Guys, The CoPP config did work perfectly. This was our config:
Switch(config)# qos Switch(config)# macro global apply system-cpp Switch(config)# policy-map system-cpp-policy Switch(config-pmap)# system-cpp-all-systems-on-subnet Switch(config-pmap-c)# police 32000 1000 conform-action transmit exceed-action drop Switch(config-pmap)# system-cpp-all-routers-on-subnet Switch(config-pmap-c)# police 32000 1000 conform-action transmit exceed-action drop Switch(config-pmap)# class system-cpp-ip-mcast-linklocal Switch(config-pmap-c)# police 32000 1000 conform-action transmit exceed-action drop No side effects until now :) Thanks for all the contributions. Regards, Antonio Soares, CCIE #18473 (R&S/SP) amsoa...@netcabo.pt http://www.ccie18473.net -----Original Message----- From: Antonio Soares [mailto:amsoa...@netcabo.pt] Sent: quarta-feira, 13 de Julho de 2011 18:17 To: 'Phil Mayers' Cc: 'cisco-nsp@puck.nether.net' Subject: RE: [c-nsp] Cat4500 High CPU with Multicast Stream I will be applying CoPP today: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configur ation/guide/cntl_pln.html Something like: Switch(config)# qos Switch(config)# macro global apply system-cpp Switch(config)# policy-map system-cpp-policy Switch(config-pmap)# class system-cpp-ip-mcast-linklocal Switch(config-pmap-c)# police 32000 1000 conform-action transmit exceed-action drop Switch(config-pmap-c)# end I will let you know if it works as expected. Regards, Antonio Soares, CCIE #18473 (R&S/SP) amsoa...@netcabo.pt http://www.ccie18473.net -----Original Message----- From: Phil Mayers [mailto:p.may...@imperial.ac.uk] Sent: quarta-feira, 13 de Julho de 2011 16:53 To: Antonio Soares Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cat4500 High CPU with Multicast Stream On 07/13/2011 04:46 PM, Antonio Soares wrote: > Thanks, I'm feeling better now :) > > So in my case, one 4500 with "ip routing" enabled and "ip multicast-routing" > disabled, what could be simple and quick to implement ? I'm not familiar with Cat4500 I'm afraid. On a 6500 I would do this: ip access-list standard DENY_MULTI deny 224.0.0.0 15.255.255.255 int VlanXXX ip multicast boundary DENY_MULTI ...it might work on that platform. As others have pointed out, some legitimate traffic uses 224.0.0.0/24 e.g. HSRP, VRRP, PIM, OSPF, etc. so be careful with this. Or use a plain access list on the ethernet port. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/