CoPP-related Commands

Table 1. Configuration commands

Command

How to use for CoPP

ip icmp-fragment enable

Drop ICMP fragment packets before they are used by hackers for Denial of Service (DoS) attacks.

ip option disable

Discard IP packets with options before hackers send such packets to initiate DoS attacks.

ip access-list extended

class-map

match access-group

policy-map

Configure rate limiting actions. For more information, see CoPP Rate Limiting.

ip access-list extended

ip receive access-group

ipv6 access-list extended

ipv6 receive access-group

Permit or deny unicast and multicast control packets. For more information, see CoPP Discard and Permit for Control Packets.

Table 2. Show commands

Command

How to use for CoPP

show access-list receive

See the configuration for permit and deny rules for control plan protection.

show statistics access-list

See statistics for packets that meet the permit and deny rules configured for control plane protection.

show policy-map control-plane

See the configuration of the policy map attached to a control plane interface.

show interface ethernet inc rate

See whether the control plane is receiving packets at the configured rate.

show qos cpu info

show qos cpu cfg

CPU ports that allow packets into the control plane have limited bandwidth. View the maximum CPU rates and weighted fair queue values for the various VOQ groups.