Classes of traffic

The different classes of traffic that can be individually configured are:

  • acl-logging: Access Control List logging packets.

  • arp-broadcast: Address Resolution Protocol packets with a broadcast destination MAC address.

  • arp-unicast: Address Resolution Protocol packets with a switch system destination MAC address.

  • bgp-ipv4: Border Gateway Protocol packets with a destination IPv4 address owned by the switch and the Layer 4 protocol is TCP.

  • bgp-ipv6: Border Gateway Protocol packets with a destination IPv6 address owned by the switch and the Layer 4 protocol is TCP.

  • dhcp-ipv4: Dynamic Host Configuration Protocol packets with a destination IPv4 address owned by the switch and the Layer 4 protocol is UDP

  • dhcp-ipv6: Dynamic Host Configuration Protocol packets with a destination IPv6 address owned by the switch and the Layer 4 protocol is UDP

  • hypertext: Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) packets.

  • icmp-broadcast-ipv4: Internet Control Message Protocol packets with the broadcast destination IPv4 address 255.255.255.255.

  • icmp-unicast-ipv4: Internet Control Message Protocol packets with a destination IPv4 address owned by the switch.

  • icmp-multicast-ipv6: Internet Control Message Protocol packets with a well-known multicast destination IPv6 address.

  • icmp-unicast-ipv6: Internet Control Message Protocol packets with a destination IPv6 address owned by the switch.

  • igmp: Internet Group Management Protocol packets.

  • ipv4-options: Unicast IPv4 packets including option headers.

  • ipv6-options: Unicast IPv6 packets including option headers.

  • ip-exceptions: Internet Protocol exception packets.

  • IPSec: Internet Protocol Security IPv4 or IPv6, unicast or configured multicast. All IPsec traffic received by the CPU will be regulated by the 'ipsec' class regardless of the encapsulated protocol.

  • lacp: Link Aggregation Control Protocol packets with the destination MAC address 01:80:c2:00:00:02.

  • lldp: Link Layer Discovery Protocol packets with the destination MAC address 01:80:c2:00:00:0e.

  • loop-protect: Loop Protection packets with the destination MAC address 09:00:09:09:13:a6.

  • mvrp: Multiple VLAN Registration Protocol packets with the destination MAC address 01:80:c2:00:00:20 or 01:80:c2:00:00:21

  • ntp: Network Time Protocol packets with a destination address owned by the switch and the Layer 4 protocol is UDP.

  • ospf-multicast-ipv4: Open Shortest Path First packets with the multicast destination IPv4 address 224.0.0.5 or 224.0.0.6.

  • ospf-multicast-ipv6: Open Shortest Path First packets with the multicast destination IPv6 address FF02::5 or FF02::6

  • ospf-unicast-ipv4: Open Shortest Path First packets with a destination IPv4 address owned by the switch

  • ospf-unicast-ipv6: Open Shortest Path First packets with a destination IPv6 address owned by the switch

  • pim: Protocol Independent Multicast packets with the destination IPv4 address 224.0.0.13.

  • sflow: Packets sampled by sFlow.

  • ssh: Secure Shell (SSH) or Secure File Transfer Protocol (SFTP) packets. Dropping ssh packets will result in the connection to the CLI being lost.

  • stp: Spanning Tree Protocol (STP) packets with the destination MAC address 01:80:c2:00:00:00 or Per-VLAN Spanning Tree (PVST) packets with the destination MAC address 01:00:0c:cc:cc:cd.

  • telnet: Secure Telnet packets.

  • udld: Unidirectional Link Detection packets with the destination MAC address 01:00:0c:cc:cc:cc or 00:e0:52:00:00:00.

  • unknown-ip-multicast: Packets with an unknown multicast destination IP address.

  • unresolved-ip-unicast: Packets to be software forwarded by management processor.

  • vrrp-ipv4: Virtual Router Redundancy Protocol packets with the destination IPv4 address 224.0.0.18.

  • vrrp-ipv6: Virtual Router Redundancy Protocol packets with the destination IPv6 address FF02:0:0:0:0:0:0:12.

To regulate any other traffic destined for the CPU, every CoPP policy has a class named 'default' that can also be configured to regulate other traffic to the CPU or prevent other traffic from being delivered.
NOTE:

All IPsec traffic received by the CPU will be regulated by the 'ipsec' class regardless of the encapsulated protocol.