On (2008-09-19 09:28 -0500), Justin Shore wrote: > My understanding is that you have to use class-default to match IS-IS > and a bunch of other things. The Press book "Router Security > Strategies" has a good amount of info on CoPP, complete with sample > config.
I would recommend against using class-default in pfc3b or pfc3c if you are running L3 MPLS VPN's in same box, as this will increase your internal VLAN usage and decrease pps performance for L3 MPLS VPN's due to disabling VPN-CAM. Just make last rule of your CoPP catch all IP, which is deny,deny,deny policed. Non matching traffic (such as CLNS) will jut flow through. -- ++ytti _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
