Command |
How to use for CoPP |
---|---|
ip icmp-fragment enable |
Drop ICMP fragment packets before they are used by hackers for Denial of Service (DoS) attacks. |
ip option disable |
Discard IP packets with options before hackers send such packets to initiate DoS attacks. |
ip access-list extended class-map match access-group policy-map |
Configure rate limiting actions. For more information, see CoPP Rate Limiting. |
ip access-list extended ip receive access-group ipv6 access-list extended ipv6 receive access-group |
Permit or deny unicast and multicast control packets. For more information, see CoPP Discard and Permit for Control Packets. |
Command |
How to use for CoPP |
---|---|
show access-list receive |
See the configuration for permit and deny rules for control plan protection. |
show statistics access-list |
See statistics for packets that meet the permit and deny rules configured for control plane protection. |
show policy-map control-plane |
See the configuration of the policy map attached to a control plane interface. |
show interface ethernet inc rate |
See whether the control plane is receiving packets at the configured rate. |
show qos cpu info show qos cpu cfg |
CPU ports that allow packets into the control plane have limited bandwidth. View the maximum CPU rates and weighted fair queue values for the various VOQ groups. |