Re: CoPP on NXOS

[Jay Ford <jnford () uiowa net>]

Setting the "conform" & "violate" actions to "drop" for a class with
appropriate ACL matching seems to work:

   policy-map type control-plane copp-policy-whatever
     ! other classes ...
     class copp-class-undesirable-junk
       set cos 0
       police cir 32 kbps bc 310 ms conform drop violate drop
     ! other classes ...

The rates are irrelevant in that case, but still required.

_________________________________________________
Jay Ford, Network Engineering, University of Iowa
email: jay-ford () uiowa edu, phone: 319-335-5555

On Wed, 17 Feb 2021, Drew Weaver wrote:
> This might be a little too platform/vendor specific for this group so I apologize in advance
> if that is the case.
>
>  
>
> Does anyone have a working example of CoPP on NXOS which limits things like BGP, SSH, and the
> NXAPI HTTPS interface to a specific remote /32 and blocks everything else that is not
> specifically allowed in the ACLs attached to the classes?
>
>  
>
> I’ve had a ticket open /w TAC for a month and I’m actually getting nowhere.
>
>  
>
> Thank you so much,
>
> -Drew