You can use FPM but that is limited to CoPP only :-)
With regards Kings On Tue, Nov 16, 2010 at 1:06 PM, Kingsley Charles < [email protected]> wrote: > For control plane you can't use NBAR i.e., using *match protocol* > > Snippet from > http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_policng_external_docbase_0900e4b1805eee4d_4container_external_docbase_0900e4b180dd87e0.html > > Features that require Network-Based Application Recognition (NBAR) > classification may not work well at the control plane level. The following > classification (match) criteria are supported on all platforms: > > •Standard and extended IP access lists (ACLs). > > •In class-map configuration mode: *match ip dscp*, *match ip precedence*, > and *match protocol arp, *and* match protocol pppoe *commands. > > > > With regards > Kings > > > On Tue, Nov 16, 2010 at 11:03 AM, Eugene Pefti <[email protected]>wrote: > >> And it just occurred to me. Let’s say I want to filter all BPDU traffic >> from switches connected to the router. Just theoretically. >> >> “match protocol bpdu” doesn’t exist. Does it mean that I can’t filter BPDU >> with CPPr whatsoever ? >> >> >> >> Eugene >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Monday, November 15, 2010 7:12 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] class maps for arp and cdp packets >> >> >> >> Hi all >> >> I want to drop ARP and CDP packets coming to router using control plane >> cef-exception interface. >> >> As you may be aware that CPPr doesn't support class maps with protocol >> recognization i.e., using "*match protocol*" >> >> I am not able to find options to define an ACL for CDP and ARP. >> >> Any thoughts? >> >> >> >> With regards >> Kings >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
