White Papers

Table Of Contents
1. Create a Layer 2 extended ACL for control-plane traffic policing for a particular protocol.
CONFIGURATION mode
mac access-list extended name cpu-qos
permit {arp | frrp | gvrp | isis | lacp | lldp | stp}
2. Create a Layer 3 extended ACL for control-plane traffic policing for a particular protocol.
CONFIGURATION mode
ip access-list extended name cpu-qos
permit {bgp | dhcp | dhcp-relay | ftp | icmp | igmp | msdp | ntp | ospf | pim | ip | ssh
| telnet | vrrp}
3. Create an IPv6 ACL for control-plane traffic policing for a particular protocol.
CONFIGURATION mode
ipv6 access-list name cpu-qos {bgp | icmp | icmp-nd-na | icmp-nd-ns | icmp-rd-ra | icmp-
rd-rs | ospf | vrrp}
permit {bgp | icmp | vrrp}
4. Create a QoS input policy for the router and assign the policing.
CONFIGURATION mode
qos-policy-input name cpu-qos rate-police [rate-kbps] [burst-kbytes] peak [rate-kbps]
[burst-kbytes]
cpu-qos rate-police rate-police-value
5. Create a QoS class map to differentiate the control-plane traffic and assign to an ACL.
CONFIGURATION mode
class-map match-any name
cpu-qos match {ip | mac | ipv6} access-group name
6. Create a QoS input policy map to match to the class-map and qos-policy for each desired protocol.
CONFIGURATION mode
policy-map-input name
cpu-qos class-map name qos-policy name
7. Enter Control Plane mode.
CONFIGURATION mode
control-plane-cpuqos
8. Assign the protocol based the service policy on the control plane. Enabling this command on a port-pipe automatically
enables the ACL and QoS rules creates with the cpu-qos keyword.
CONTROL-PLANE mode
service-policy rate-limit-protocols input-policy-map cpu-qos
The following example shows creating the IP/IPv6/MAC extended ACL.
DellEMC(conf)#ip access-list extended ospf cpu-qos
DellEMC(conf-ip-acl-cpuqos)#permit ospf
DellEMC(conf-ip-acl-cpuqos)#exit
DellEMC(conf)#ip access-list extended bgp cpu-qos
DellEMC(conf-ip-acl-cpuqos)#permit bgp
DellEMC(conf-ip-acl-cpuqos)#exit
DellEMC(conf)#mac access-list extended lacp cpu-qos
DellEMC(conf-mac-acl-cpuqos)#permit lacp
DellEMC(conf-mac-acl-cpuqos)#exit
DellEMC(conf)#ipv6 access-list ipv6-icmp cpu-qos
DellEMC(conf-ipv6-acl-cpuqos)#permit icmp
DellEMC(conf-ipv6-acl-cpuqos)#exit
DellEMC(conf)#ipv6 access-list ipv6-vrrp cpu-qos
DellEMC(conf-ipv6-acl-cpuqos)#permit vrrp
DellEMC(conf-ipv6-acl-cpuqos)#exit
Control Plane Policing (CoPP)
213