Purpose
Command or Action
switch(config)# class-map type control-plane
match-any c-map2
switch(config-cmap)#
(Optional)
match access-group name access-list-name
Step 9
Example:
switch(config-cmap)# match access-group name
IP-foo-1
Specifies a control plane policy map and enters policy map
configuration mode. The policy map name can have a
maximum of 64 characters and is case sensitive.
policy-map type control-plane policy-map-name
Example:
switch(config)# policy-map type control-plane
ClassMapA
switch(config-pmap)#
Step 10
Specifies a control plane class map name or the class
default and enters control plane class configuration mode.
class
{
class-map-name
[
insert-before class-map-name2
]
|
class-default
}
Step 11
Example:
The class-default class map is always at the end of the
class map list for a policy map.
switch(config-pmap)# class ClassMap2
switch(config-pmap-c)#
Specifies the committed information rate (CIR). The rate
range is as follows:
Enter one of the following commands:
Step 12
•
police
[
cir
] {
cir-rate
[
rate-type
]}
The committed burst (BC) range is as follows:
•
police
[
cir
] {
cir-rate
[
rate-type
]} [
bc
]
burst-size
[
burst-size-type
]
•
police
[
cir
] {
cir-rate
[
rate-type
]]}
conform transmit
[
violate drop
]
Example:
switch(config-pmap-c)# police cir 52000 bc 1000
packets
Example:
switch(config-pmap-c)# police cir 3400 kbps bc
200 kbytes
Enters the control plane dynamic configuration mode.
control-plane Dynamic mode
Example:
Step 13
switch(config)# control-plane dynamic mode
switch(config-cp-dyn)#
Specifies a policy map for the input traffic. ENd
service-policy-dynamic input policy-map-name
Example:
Step 14
switch(config-cp-dyn)# service-policy-dynamic
input PolicyMap1
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
485
Configuring Control Plane Policing
Configuring IP ACL Filtering for CoPP