Configuring CoPP
Control Plane Policing (CoPP) allows a policy map to be applied to the control plane. The policy map is applied to all traffic entering the switch from a non-management port in order to prevent DoS attacks from impacting performance.
This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure COPP on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands. For more information about ARP, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x.
Creating a Class Map
Creating a Class Map
POST http://<IP_Address>/api/node/mo/sys/copp.json
{
"coppEntity": {
"children": [
{
"coppClass": {
"attributes": {
"cName": "cmap1",
"flag": "no"
}}},{
"coppClass": {
"attributes": {
"cName": "match-any",
"matchOption": "MatchAny"
}}}]}}
This example creates a class-map and a 'match-any' class.
Configuring a Class Map
Configuring a Class Map
POST http://<IP_Address>/api/node/mo/sys/copp.json
{
"coppClass": {
"attributes": {
"cName": "cmap1",
"flag": "no"
},
"children": [
{
"coppMulticast": {
"attributes": {
"flag": "no",
"mcastOption": "rpf-failure"
}}},{
"coppExeOptions": {
"attributes": {
"flag": "no",
"option": "mtu-failure"
}}},{
"coppIp": {
"attributes": {
"flag": "no",
"options": "yes"
}}},{
"coppIpv6Icmp": {
"attributes": {
"flag": "no",
"option": "unreachable"
}}},{
"coppProtocol": {
"attributes": {
"flag": "no",
"type": "arp"
}}}]}}
This example configures the class map.
CLI Commands
The CLI commands and options listed below are the equivalent to the payload example displayed in the pane on the right.
match protocol arpmatch exception mtu-failurematch exception ip optionmatch exception ipv6 icmp unreachablematch exception multicast rpf-failure
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
Creating a Policy Map
Creating a Policy Map
POST http://<IP_Address>/api/node/mo/sys/copp/policy-[pmap1].json
{
"coppPolicy": {
"attributes": {
"flag": "no",
"name": "pmap1"
},
"children": [
{
"coppClassp": {
"attributes": {
"flag": "no",
"name": "cmap1"
},
"children": [
{
"coppLogging": {
"attributes": {
"levelRange": "2",
"threshold": "1345"
}}},{
"coppSetCos": {
"attributes": {
"cosVal": "3",
"flag": "no"
}}},{
"coppPolicerAction": {
"attributes": {
"burstC": "500",
"burstUnit": "packets",
"cirUnit": "pps",
"cirVal": "1345",
"conformAction": "transmit",
"flag": "no",
"violateAction": "drop"
}}}]}}]}}
This example creates a policy-map with class-map that sets the COS, has a logging action, and has a policing action.
CLI Commands
The CLI commands and options listed below are the equivalent to the payload example displayed in the pane on the right.
policy-map type control-plane pmap1class cmap1set cos 3logging drop threshold 1345 level 2police cir 1345 pps bc 500 packets conform transmit violate drop
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
Deleting a Policy Map
Deleting a Policy Map
HTTP DELETE
http://<IP_Address>/api/node/mo/sys/copp/policy-[pmap1].json
This example deletes a policy map.
Creating a Service Policy
Creating a Service Policy
POST http://<IP_Address>/api/node/mo/sys/copp/service-[pmap1].json
{
"coppService": {
"attributes": {
"name": "pmap1"
}
}
}
POST http://<IP_Address>/api/node/mo/sys/copp/service-[{service_policy_name}].json
This example creates a service policy.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
Deleting a Service Policy
Deleting a Service Policy
HTTP DELETE
http://<IP_Address>/api/node/mo/sys/copp/service-[pmap1].json
This example deletes a service policy.
Changing the Default CoPP Policy
Changing the Default CoPP Policy
POST http://<IP_Address>/api/node/mo/sys/copp/profile.json
{
"coppProfile": {
"attributes": {
"prof": "moderate"
}
}
}
This example applies a moderate default CoPP policy.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
Applying a Scale Factor
Applying a Scale Factor
POST http://<IP_Address>/api/node/mo/sys/copp/scale-[1].json
{
"coppScale": {
"attributes": {
"module": "1",
"scaleVal": "1.3"
}
}
}
This example applies a scale factor.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
Deleting a Scale Factor
Deleting a Scale Factor
HTTP DELETE
http://<IP_Address>/api/node/mo/sys/copp/scale-[1].json
This example deletes a scale factor.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/