Cisco-COPP-ASR1001: различия между версиями

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску
Строка 17: Строка 17:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no ip access-list extended ACCESS_LIST_COPP_TELNET
 
no ip access-list extended ACCESS_LIST_COPP_TELNET
Строка 25: Строка 26:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no ip access-list extended ACCESS_LIST_COPP_SSH
 
no ip access-list extended ACCESS_LIST_COPP_SSH
Строка 33: Строка 35:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no ip access-list extended ACCESS_LIST_COPP_SNMP
 
no ip access-list extended ACCESS_LIST_COPP_SNMP
Строка 41: Строка 44:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no ip access-list extended ACCESS_LIST_COPP_BGP
 
no ip access-list extended ACCESS_LIST_COPP_BGP
Строка 50: Строка 54:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no ip access-list extended ACCESS_LIST_COPP_RADIUS
 
no ip access-list extended ACCESS_LIST_COPP_RADIUS
Строка 62: Строка 67:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no class-map CLASS_MAP_COPP_TELNET
 
no class-map CLASS_MAP_COPP_TELNET
Строка 69: Строка 75:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no class-map CLASS_MAP_COPP_SSH
 
no class-map CLASS_MAP_COPP_SSH
Строка 76: Строка 83:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no class-map CLASS_MAP_COPP_SNMP
 
no class-map CLASS_MAP_COPP_SNMP
Строка 83: Строка 91:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no class-map CLASS_MAP_COPP_BGP
 
no class-map CLASS_MAP_COPP_BGP
Строка 90: Строка 99:
 
</PRE>
 
</PRE>
   
  +
==<code></code>==
 
<PRE>
 
<PRE>
 
no class-map CLASS_MAP_COPP_RADIUS
 
no class-map CLASS_MAP_COPP_RADIUS
Строка 96: Строка 106:
 
exit
 
exit
 
</PRE>
 
</PRE>
 
   
 
==<code>policy-map POLICY_MAP_COPP_INPUT_POLICY</code>==
 
==<code>policy-map POLICY_MAP_COPP_INPUT_POLICY</code>==

Версия 10:34, 1 июля 2024


Control Plane Policing (CoPP) (на примере ASR1001)

Очистка

Перед настройкой удалить существующие настройки

control-plane
 no service-policy input POLICY_MAP_COPP_INPUT_POLICY
exit
no policy-map POLICY_MAP_COPP_INPUT_POLICY

no ip access-list extended ACCESS_LIST_COPP_TELNET
ip access-list extended ACCESS_LIST_COPP_TELNET
 deny   tcp any any established
 permit tcp any any eq telnet
exit 

no ip access-list extended ACCESS_LIST_COPP_SSH
ip access-list extended ACCESS_LIST_COPP_SSH
 deny   tcp any any established
 permit tcp any any eq 22
exit 

no ip access-list extended ACCESS_LIST_COPP_SNMP
ip access-list extended ACCESS_LIST_COPP_SNMP
 deny   udp 10.72.0.0 0.0.0.255 any eq 161
 permit udp any any eq 161
exit

no ip access-list extended ACCESS_LIST_COPP_BGP
ip access-list extended ACCESS_LIST_COPP_BGP
 deny   tcp any any established
 deny   tcp 172.31.0.100 0.0.0.255 any eq 179
 permit tcp any any eq 179
exit

no ip access-list extended ACCESS_LIST_COPP_RADIUS
ip access-list extended ACCESS_LIST_COPP_RADIUS
 deny   udp 172.31.0.0    0.0.0.255 any eq 1812
 deny   udp 172.31.0.0    0.0.0.255 any eq 1813
 deny   udp 100.100.100.0 0.0.0.255 any eq 1812
 deny   udp 100.100.100.0 0.0.0.255 any eq 1813
 permit tcp any any eq 1812
 permit tcp any any eq 1813
exit

no class-map CLASS_MAP_COPP_TELNET
class-map CLASS_MAP_COPP_TELNET
  match access-group name ACCESS_LIST_COPP_TELNET
exit

no class-map CLASS_MAP_COPP_SSH
class-map CLASS_MAP_COPP_SSH
  match access-group name ACCESS_LIST_COPP_SSH
exit

no class-map CLASS_MAP_COPP_SNMP
class-map CLASS_MAP_COPP_SNMP
  match access-group name ACCESS_LIST_COPP_SNMP
exit

no class-map CLASS_MAP_COPP_BGP
class-map CLASS_MAP_COPP_BGP
  match access-group name ACCESS_LIST_COPP_BGP
exit

no class-map CLASS_MAP_COPP_RADIUS
class-map CLASS_MAP_COPP_RADIUS
  match access-group name ACCESS_LIST_COPP_RADIUS
exit

policy-map POLICY_MAP_COPP_INPUT_POLICY

no policy-map POLICY_MAP_COPP_INPUT_POLICY
policy-map POLICY_MAP_COPP_INPUT_POLICY
! Deny telnet
 class CLASS_MAP_COPP_TELNET
  police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop
  exit
 exit

!

! Deny ssh
 class CLASS_MAP_COPP_SSH
  police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop
  exit
 exit

! Deny SNMP

class CLASS_MAP_COPP_SNMP
 police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop
 exit
exit

!

! Deny BGP
 class CLASS_MAP_COPP_BGP
  police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop
  exit
 exit
!
! Deny RADIUS
 class CLASS_MAP_COPP_RADIUS
  police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop
  exit
 exit
!
! Permit other (include LACP)
 class class-default
  police cir 32000 bc 1500 be 1500 conform-action transmit exceed-action transmit violate-action transmit
  exit
 exit
exit
control-plane
 no service-policy input POLICY_MAP_COPP_INPUT_POLICY
 service-policy input POLICY_MAP_COPP_INPUT_POLICY
exit