Онлайн-демонстрация
Связаться с нами
11.12. FLEX COPP Commands
11.12.1. control-plane access-list-template
Command Purpose
Use this command to create ACL template for mac, ip and mpls acl. and then enter control-plane ACL template configuration mode. Use no control-plane access-list template command to delete the ACL template.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
Not supported |
||
AQ-N5000 |
Not supported |
||
AQ-N6000 |
7.0 |
Base |
Command Syntax
control-plane access-list-template TEMPALTE_NAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
TEMPALTE_NAME |
The name of the control-planeACCESS-LIST-TEMPLATE |
A string with up to 40 characters |
Command Mode
Global Config
Default
None
Usage
If the system already has a control-plane access-list-template with the same name, this command will enter the control-plane access-list-template configuration mode. However, if the ACL template name is used by other type of ACL template, a prompt message will be shown.
When the name is not used by any ACL template, this command is to create the control-plane access-list-template firstly and then enter the control-plane access-list-template configuration mode.
Examples
This example shows how to create a control-plane access-list-template named copp_tempalte_1 and then enter the copp_tempalte configuration mode:
Switch# configure terminal
Switch(config)# control-plane access-list-template copp_tempalte_1
Switch(config-acl-cp-template)#
11.12.2. mac-field
Command Purpose
Use this command to create mac field for control-plane access-list-template
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
mac-field { vlan | cos | untag | slow-protocol-sub-type }
no mac-field { vlan | cos | untag | slow-protocol-sub-type | }
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
vlan |
VLAN-ID |
- |
cos |
CoS Value |
- |
untag |
Without vlan tag |
- |
- s low-protocol-sub-type |
Slow protocol sub type |
- |
Command Mode
COPP ACL TEMPLATE Configuration
Default
None
Usage
configure of mac fields of control-plane ACL template, one or more can be selected at a time;Use the ‘no mac-field’ command to delete the corresponding mac field, if no mac field is added ,it means that all mac fields are deleted.
Examples
This example shows how to add vlan field to the control-plane ACL template:
Switch# configure terminal
Switch(config-acl-cp-template)# mac-field vlan
Related Commands
None
11.12.3. ip-field
Command Purpose
Use this command to create ip field for control-plane access-list-template
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
ip-field { src-ip | dest-ip | ip-frag | dscp | l4-protocol | ip-option | tcp-flag | l4-src-port | l4-src-port-range | l4-dest-port | l4-dest-port-range | icmp-type | icmp-code | igmp-type | vni | gre-key | packet-length }
no ip-field { src-ip | dest-ip | ip-frag | dscp | l4-protocol | ip-option | tcp-flag | l4-src-port | l4-src-port-range | l4-dest-port | l4-dest-port-range | icmp-type | icmp-code | igmp-type | vni | gre-key | packet-length | }
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
src-ip |
Source IP address |
- |
dest-ip |
Destination IP address |
- |
dscp |
DSCP ID |
- |
ip-option |
IP options |
- |
tcp-flag |
TCP Flag |
- |
l4-src-port |
L4 source port |
- |
l4-src-port-range |
range of L4 source port |
- |
l4-dest-port |
L4 destination port |
- |
l4-dest-port-range |
range of L4 destination port |
- |
icmp-type |
ICMP message type |
- |
icmp-code |
ICMP message code |
- |
igmp-type |
IGMP message type |
- |
vni |
Virtual Network Identifier |
- |
gre-key |
GRE KEY |
- |
packet-length |
packet length |
- |
Command Mode
COPP ACL TEMPLATE Configuration
Default
None
Usage
configure of ip fields of control-plane ACL template, one or more can be selected at a time;Use the ‘no ip-field’ command to delete the corresponding ip field, if no mac field is added ,it means that all ip fields are deleted.
Examples
This example shows how to add src-ip and dest-ip field to the control-plane ACL template:
Switch# configure terminal
Switch(config-acl-cp-template)# ip-field src-ip dest-ip
Related Commands
None
11.12.4. arp-field
Command Purpose
Use this command to create arp field for control-plane access-list-template
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
arp-field { sender-ip | target-ip | arp-op-code | garp }
no arp-field { sender-ip | target-ip | arp-op-code | garp | }
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
sender-ip |
sender ip |
- |
target-ip |
target ip |
- |
arp-op-code |
arp op code |
- |
garp |
Gratuitous ARP |
- |
Command Mode
COPP ACL TEMPLATE Configuration
Default
None
Usage
configure of arp fields of control-plane ACL template, one or more can be selected at a time;Use the ‘no arp-field’ command to delete the corresponding arp field, if no arp field is added ,it means that all arp fields are deleted.
Examples
This example shows how to add sender-ip and target-ip field to the control-plane ACL template:
Switch# configure terminal
Switch(config-acl-control-plane-template)# arp-field sender-ip target-ip
Related Commands
None
11.12.5. control-plane access-list template
Command Purpose
Use this command to create FLEX COPP ACL and then enter FLEX COPP ACL in Global Config mode. Use no control-plane access-list template command to delete the FLEX COPP ACL.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
control-plane access-list ACL_NAME template TEMPLATE_NAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
ACL_NAME |
The name of the FLEX COPP ACL |
A string with up to 40 characters |
TEMPLATE_NAME |
The name of the control-planeACCESS-LIST-TEMPLATE |
A string with up to 40 characters |
Command Mode
Global Config
Default
None
Usage
If the system already has a FLEX COPP ACL with the same name, this command will enter the FLEX COPP ACL configuration mode. However, if the ACL name is used by other type of ACL, a prompt message will be shown.
When the name is not used by any ACL, this command is to create the FLEX COPP ACL firstly and then enter the FLEX COPP ACL configuration mode.
Examples
This example shows how to create a FLEX COPP ACL named flex_list_control-plane_1 with template named control-plane_template_1, and then enter the FLEX COPP ACL configuration mode:
Switch# configure terminal
Switch(config)# control-plane access-list flex_list_1 template ccopp_template_1
Switch(config-acl-cp-template)#
Related Commands
match access-group
11.12.6. (deny|permit) exception any
Command Purpose
Use deny command to discard any type of packets to the cpu.
Use permit command to let any type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( time-range ? TIME_RANGE_NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
TIME_RANGE_NAME |
The time-range used by the IP filter |
A string with up to 40 characters |
Command Mode
FLEX FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard any type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.7. (deny|permit) exception any
Command Purpose
Use deny command to discard any type of packets to the cpu.
Use permit command to let any type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( protocol ETH-TYPE mask MASK ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( PROTO_ID | any ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( icmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( igmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( igmp-type IGMP_TYPE ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( igmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( dvmrp | host-query | host-report | mtrace | mtrace-response | pim | trace | v2-leave | v2-report | v3-report | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( udp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( gre ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( <0-255> | any ) ( any ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( icmp ) ( any ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( tcp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) ) ( dst-port ( eq L4_PORT ) ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( udp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp ) ( arp-op-code ARP_OP_CODE | ) ( sender-ip ( IP_ADDR IP_MASK | any | host IP_ADDR ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp ) ( garp ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp ) ( arp-reply | arp-request ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp ) ( rarp-reply | rarp-request ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception any ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( gre ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
VLAN_ID |
The range of vlan id is from 1 to 4094 |
1-4094 |
COS |
The range of cos is from 0 to 7 |
0-7 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any source host |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
eq |
Equal to |
- |
ARP_OP_CODE |
The range of arp-op-code is from 0 to 65535 |
0-65535 |
ICMP_TYPE |
The range of icmp-type is from 0-255 |
0-255 |
ICMP_CODE |
The range of icmp-code is from 0-255 |
0-255 |
dvmrp |
Dvmrp type message |
- |
host-query |
host-query type message |
- |
host-report |
host-report type message |
- |
mtrace |
mtrace type message |
- |
mtrace-response |
mtrace-response type message |
- |
pim |
pim type message |
- |
trace |
trace type message |
- |
v2-leave |
v2-leave type message |
- |
v2-report |
v2-report type message |
- |
v3-report |
v3-report type message |
- |
L4_PORT |
layer 4 port number |
0-65535 |
PROTO_ID |
protocol ID |
1-255 |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard any type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.8. (deny|permit) exception ipda
Command Purpose
Use deny command to discard ipda type of packets to the cpu.
Use permit command to let ipda type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( <0-255> | any ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( icmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( udp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( gre ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( <0-255> | any ) ( any ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( icmp ) ( any ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( udp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) ( deny | permit ) exception ipda ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( gre ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
VLAN_ID |
VLAN ID |
1-4094 |
COS |
The range of cos is from 0 to 7 |
0-7 |
any |
Any source host |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
eq |
Equal to |
- |
ICMP_TYPE |
Icmp type |
0-255 |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard ipda type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception ipda
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.9. (deny|permit) exception fwd-to-cpu
Command Purpose
Use deny command to discard fwd-to-cpu type of packets to the cpu.
Use permit command to let fwd-to-cpu type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( <0-255> | any ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( icmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( udp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( gre ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( <0-255> | any ) ( any ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( icmp ) ( any ) ( any ) ( icmp-type IGMP_TYPE ( icmp-code ICMP_CODE | ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( tcp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( udp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception fwd-to-cpu ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( gre ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
VLAN_ID |
The range of vlan id is from 1 to 4094 |
1-4094 |
COS |
The range of cos is from 0 to 7 |
0-7 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any source host |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
eq |
Equal to |
- |
ICMP_TYPE |
ICMP type |
0-255 |
ICMP_CODE |
The range of icmp-code is from 0-255 |
0-255 |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard fwd-to-cpu type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception fwd-to-cpu
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.10. (deny|permit) exception slow-protocol
Command Purpose
Use deny command to discard slow-protocol type of packets to the cpu.
Use permit command to let slow-protocol type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception slow-protocol ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception slow-protocol ( sub-type TYPE ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception slow-protocol ( efm | lacp | synce ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
TYPE |
The range of sub-type is from 0 to 255 |
0-255 |
efm |
efm type message |
- |
lacp |
lacp type message |
- |
synce |
synce type message |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard slow-protocol type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception slow-protocol
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.11. (deny|permit) exception dhcp
Command Purpose
Use deny command to discard dhcp type of packets to the cpu.
Use permit command to let dhcp type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception dhcp ( time-range NAME | ) ( SEQUENCE_NUM | ) deny | permit exception dhcp ( dhcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( client | server | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception dhcp ( dhcpv6 ) ( any ) ( any ) ( reply | request | ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
client |
dhcp request type message |
- |
server |
dhcp reply type message |
- |
request |
dhcp client type message |
- |
reply |
dhcp server type message |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard dhcp type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception dhcp dhcp any any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.12. (deny|permit) exception rip
Command Purpose
Use deny command to discard rip type of packets to the cpu.
Use permit command to let rip type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception rip ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception rip ( rip ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception rip ( ripng ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP[ address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard rip type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception rip rip any any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.13. (deny|permit) exception ospf
Command Purpose
Use deny command to discard ospf type of packets to the cpu.
Use permit command to let ospf type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception ospf ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ospf ( ospfv2 ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ospf ( ospfv3 ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
ospfv2 |
ospfv2 type message |
- |
ospfv3 |
ospfv3 type message |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard ospf type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception ospf ospfv2 any any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.14. (deny|permit) exception pim
Command Purpose
Use deny command to discard pim type of packets to the cpu.
Use permit command to let pim type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception pim ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception pim ( pim ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception pim ( pimv6 ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
pimv6 |
pimv6 type message |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard pim type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception pim pim any any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.15. (deny|permit) exception bgp
Command Purpose
Use deny command to discard bgp type of packets to the cpu.
Use permit command to let bgp type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception bgp ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception bgp ( bgp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception bgp ( bgp4plus ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
bgp4plus |
bgp4plus type message |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard bgp type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception bgp bgp any any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.16. (deny|permit) exception vrrp
Command Purpose
Use deny command to discard vrrp type of packets to the cpu.
Use permit command to let vrrp type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception vrrp ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception vrrp ( vrrp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception vrrp ( vrrpv6 ) ( any ) ( any ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
vrrpv6 |
vrrpv6 type message |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard vrrp type of packets to the cpu:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception vrrp vrrp any any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.17. (deny|permit) exception ssh
Command Purpose
Use deny command to discard ssh type of packets to the cpu.
Use permit command to let ssh type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception ssh ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception ssh ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard ssh type of packets to the cpu:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception ssh
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.18. (deny|permit) exception telnet
Command Purpose
Use deny command to discard telnet type of packets to the cpu.
Use permit command to let telnet type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception telnet ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception telnet ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard telnet type of packets to the cpu:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception telnet
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.19. (deny|permit) exception tcp
Command Purpose
Use deny command to discard tcp type of packets to the cpu.
Use permit command to let tcp type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception tcp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception tcp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception tcp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv6 ) ( tcp ) ( any ) ( any ) ( src-port ( eq L4_PORT ) | ) ( dst-port ( eq L4_PORT ) | ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard tcp type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception tcp
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.20. (deny|permit) exception mlag
Command Purpose
Use deny command to discard mlag type of packets to the cpu.
Use permit command to let mlag type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception mlag ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception mlag ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( ipv4 ) ( tcp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( src-port ( eq L4_PORT ) | ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SEQUENCE_NUM |
The sequence number of the filter in CoPP ACL. An auto-generated sequence number will be assigned to the filter if this field is not presented. |
1-131071 |
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
Command Mode
Control plane Configuration
Default
None
Usage
None
Examples
The following example shows how to discard mlag type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception mlag
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.21. (deny|permit) exception arp
Command Purpose
Use deny command to discard arp type of packets to the cpu.
Use permit command to let arp type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp-op-code ARP_OP_CODE | ) ( sender-ip ( IP_ADDR IP_MASK | any | host IP_ADDR ) | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( garp ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( arp-reply | arp-request ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception arp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( rarp-reply | rarp-request ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
VLAN_ID |
The range of vlan id is from 1 to 4094 |
1-4094 |
COS |
The range of cos is from 0 to 7 |
0-7 |
ARP_OP_CODE |
The range of arp-op-code is from 0 to 65535 |
0-65535 |
arp-request |
Arp request type message |
- |
arp-reply |
Arp reply type message |
- |
rarp-request |
Rarp request type message |
- |
rarp-reply |
Rarp reply type message |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard arp type of packets to the cpu:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception arp arp-op-code 1 any
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.22. (deny|permit) exception igmp
Command Purpose
Use deny command to discard igmp type of packets to the cpu.
Use permit command to let igmp type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) ( deny | permit ) exception igmp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( igmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( dvmrp | host-query | host-report | mtrace | mtrace-response | pim | precedence | trace | v2-leave | v2-report | v3-report | ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception igmp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( igmp ) ( IP_ADDR IP_MASK | any | host IP_ADDR ) ( any ) ( igmp-type IGMP_TYPE ) ( time-range NAME | )
( SEQUENCE_NUM | ) deny | permit exception igmp ( untag-vlan | { vlan VLAN_ID | cos COS } | ) ( mld ) ( any ) ( any ) ( mld-query | mld-report | mld-done | mldv2-report | ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
any |
Any IP address |
- |
host IP_ADDR |
The source IP address of a host |
IPv4 Address |
VLAN_ID |
The range of vlan id is from 1 to 4094 |
1-4094 |
COS |
The range of cos is from 0 to 7 |
0-7 |
IGMP_TYPE |
The range of icmp-type is from 0 to 255 |
0-255 |
dvmrp |
Dvmrp type message |
- |
host-query |
host-query type message |
- |
host-report |
host-report type message |
- |
mtrace |
mtrace type message |
- |
mtrace-response |
mtrace-response type message |
- |
pim |
pim type message |
- |
trace |
trace type message |
- |
v2-leave |
v2-leave type message |
- |
v2-report |
v2-report type message |
- |
v3-report |
v3-report type message |
- |
mld-query |
Multicast Listener Query(130) |
- |
mld-report |
Multicast Listener Report(131) |
- |
mld-done |
Multicast Listener Done(132) |
- |
mldv2-report |
MLDv2 Multicast Listener Report(143) |
- |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard igmp type of packets to the cpu:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception igmp igmp any any
Switch (config-cp-acl)#
Related Commands
Control-plane access-list
11.12.23. (deny|permit) exception
Command Purpose
Use deny command to discard specified type of packets to the cpu.
Use permit command to let specified type of packets to the cpu pass
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
( SEQUENCE_NUM | ) deny | permit exception ( bpdu | erps | eapol | smart-link | ldp | ptp | rsvp | icmp-redirect | mcast-rpf-fail | macsa-mismatch | vlan-security-discard | port-security-discard | ip-option | udld | dot1x-mac-bypass | l2protocol-tunnel ) ( time-range NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
IP_ADDR IP_MASK |
The source IP address and its wildcard bits |
IPv4 Address and Mask |
Command Mode
FLEX Config-cp-acl
Default
None
Usage
None
Examples
The following example shows how to discard pbdu type of packets to the cpu.:
Switch# configure terminal
Switch(config)# control-plane access-list test
Switch(config-cp-acl)# deny exception bpdu
Switch(config-cp-acl)#
Related Commands
Control-plane access-list
11.12.24. class-map type (control-plane)
Command Purpose
Use this command to create a control-plane class map.
Use the no form to delete the class map.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
class-map type ( control-plane ) NAME
no class-map NAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
NAME |
Specify class map name |
A string with up to 40 characters |
Command Mode
Global Config
Default
None
Usage
None
Examples
The following example shows how to create a control-plane class map.:
Switch# configure terminal
Switch(config)# class-map type control-plane test
Switch(config-cmap-cp)#
Related Commands
class type control-plane
11.12.25. match access-group
Command Purpose
Use this command to add access group to the class map.
Use the no form of this command to unbind it.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
match access-group NAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
NAME |
Specify access list name |
A string with up to 40 characters |
Command Mode
Class-map Configuration
Default
None
Usage
None
Examples
The following example shows how to add access group to the class map:
Switch# configure terminal
Switch(config)# class-map type control-plane test
Switch(config-cmap-cp)# match access-group test
Related Commands
Class-map type control-plane
11.12.26. policy-map type (control-plane)
Command Purpose
Use this command to create a control-plane policy map.
Use the no form to delete the policy map.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
policy-map type ( control-plane ) NAME
no policy-map NAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
NAME |
Specify policy map name |
A string with up to 40 characters |
Command Mode
Global Config
Default
None
Usage
None
Examples
The following example shows how to create a control-plane policy map.:
Switch# configure terminal
Switch(config)# policy-map type control-plane test
Switch(config-pmap-cp)#
Related Commands
service-policy type control-plane input
11.12.27. class type control-plane
Command Purpose
Use this command to add the class map to the policy map
Use the no form of this command to unbind it.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
class type control-plane ( NAME | class-default )
no class type control-plane ( NAME | class-default )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
NAME |
Specify class map name |
A string with up to 40 characters |
Command Mode
Config-pmap-c Configuration
Default
None
Usage
None
Examples
The following example shows how to add the class map to the policy map:
Switch# configure terminal
Switch(config)# policy-map type control-plane test
Switch(config-pmap-cp)# class type control-plane test
Switch(config-pmap-cp-c)#
Related Commands
class-map type (control-plane)
11.12.28. statistics enable
Command Purpose
Use this command to enable statistics.
