11.9 C
New York
Sunday, March 9, 2025

cisco nx os – N5K-5672 CoPP problem


Based on https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/safety/513_n1_1/b_Cisco_n5k_security_config_gd_513_n1_1/b_Cisco_n5k_security_config_gd_513_n1_1_chapter_01101.html#con_1085200

Default coverage applies the next policer configuration:

policy-map kind control-plane copp-system-policy-default
    class copp-system-class-igmp
      police cir 1024 kbps bc 65535 bytes 
    class copp-system-class-pim-hello
      police cir 1024 kbps bc 4800000 bytes 
    class copp-system-class-bridging
      police cir 20000 kbps bc 4800000 bytes 
    class copp-system-class-arp
      police cir 1024 kbps bc 3600000 bytes 
    class copp-system-class-dhcp
      police cir 1024 kbps bc 4800000 bytes 
    class copp-system-class-mgmt
      police cir 12000 kbps bc 4800000 bytes 
    class copp-system-class-lacp
      police cir 1024 kbps bc 4800000 bytes 
    class copp-system-class-lldp
      police cir 2048 kbps bc 4800000 bytes 
    class copp-system-class-udld
      police cir 2048 kbps bc 4800000 bytes 
    class copp-system-class-isis
      police cir 1024 kbps bc 4800000 bytes 
    class copp-system-class-msdp
      police cir 9600 kbps bc 4800000 bytes 
    class copp-system-class-cdp
      police cir 1024 kbps bc 4800000 bytes 
    class copp-system-class-fip
      police cir 1024 kbps bc 4800000 bytes 
    class copp-system-class-bgp
      police cir 9600 kbps bc 4800000 bytes 
    class copp-system-class-eigrp
      police cir 9600 kbps bc 4800000 bytes 
    class copp-system-class-exception
      police cir 64 kbps bc 4800000 bytes 
    class copp-system-class-glean
      police cir 1024 kbps bc 4800000 bytes 
    class copp-system-class-hsrp-vrrp
      police cir 1024 kbps bc 256000 bytes 
    class copp-system-class-icmp-echo
      police cir 64 kbps bc 3600000 bytes 
    class copp-system-class-ospf
      police cir 9600 kbps bc 4800000 bytes 
    class copp-system-class-pim-register
      police cir 9600 kbps bc 4800000 bytes 
    class copp-system-class-rip
      police cir 9600 kbps bc 4800000 bytes 
    class copp-system-class-l3dest-miss
      police cir 64 kbps bc 256000 bytes 
    class copp-system-class-mcast-miss
      police cir 256 kbps bc 3200000 bytes 
    class copp-system-class-excp-ip-frag
      police cir 64 kbps bc 3200000 bytes 
    class copp-system-class-excp-same-if
      police cir 64 kbps bc 3200000 bytes 
    class copp-system-class-excp-ttl
      police cir 64 kbps bc 3200000 bytes 
    class copp-system-class-default
      police cir 512 kbps bc 6400000 bytes 

So, if I understood your PCAP appropriately, you simulate HTTP visitors – which isn’t a part of this coverage.

Perhaps you need to configure a customized coverage that applies policing to TCP visitors usually. If that’s what you need.

And I feel that you do not see it in configuration as a result of it’s the default coverage.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles