• If a CoPP ACL has a static ACL substring, it will be mapped to that type of traffic. For example,
if the ACL includes the acl-mac-stp substring, STP traffic will be classified to the class map for that
ACL.
• Static CoPP ACLs take priority over dynamic CoPP ACLs, regardless of their position in the CoPP
policy, the order in which they are configured, and how they appear in the output of the
show
policy-map type control-plane
command.
• You must have static CoPP ACLs in the CoPP policy. Otherwise, the CoPP policy will be rejected.
• Beginning with Cisco Nexus Release 9.2(2), Cisco Nexus 9300-EX, Cisco Nexus 9300-FX Series switches
and Cisco Nexus 9500 platform switches support protocol ACL filtering. In this release, IPv6 ACL is
not supported.
• The protocol ACL filtering feature has the following limitations:
• Once the dynamic CoPP ACL is defined, you cannot add or remove an existing rule. This is applicable
for all class-maps and policy-maps attached to the dynamic CoPP ACLs.
• You cannot override the existing dynamic CoPP with a new policy. You must remove the existing
dynamic CoPP before you add a new policy.
• The deny action is not applicable.
• Every entry is programmed in TCAM and uses a different TCAM space if two MAC or IP ACLs
with the same entries are created and bound to either the same or a different class-map.
• The maximum TCAM carving supported for the egress CoPP is 128 entries, which is either 128
MAC entries or 128 IPv4 entries. The device will automatically apply 128 entries for egress CoPP
when you carve TCAM for 256 entries.
• Policer actions are not supported.
• SNMP MIB support is not required.
• IPv6 ACL not supported for dynamic CoPP
If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might
differ from the Cisco IOS commands that you would use.
Note
Default Settings for CoPP
This table lists the default settings for CoPP parameters.
Table 40: Default CoPP Parameters Settings
Default
Parameters
Strict
Default policy
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
472
Configuring Control Plane Policing
Default Settings for CoPP