Use the no form to disable it.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
statistics enable
no statistics enable
Command Mode
Global Config
Default
None
Usage
None
Examples
The following example shows how to enable statistics.:
Switch# configure terminal
Switch(config)# policy-map type control-plane test
Switch(config-pmap-cp)# class type control-plane test
Switch(config-pmap-cp-c)# statistics enable
Related Commands
class-map type (control-plane)
11.12.29. control-plane
Command Purpose
Use this command to enter global control plane mode.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
control-plane
Command Mode
Global Config
Default
None
Usage
None
Examples
The following example shows how to enter global control plane mode:
Switch# configure terminal
Switch(config)# control-plane
Switch(Config-control-plain)#
Related Commands
service-policy type control-plane input
11.12.30. service-policy type control-plane input
Command Purpose
Use this command to apply the control plane policy.
Use the no form of this command to remove it.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
service-policy type control-plane input NAME
no service-policy type control-plane input
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
NAME |
Specify policy input name |
A string with up to 40 characters |
Command Mode
Control plane Configuration
Default
None
Usage
None
Examples
The following example shows how to apply the control plane policy:
Switch# configure terminal
Switch(Config-control-plain)# service-policy type control-plane input test
Switch(Config-control-plain)#
Related Commands
policy-map type control-plane
11.12.31. show policy-map type control-plane statistics input ace
Command Purpose
Use this command to show stats of copp policer
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
show policy-map type control-plane statistics input ace ( class-based | ace-based ) ( class NAME | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
NAME |
Specify class map name |
A string with up to 40 characters |
Command Mode
Privileged EXEC
Default
None
Usage
None
Examples
The following example shows how to show stats of copp policer:
Switch# show policy-map type control-plane statistics input policer
Related Commands
clear policy-map type control-plane statistics input
11.12.32. policer cir
Command Purpose
To Specify a policer for the classified traffic, config CIR CBS and enable policer statistics
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
policer cir CIR ( cbs CBS | ) ( statistics | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
CIR |
CIR Commit Information Rate (pps) |
0-148809523 |
CBS |
CBS - Commit Burst Size (packets) (default value is 4400)”, |
0-7600 |
statistics |
enable policer stat |
- |
Command Mode
Config-pmap-c Configuration
Default
4400
Usage
limit the rate of some exception traffic to cpu
Examples
config the traffic rate of ARP exception and enable policer stat:
Switch# configure terminal
Switch(config)# control-plane access-list testacl
Switch(config-cp-acl)# 10 permit exception arp
Switch(config-cp-acl)# class-map type control-plane testclass
Switch(config-cmap-cp)# match access-group testacl
Switch(config-cmap-cp)# policy-map type control-plane testpolicy
Switch(config-pmap-cp)# class type control-plane testclass
Switch(config-pmap-cp-c)# policer cir 100 statistics
Switch(config-pmap-cp-c)# control-plane
Switch(Config-control-plain)# service-policy type control-plane input testpolicy
Related Commands
show policy-map type control-plane statistics input
11.12.33. show policy-map type control-plane statistics input policer
Command Purpose
To show statistics of any policy, class name can be specified
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
show policy-map type control-plane statistics input policer ( class NAME | )
clear policy-map type control-plane statistics input policer
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
NAME |
Specify class map name |
A string with up to 40 characters |
Command Mode
Global Config
Default
None
Usage
To show statistics of any policy, class name can be specified
Examples
To show statistics of any policy, class name can be specified:
Switch# show policy-map type control-plane statistics input policer
Related Commands
policer cir