In this CP submode,
the service policies are attached to the control plane.
Hostname(config)# control-plane
Step 4. Apply QoS policy configured to the control plane.
Hostname(config-cp)# service-policy {input | output} {service_policy_name}
Note
The CoPP feature is also available as part of the integrated Network Foundation Protection (NFP) security
features on the Cisco ISR (Integrated Services Router) platforms.
CPU Rate Limiters
The Supervisor Engine 720 (SUP720) is available for high-end Catalyst 6500/7600 series switches and supports
several integrated security features, including one that is important to mention. SUP720 has built-in "special
case" CPU rate limiters to classify traffic that cannot be categorized otherwise. The built-in special case CPU rate
limiters use an access list (examples include IP options cases, time to live [TTL] and maximum transmission unit
[MTU] failure cases, and packets with errors). The CPU rate limit is mainly used for DoS protection.
Layer 2 Security Best Practices
To conclude this chapter, a list of best practices is presented here for implementing, managing, and maintaining
secure Layer 2 network:
Manage the switches in a secure manner.
Pages:
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201