11.11. COPP Commands

11.11.1. control-plane access-list

Command Purpose

Use this command to create a control-plane access list.

Use the no form to delete the access list.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

control-plane access-list NAME

no control-plane access-list NAME

Parameter	Parameter Description	Parameter Value
NAME	Specify access list name	A string with up to 40 characters

Command Mode

Global Config

Default

None

Usage

None

Examples

The following example shows how to create a control-plane access list.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# quit

11.11.2. (deny|permit) exception any

Command Purpose

Use deny command to discard any type of packets to the cpu.

Use permit command to let any type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) ( deny | permit ) exception any ( time-range ? TIME_RANGE_NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
TIME_RANGE_NAME	The time-range used by the IP filter	A string with up to 40 characters

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard any type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception any
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.3. (deny|permit) exception ipda

Command Purpose

Use deny command to discard ipda type of packets to the cpu.

Use permit command to let ipda type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( <0-255> | any ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( icmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( udp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( gre ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( <0-255> | any ) ( any ) ( any ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( icmp ) ( any ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( udp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) ( deny | permit ) exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( gre ) ( any ) ( any ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
VLAN_ID	VLAN ID	1-4094
COS	The range of cos is from 0 to 7	0-7
any	Any source host	-
host IP_ADDR	The source IP address of a host	IPv4 Address
eq	Equal to	-
ICMP_TYPE	Icmp type	0-255

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard ipda type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception ipda
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.4. (deny|permit) exception fwd-to-cpu

Command Purpose

Use deny command to discard fwd-to-cpu type of packets to the cpu.

Use permit command to let fwd-to-cpu type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( <0-255> | any ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( icmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( udp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( gre ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( <0-255> | any ) ( any ) ( any ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( icmp ) ( any ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( tcp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( udp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( gre ) ( any ) ( any ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
VLAN_ID	The range of vlan id is from 1 to 4094	1-4094
COS	The range of cos is from 0 to 7	0-7
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any source host	-
host IP_ADDR	The source IP address of a host	IPv4 Address
eq	Equal to	-
ICMP_TYPE	ICMP type	0-255
ICMP_CODE	The range of icmp-code is from 0-255	0-255

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard fwd-to-cpu type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception fwd-to-cpu
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.5. (deny|permit) exception slow-protocol

Command Purpose

Use deny command to discard slow-protocol type of packets to the cpu.

Use permit command to let slow-protocol type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception slow-protocol (time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception slow-protocol ( sub-type TYPE ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
TYPE	The range of sub-type is from 0 to 255	0-255
efm	efm type message	-
lacp	lacp type message	-
synce	synce type message	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard slow-protocol type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception slow-protocol
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.6. (deny|permit) exception dhcp

Command Purpose

Use deny command to discard dhcp type of packets to the cpu.

Use permit command to let dhcp type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address
client	dhcp request type message	-
server	dhcp reply type message	-
request	dhcp client type message	-
reply	dhcp server type message	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard dhcp type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception dhcp dhcp any any
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.7. (deny|permit) exception rip

Command Purpose

Use deny command to discard rip type of packets to the cpu.

Use permit command to let rip type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception rip ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception rip ( ripng ) ( any ) ( any ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP[ address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard rip type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception rip rip any any
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.8. (deny|permit) exception ospf

Command Purpose

Use deny command to discard ospf type of packets to the cpu.

Use permit command to let ospf type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception ospf ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ospf ( ospfv3 ) ( any ) ( any ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address
ospfv2	ospfv2 type message	-
ospfv3	ospfv3 type message	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard ospf type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception ospf ospfv2 any any
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.9. (deny|permit) exception pim

Command Purpose

Use deny command to discard pim type of packets to the cpu.

Use permit command to let pim type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception pim ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception pim ( pimv6 ) ( any ) ( any ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address
pimv6	pimv6 type message	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard pim type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception pim pim any any
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.10. (deny|permit) exception bgp

Command Purpose

Use deny command to discard bgp type of packets to the cpu.

Use permit command to let bgp type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception bgp ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception bgp ( bgp4plus ) ( any ) ( any ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address
bgp4plus	bgp4plus type message	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard bgp type of packets to the cpu:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception bgp bgp any any
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.11. (deny|permit) exception vrrp

Command Purpose

Use deny command to discard vrrp type of packets to the cpu.

Use permit command to let vrrp type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception vrrp ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception vrrp ( vrrpv6 ) ( any ) ( any ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address
vrrpv6	vrrpv6 type message	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard vrrp type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception vrrp vrrp any any
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.12. (deny|permit) exception ssh

Command Purpose

Use deny command to discard ssh type of packets to the cpu.

Use permit command to let ssh type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception ssh ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception ssh ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard ssh type of packets to the cpu:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception ssh
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.13. (deny|permit) exception telnet

Command Purpose

Use deny command to discard telnet type of packets to the cpu.

Use permit command to let telnet type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception telnet ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception telnet ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard telnet type of packets to the cpu:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception telnet
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.14. (deny|permit) exception tcp

Command Purpose

Use deny command to discard tcp type of packets to the cpu.

Use permit command to let tcp type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception tcp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception tcp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception tcp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( tcp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard tcp type of packets to the cpu:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception tcp
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.15. (deny|permit) exception mlag

Command Purpose

Use deny command to discard mlag type of packets to the cpu.

Use permit command to let mlag type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception mlag ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception mlag ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
SEQUENCE_NUM	The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented.	1-131071
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address

Command Mode

Control plane Configuration

Default

None

Usage

None

Examples

The following example shows how to discard mlag type of packets to the cpu:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception mlag
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.16. (deny|permit) exception arp

Command Purpose

Use deny command to discard arp type of packets to the cpu.

Use permit command to let arp type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp-op-code ARP_OP_CODE | ) ( sender-ip ( IP_ADDR IP_MASK | any | host IP_ADDR ) | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( garp ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp-reply | arp-request ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( rarp-reply | rarp-request ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address
VLAN_ID	The range of vlan id is from 1 to 4094	1-4094
COS	The range of cos is from 0 to 7	0-7
ARP_OP_CODE	The range of arp-op-code is from 0 to 65535	0-65535
arp-request	Arp request type message	-
arp-reply	Arp reply type message	-
rarp-request	Rarp request type message	-
rarp-reply	Rarp reply type message	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard arp type of packets to the cpu:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception arp arp-op-code 1 any
Switch(config-cp-acl)#

Related Commands

Control-plane access-list

11.11.17. (deny|permit) exception igmp

Command Purpose

Use deny command to discard igmp type of packets to the cpu.

Use permit command to let igmp type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

( SEQUENCE_NUM | ) ( deny | permit ) exception igmp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( igmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( dvmrp | host-query | host-report | mtrace | mtrace-response | pim | precedence | trace | v2-leave | v2-report | v3-report | ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception igmp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( igmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( igmp-type IGMP_TYPE ) ( time-range NAME | )

( SEQUENCE_NUM | ) deny | permit exception igmp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( mld ) ( any ) ( any ) ( mld-query | mld-report | mld-done | mldv2-report | ) ( time-range NAME | )

Parameter	Parameter Description	Parameter Value
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask
any	Any IP address	-
host IP_ADDR	The source IP address of a host	IPv4 Address
VLAN_ID	The range of vlan id is from 1 to 4094	1-4094
COS	The range of cos is from 0 to 7	0-7
IGMP_TYPE	The range of icmp-type is from 0 to 255	0-255
dvmrp	Dvmrp type message	-
host-query	host-query type message	-
host-report	host-report type message	-
mtrace	mtrace type message	-
mtrace-response	mtrace-response type message	-
pim	pim type message	-
trace	trace type message	-
v2-leave	v2-leave type message	-
v2-report	v2-report type message	-
v3-report	v3-report type message	-
mld-query	Multicast Listener Query(130)	-
mld-report	Multicast Listener Report(131)	-
mld-done	Multicast Listener Done(132)	-
mldv2-report	MLDv2 Multicast Listener Report(143)	-

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard igmp type of packets to the cpu:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception igmp igmp any any
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.18. (deny|permit) exception

Command Purpose

Use deny command to discard specified type of packets to the cpu.

Use permit command to let specified type of packets to the cpu pass

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

Parameter	Parameter Description	Parameter Value
IP_ADDR IP_MASK	The source IP address and its wildcard bits	IPv4 Address and Mask

Command Mode

Config-cp-acl

Default

None

Usage

None

Examples

The following example shows how to discard pbdu type of packets to the cpu.:

Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception bpdu
Switch(config-cp-acl)# 

Related Commands

Control-plane access-list

11.11.19. class-map type (control-plane)

Command Purpose

Use this command to create a control-plane class map.

Use the no form to delete the class map.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

class-map type ( control-plane ) NAME

no class-map NAME

Parameter	Parameter Description	Parameter Value
NAME	Specify class map name	A string with up to 40 characters

Command Mode

Global Config

Default

None

Usage

None

Examples

The following example shows how to create a control-plane class map.:

Switch# configure terminal
Switch(config)# class-map type control-plane test
Switch(config-cmap-cp)# 

Related Commands

class type control-plane

11.11.20. policy-map type (control-plane)

Command Purpose

Use this command to create a control-plane policy map.

