Psy4HA
asked on
Control Plane Policing not working on 1841 Router
Hi, I am following the following article for control plane policing but am finding it is not actually working:
https://www.micronicstraining.com/a-real-world-scenario-for-copp/
Specifically i am trying to block fragments from coming to control plane. I have simplified this a bit but find it is not working:
IP access-list extended BANFRAG
10 permit icmp any any fragments
Class Map match-all CM_BANFRAG
Match access-group name BANFRAG
Policy Map newCoPP
Class CM_BANFRAG
drop
control-plane
service-policy input newCoPP
If i send an ICMP packet that is oversize it will break it up and still go through and sh policy-map control-plane shows no hits. If i take that same ACL and apply as access group on the interface of router it will block the oversized icmp packet (as desired) and see acl increment by one. But when applied like above to control plane it is NOT blocking it?
https://www.micronicstraining.com/a-real-world-scenario-for-copp/
Specifically i am trying to block fragments from coming to control plane. I have simplified this a bit but find it is not working:
IP access-list extended BANFRAG
10 permit icmp any any fragments
Class Map match-all CM_BANFRAG
Match access-group name BANFRAG
Policy Map newCoPP
Class CM_BANFRAG
drop
control-plane
service-policy input newCoPP
If i send an ICMP packet that is oversize it will break it up and still go through and sh policy-map control-plane shows no hits. If i take that same ACL and apply as access group on the interface of router it will block the oversized icmp packet (as desired) and see acl increment by one. But when applied like above to control plane it is NOT blocking it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER