrote:

  sorry you're right....with the protocls in the access-list
  
  Concerning the deny statement, I would this protocols exclude from policing in the policy-map
  
  Say I have a policy-map which is inbound to the control-plane. This one should match all specified traffic and only the routing traffic shouldn't going through without policing.
  
  Dennis
  
  -------- Original-Nachricht --------

    Datum: Sun, 14 Feb 2010 09:06:58 -0500
    Von: Scott Morris <smorris_at_ine.com> An: ccie_ka_at_gmx.de CC: ccielab_at_groupstudy.com Betreff: Re: CoPP - Question

     Why are you denying the protocols?
    
    Since OSPF and EIGRP are protocol numbers, the addresses become
    irrelevant.
    
    permit ospf any any or permit eigrp any any would be fine!
    
    BGP you'll need to be more aware of the direction/port though. But still
    "permit" would be needed in order to be a match!
    
    Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
    
    JNCIE-M #153, JNCIS-ER, CISSP, et al.
    
    JNCI-M, JNCI-ER
    evil_at_ine.com
    Internetwork Expert, Inc.
    http://www.InternetworkExpert.com
    Toll Free: 877-224-8987
    
    Outside US: 775-826-4344
    
    Knowledge is power.
    
    Power corrupts.
    
    Study hard and be Eeeeviiiil......
    ccie_ka_at_gmx.de wrote:
    
      Thanks for the explanation Scott...
      The traffic should be destined _to_ the router!
      
      While learning (and reading about CoPP) I have more questions...:-))
      
      First of all how can I classify routing protocols with access-list.
      I have the following list defined but I'm not sure if this is the right
    solution ??
      
      Router1
      !OSPF
      ip access-list ospf
       deny ospf any host x.x.x.x
       deny ospf any host 224.0.0.5
       deny ospf any host 224.0.0.6
      
      !eigrp
      ip access-list eigrp
       deny eigrp any host x.x.x.x
       deny udp any host 224.0.0.10
      
      ip access-list bgp
       deny tcp any host x.x.x.x eq 179 <- this is the local router
       deny tcp any eq 179 19.19.y.y <- this is the bgp peer
       deny tcp any eq 179 19.19.y.y
    
      I'm not sure if I also need more commands for eigrp ?!
      
      Dennis
      -------- Original-Nachricht --------
    
        Datum: Sun, 14 Feb 2010 08:31:23 -0500
        Von: Scott Morris <smorris_at_ine.com> An: ccie_ka_at_gmx.de
    CC: ccielab_at_groupstudy.com Betreff: Re: CoPP - Question
    
         If it is flowing THROUGH your router, that would be data plane, not
        control plane. (and BGP is the only multihop one you can do that
    with)
        
        But otherwise, what kind of detail are you looking for? The object is
    to
        control/limit how much stuff is thrown at your router that the router
        itself has to actually process. Like most things, you'll start with
        something like is on the web and tweak it from there based on your
        particular needs. YMMV.
        
        Scott Morris, CCIEx4 (R&S/ISP-Dial/Security/Service Provider) #4713,
        
        JNCIE-M #153, JNCIS-ER, CISSP, et al.
        
        JNCI-M, JNCI-ER
            evil_at_ine.com
        Internetwork Expert, Inc.
            http://www.InternetworkExpert.com
        Toll Free: 877-224-8987
        
        Outside US: 775-826-4344
        
        Knowledge is power.
        
        Power corrupts.
        
        Study hard and be Eeeeviiiil......
            ccie_ka_at_gmx.de wrote:
        
          Hi Group,
          
          I'm currently working with CoPP.
          I also read the the Cisco Documents about this stuff,
          
          Is there any good documentation in the web which explains this in
    detail
        ...let's say I must limit routing protocols like ospf, eigrp and bgp.
          How can I restrict this protocols...from flowing through a specified
        router..
          
          Dennis
    
        Blogs and organic groups at http://www.ccie.net
       
    _______________________________________________________________________
        Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

    Blogs and organic groups at http://www.ccie.net
    _______________________________________________________________________
    Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Feb 14 2010 - 10:19:13 ART