CoPP Policing not working.

[l33byt1980]

I have an issue on at least 5 of my sites that if i add the below script I loose my SNMP and SSH and ICMP serives.

If I look at access list 150 I see that there are no matches.
However if I look at my CoPPDrop I see they are all dropped packets.

Router is a Cisco 1841 running :c1841-advsecurityk9-mz.124-11.XW2.bin



My CoPP Policing.

control-plane
no service-policy input NTP
no service-policy input SECURE
no service-policy input CoPP

no policy-map SECURE
no policy-map NTP

no class-map match-all snmp

no class-map match-all ntp


no access-list 150
access-list 150 remark
access-list 150 remark *** Control Plane Security Allow ***
access-list 150 remark *
access-list 150 remark * Routing Protocol *
access-list 150 permit eigrp any any
access-list 150 permit ospf any any
access-list 150 permit tcp any any eq 179
access-list 150 remark * HSRP *
access-list 150 permit ip any host 224.0.0.2
access-list 150 remark * Telnet *
access-list 150 permit tcp host a.a.a.a any eq telnet
access-list 150 remark * SSH *
access-list 150 permit tcp host a.a.a.a any eq 22
access-list 150 remark * TACACS *
access-list 150 permit tcp host a.a.a.a any eq tacacs
access-list 150 remark * NTP *
access-list 150 permit udp host a.a.a.a eq ntp any
access-list 150 remark * SNMP *
access-list 150 permit udp host a.a.a.a any eq snmp
access-list 150 remark * Ping *
access-list 150 permit icmp host a.a.a.a any echo
access-list 150 remark * Cleint DHCP Request *
access-list 150 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
access-list 150 remark *
access-list 150 remark *** Control Plane Security Allow ***
access-list 150 remark



no access-list 151
access-list 151 remark
access-list 151 remark *** Control Plane Security Drop ***
access-list 151 remark *
access-list 151 permit tcp any any eq telnet
access-list 151 permit tcp any any eq 22
access-list 151 permit udp any any eq ntp
access-list 151 permit udp any any eq snmp
access-list 151 permit tcp any any eq tacacs
access-list 151 permit icmp any any
access-list 151 permit tcp any any eq domain
access-list 151 permit udp any any eq domain
access-list 151 permit tcp any any eq 5060
access-list 151 permit udp any any eq 5060
access-list 151 permit tcp any any eq www
access-list 151 permit tcp any any eq 443
access-list 151 remark *
access-list 151 remark *** Control Plane Security Drop ***
access-list 151 remark


class-map match-any CoPPAllow
match access-group 150
match protocol arp
class-map match-any CoPPDrop
match access-group 151


policy-map CoPP
class CoPPAllow
class CoPPDrop
drop
class class-default

control-plane
service-policy input CoPP

ACA - IPOffice implement
ACA - IP Telephony
CCNA - Passed at last

 

[burtsbees]

What about

http://www and

telnet? Can host a.a.a.a telnet or access the web server(s)?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!