Cisco-COPP-ASR1001: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
Строка 17: | Строка 17: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no ip access-list extended ACCESS_LIST_COPP_TELNET |
no ip access-list extended ACCESS_LIST_COPP_TELNET |
||
Строка 25: | Строка 26: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no ip access-list extended ACCESS_LIST_COPP_SSH |
no ip access-list extended ACCESS_LIST_COPP_SSH |
||
Строка 33: | Строка 35: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no ip access-list extended ACCESS_LIST_COPP_SNMP |
no ip access-list extended ACCESS_LIST_COPP_SNMP |
||
Строка 41: | Строка 44: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no ip access-list extended ACCESS_LIST_COPP_BGP |
no ip access-list extended ACCESS_LIST_COPP_BGP |
||
Строка 50: | Строка 54: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no ip access-list extended ACCESS_LIST_COPP_RADIUS |
no ip access-list extended ACCESS_LIST_COPP_RADIUS |
||
Строка 62: | Строка 67: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no class-map CLASS_MAP_COPP_TELNET |
no class-map CLASS_MAP_COPP_TELNET |
||
Строка 69: | Строка 75: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no class-map CLASS_MAP_COPP_SSH |
no class-map CLASS_MAP_COPP_SSH |
||
Строка 76: | Строка 83: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no class-map CLASS_MAP_COPP_SNMP |
no class-map CLASS_MAP_COPP_SNMP |
||
Строка 83: | Строка 91: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no class-map CLASS_MAP_COPP_BGP |
no class-map CLASS_MAP_COPP_BGP |
||
Строка 90: | Строка 99: | ||
</PRE> |
</PRE> |
||
+ | ==<code></code>== |
||
<PRE> |
<PRE> |
||
no class-map CLASS_MAP_COPP_RADIUS |
no class-map CLASS_MAP_COPP_RADIUS |
||
Строка 96: | Строка 106: | ||
exit |
exit |
||
</PRE> |
</PRE> |
||
− | |||
==<code>policy-map POLICY_MAP_COPP_INPUT_POLICY</code>== |
==<code>policy-map POLICY_MAP_COPP_INPUT_POLICY</code>== |
Версия 10:34, 1 июля 2024
Control Plane Policing (CoPP) (на примере ASR1001)
Очистка
Перед настройкой удалить существующие настройки
control-plane no service-policy input POLICY_MAP_COPP_INPUT_POLICY exit no policy-map POLICY_MAP_COPP_INPUT_POLICY
no ip access-list extended ACCESS_LIST_COPP_TELNET ip access-list extended ACCESS_LIST_COPP_TELNET deny tcp any any established permit tcp any any eq telnet exit
no ip access-list extended ACCESS_LIST_COPP_SSH ip access-list extended ACCESS_LIST_COPP_SSH deny tcp any any established permit tcp any any eq 22 exit
no ip access-list extended ACCESS_LIST_COPP_SNMP ip access-list extended ACCESS_LIST_COPP_SNMP deny udp 10.72.0.0 0.0.0.255 any eq 161 permit udp any any eq 161 exit
no ip access-list extended ACCESS_LIST_COPP_BGP ip access-list extended ACCESS_LIST_COPP_BGP deny tcp any any established deny tcp 172.31.0.100 0.0.0.255 any eq 179 permit tcp any any eq 179 exit
no ip access-list extended ACCESS_LIST_COPP_RADIUS ip access-list extended ACCESS_LIST_COPP_RADIUS deny udp 172.31.0.0 0.0.0.255 any eq 1812 deny udp 172.31.0.0 0.0.0.255 any eq 1813 deny udp 100.100.100.0 0.0.0.255 any eq 1812 deny udp 100.100.100.0 0.0.0.255 any eq 1813 permit tcp any any eq 1812 permit tcp any any eq 1813 exit
no class-map CLASS_MAP_COPP_TELNET class-map CLASS_MAP_COPP_TELNET match access-group name ACCESS_LIST_COPP_TELNET exit
no class-map CLASS_MAP_COPP_SSH class-map CLASS_MAP_COPP_SSH match access-group name ACCESS_LIST_COPP_SSH exit
no class-map CLASS_MAP_COPP_SNMP class-map CLASS_MAP_COPP_SNMP match access-group name ACCESS_LIST_COPP_SNMP exit
no class-map CLASS_MAP_COPP_BGP class-map CLASS_MAP_COPP_BGP match access-group name ACCESS_LIST_COPP_BGP exit
no class-map CLASS_MAP_COPP_RADIUS class-map CLASS_MAP_COPP_RADIUS match access-group name ACCESS_LIST_COPP_RADIUS exit
policy-map POLICY_MAP_COPP_INPUT_POLICY
no policy-map POLICY_MAP_COPP_INPUT_POLICY policy-map POLICY_MAP_COPP_INPUT_POLICY ! Deny telnet class CLASS_MAP_COPP_TELNET police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop exit exit
!
! Deny ssh class CLASS_MAP_COPP_SSH police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop exit exit
! Deny SNMP
class CLASS_MAP_COPP_SNMP police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop exit exit
!
! Deny BGP class CLASS_MAP_COPP_BGP police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop exit exit !
! Deny RADIUS class CLASS_MAP_COPP_RADIUS police cir 32000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop exit exit !
! Permit other (include LACP) class class-default police cir 32000 bc 1500 be 1500 conform-action transmit exceed-action transmit violate-action transmit exit exit exit
control-plane no service-policy input POLICY_MAP_COPP_INPUT_POLICY service-policy input POLICY_MAP_COPP_INPUT_POLICY exit