Use the no form to delete the policy map.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

policy-map type ( control-plane ) NAME

no policy-map NAME

Parameter	Parameter Description	Parameter Value
NAME	Specify policy map name	A string with up to 40 characters

Command Mode

Global Config

Default

None

Usage

None

Examples

The following example shows how to create a control-plane policy map.:

Switch# configure terminal
Switch(config)# policy-map type control-plane test
Switch(config-pmap-cp)# 

Related Commands

service-policy type control-plane input

11.11.21. class type control-plane

Command Purpose

Use this command to add the class map to the policy map

Use the no form of this command to unbind it.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

class type control-plane ( NAME | class-default )

no class type control-plane ( NAME | class-default )

Parameter	Parameter Description	Parameter Value
NAME	Specify class map name	A string with up to 40 characters

Command Mode

Config-pmap-c Configuration

Default

None

Usage

None

Examples

The following example shows how to add the class map to the policy map:

Switch# configure terminal
Switch(config)# policy-map type control-plane test
Switch(config-pmap-cp)# class type control-plane test
Switch(config-pmap-cp-c)# 

Related Commands

class-map type (control-plane)

11.11.22. statistics enable

Command Purpose

Use this command to enable statistics.

Use the no form to disable it.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

statistics enable

no statistics enable

Command Mode

Global Config

Default

None

Usage

None

Examples

The following example shows how to enable statistics.:

Switch# configure terminal
Switch(config)# policy-map type control-plane test
Switch(config-pmap-cp)# class type control-plane test
Switch(config-pmap-cp-c)# statistics enable

Related Commands

class-map type (control-plane)

11.11.23. control-plane

Command Purpose

Use this command to enter global control plane mode.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

control-plane

Command Mode

Global Config

Default

None

Usage

None

Examples

The following example shows how to enter global control plane mode:

Switch# configure terminal
Switch(config)# control-plane
Switch(Config-control-plain)# 

Related Commands

service-policy type control-plane input

11.11.24. service-policy type control-plane input

Command Purpose

Use this command to apply the control plane policy.

Use the no form of this command to remove it.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

service-policy type control-plane input NAME

no service-policy type control-plane input

Parameter	Parameter Description	Parameter Value
NAME	Specify policy input name	A string with up to 40 characters

Command Mode

Control plane Configuration

Interface Configuration

Default

None

Usage

None

Examples

The following example shows how to apply the control plane policy:

Switch# configure terminal
Switch(Config-control-plain)# service-policy type control-plane input test
Switch(Config-control-plain)#

Switch# configure terminal
Switch(config)# interface eth-0-2
Switch(config-if)# service-policy type control-plane input p1

Related Commands

policy-map type control-plane

11.11.25. show policy-map type control-plane statistics input ace

Command Purpose

Use this command to show stats of copp policer.

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

show policy-map type control-plane statistics input ace ( class-based | ace-based ) ( class NAME | )

Parameter	Parameter Description	Parameter Value
NAME	Specify class map name	A string with up to 40 characters

Command Mode

Privileged EXEC

Default

None

Usage

None

Examples

The following example shows how to show stats of copp policer:

Switch# show policy-map type control-plane statistics input policer

Related Commands

clear policy-map type control-plane statistics input

11.11.26. policer cir

Command Purpose

To Specify a policer for the classified traffic, config CIR CBS and enable policer statistics

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

policer cir CIR ( cbs CBS | ) ( statistics | )

Parameter	Parameter Description	Parameter Value
CIR	CIR Commit Information Rate (pps)	0-148809523
CBS	CBS - Commit Burst Size (packets) (default value is 4400)”,	0-7600
statistics	enable policer stat	-

Command Mode

Config-pmap-c Configuration

Default

4400

Usage

limit the rate of some exception traffic to cpu

Examples

config the traffic rate of ARP exception and enable policer stat:

Switch# configure terminal
Switch(config)# control-plane access-list testacl
Switch(config-cp-acl)# 10 permit exception arp
Switch(config-cp-acl)# class-map type control-plane testclass
Switch(config-cmap-cp)# match access-group testacl
Switch(config-cmap-cp)# policy-map type control-plane testpolicy
Switch(config-pmap-cp)# class type control-plane testclass
Switch(config-pmap-cp-c)# policer cir 100 statistics
Switch(config-pmap-cp-c)# control-plane
Switch(Config-control-plain)# service-policy type control-plane input testpolicy 

Related Commands

show policy-map type control-plane statistics input

11.11.27. show policy-map type control-plane statistics input policer

Command Purpose

To show statistics of any policy, class name can be specified

Prerequisites

Platform	Software	License
AQ-N3000	7.0	Base
AQ-N5000	7.0	Base
AQ-N6000	7.0	Base

Command Syntax

show policy-map type control-plane statistics input policer ( class NAME | )

clear policy-map type control-plane statistics input policer

Parameter	Parameter Description	Parameter Value
NAME	Specify class map name	A string with up to 40 characters

Command Mode

Global Config

Default

None

Usage

To show statistics of any policy, class name can be specified

Examples

To show statistics of any policy, class name can be specified:

Switch# show policy-map type control-plane statistics input policer

Related Commands

policer cir

latest.20241120