Control Plane Policing

 

Control Plane Policing (CoPP) is one of the mechanisms used for Control Plane defence against the Network Attacks that is done to the Control Plane. 

• Control Plane Policing (CoPP): allows you to use MQC (Modular Quality of Service) framework to permit/deny or rate-limit traffic that goes to the route processor.
• MQC: class maps, policy  maps services policies

1) Class maps - Define the match criterion by using the class-map global configuration command.
2) Policy maps - Associate actions to the class map match criteria by using the policy-map global configuration command.
3) Service policies - Enable the policy by attaching it to an interface, or globally to all interfaces using the service-policy interface configuration command.

Benefits of Control plane 

•Protection against DoS attacks at infrastructure routers and switches

•QoS control for packets that are destined to the control plane of Cisco routers or switches

•Ease of configuration for control plane policies

•Better platform reliability and availability

Lab of COPP

1.-We will set a very basic lab , with a layer 3 switch ESW1

2.- Setting values inPC1 and ESW1

3.-Configurations in ESW1

4.-more configurations in ESW1

 

5.-More configuration  on ESW1 (its droping packets  from VPCS)

We could see it s dropping packets from vpcs.. ..That means the Copp is working..and the policying is applied.!

This lab is done..so , if the information was useful please click like..Thanks in advance!