Classes of traffic

The different classes of traffic that can be individually configured are:

  • acl-logging: Access Control List logging packets.

  • arp-broadcast: Address Resolution Protocol packets with a broadcast destination MAC address.

  • arp-unicast: Address Resolution Protocol packets with a switch system destination MAC address.

  • bfd: Bidirectional Forwarding Detection (BFD) packets with a destination IP address owned by the switch.

  • bgp-ipv4: Border Gateway Protocol packets with a destination IPv4 address owned by the switch.

  • bgp-ipv6: Border Gateway Protocol packets with a destination IPv6 address owned by the switch.

  • dhcp-ipv4: Dynamic Host Configuration Protocol packets with a destination IPv4 address.

  • dhcp-ipv6: Dynamic Host Configuration Protocol packets with a destination IPv6 address.

  • erps: Ethernet Ring Protection Switching control packets with the destination MAC address 01:19:a7:00:00:XX, where XX can be any value.

  • hypertext: Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) packets.

  • icmp-broadcast-ipv4: Internet Control Message Protocol packets with a broadcast or multicast destination IPv4 address.

  • icmp-multicast-ipv6: Internet Control Message Protocol packets with a well-known multicast destination IPv6 address.

  • icmp-unicast-ipv4: Internet Control Message Protocol packets with a destination IPv4 address owned by the switch.

  • icmp-unicast-ipv6: Internet Control Message Protocol packets with a destination IPv6 address owned by the switch.

  • igmp: Internet Group Management Protocol packets.

  • ip-exceptions: Routable packets that would exceed the MTU for the egress interface, packets that trigger ICMP redirects, and packets with TTL/hop_limit=1 that are discarded when routing through the switch.

  • ipsec: Internet Protocol Security IPv4 or IPv6, unicast or configured multicast. All IPsec traffic received by the CPU will be regulated by the ipsec class regardless of the encapsulated protocol.

  • ipv4-options: Unicast IPv4 packets including option headers.

  • ipv6-options: Unicast IPv6 packets including option headers.

  • lacp: Link Aggregation Control Protocol packets with the destination MAC address 01:80:c2:00:00:02.

  • lldp: Link Layer Discovery Protocol packets with the destination MAC address 01:80:c2:00:00:0e.

  • loop-protect: Loop Protection packets with the destination MAC address 09:00:09:09:13:a6.

  • mirror-to-cpu: Packets from mirroring session configured to deliver to the console.

  • mld: Multicast Listener Discovery packets of type V1 or V2 with an IPv6 address of FF00::/8, FF02::16 or FF02::2.

  • mvrp: Multiple VLAN Registration Protocol packets with the destination MAC address 01:80:c2:00:00:20 or 01:80:c2:00:00:21.

  • ntp: Network Time Protocol packets with a destination IP address owned by the switch.

  • ospf-multicast-ipv4: Open Shortest Path First packets with the multicast destination IPv4 address 224.0.0.5 or 224.0.0.6. The 8325 switch has VxLAN packets with VNI 0.

  • ospf-multicast-ipv6: Open Shortest Path First packets with the multicast destination IPv6 address FF02::5 or FF02::6.

  • ospf-unicast-ipv4: Open Shortest Path First packets with a destination IPv4 address owned by the switch.

  • ospf-unicast-ipv6: Open Shortest Path First packets with a destination IPv6 address owned by the switch.

  • pim: Protocol Independent Multicast packets with the destination IPv4 address 224.0.0.13 or IPv6 address FF02::D, or Multicast Source Discovery Protocol (MSDP) packets, or with a destination IP address owned by the switch. Also includes PIM packets received from a 6in6 tunnel.

  • sflow: Packet headers sampled by the switch that will be sent to the sFlow collector.

  • ssh: Secure Shell (SSH) or Secure File Transfer Protocol (SFTP) packets. Dropping ssh packets will result in the connection to the CLI being lost.

  • stp: Spanning Tree Protocol (STP) packets with the destination MAC address 01:80:c2:00:00:00 or Per-VLAN Spanning Tree (PVST) packets with the destination MAC address 01:00:0c:cc:cc:cd.

  • telnet: Secure Telnet packets.

  • udld: Unidirectional Link Detection packets with the destination MAC address 01:00:0c:cc:cc:cc or 00:e0:52:00:00:00, or Cisco Discovery Protocol packets with the destination MAC address 01:00:0c:cc:cc:cc.

  • unknown-multicast: Packets with an unknown multicast destination IP address.

  • unresolved-ip-unicast: Packets to be software forwarded by the management processor.

  • vrrp-ipv4: Virtual Router Redundancy Protocol packets with the destination IPv4 address 224.0.0.18 or VSX-Keepalive.

  • vrrp-ipv6: Virtual Router Redundancy Protocol packets with the destination IPv6 address FF02::12.

To regulate any other traffic destined for the CPU, every CoPP policy has a class named default that can also be configured to regulate other traffic to the CPU or prevent other traffic from being delivered.
NOTE:

All IPsec traffic received by the CPU will be regulated by the ipsec class regardless of the encapsulated protocol.