• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 561
  • Last Modified:

Control Plane Policing not working on 1841 Router

Hi, I am following the following article for control plane policing but am finding it is not actually working:
https://www.micronicstraining.com/a-real-world-scenario-for-copp/

Specifically i am trying to block fragments from coming to control plane. I have simplified this a bit but find it is not working:

IP access-list extended BANFRAG
    10 permit icmp any any fragments
Class Map match-all CM_BANFRAG
   Match access-group name BANFRAG
Policy Map newCoPP
    Class CM_BANFRAG
      drop
control-plane
 service-policy input newCoPP

If i send an ICMP packet that is oversize it will break it up and still go through and sh policy-map control-plane shows no hits. If i take that same ACL and apply as access group on the interface of router it will block the oversized icmp packet (as desired) and see acl increment by one. But when applied like above to control plane it is NOT blocking it?
0
Psy4HA
Asked:
Psy4HA
  • 2
1 Solution
 
Psy4HAAuthor Commented:
This looks to be a bug i have iOS 12.4(25) doesn't happen in 12.4(5a) apparently. Odd.
0
 
Psy4HAAuthor Commented:
This looks to be a bug i have iOS 12.4(25) doesn't happen in 12.4(5a)
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now