Last Updated on August 2, 2021 by Admin 3
Which of the following features protects the control plane by classifying traffic into three separate control plane subinterfaces? (Select the best answer.)
Control Plane Protection (CPPr) protects the control plane by classifying control plane traffic into three separate subinterfaces: the host subinterface, the transit subinterface, and the Cisco Express Forwarding (CEF)exception subinterface. The host subinterface contains control plane IP traffic that is destined for a router interface, including traffic from the following sources and protocols:
– Terminating tunnels
– Secure Shell (SSH)
– Simple Network Management Protocol (SNMP)
– Internal Border Gateway Protocol (iBGP)
– Enhanced Interior Gateway Routing Protocol (EIGRP)
The transit subinterface contains control plane IP traffic that is traversing the router, including the following traffic:
– Nonterminating tunnel traffic
– Traffic that is softwareswitched by the route processor
The CEFexception subinterface contains control plane traffic that is redirected by CEF for process switching, as well as traffic from the following sources and protocols:
– NonIP hosts
– Address Resolution Protocol (ARP)
– External BGP (eBGP)
– Open Shortest Path First (OSPF)
– Label Distribution Protocol (LDP)
– Layer 2 keepalives
CPPr is used to protect the control plane by filtering and rate limiting traffic in order to prevent excessive CPU and memory consumption. To configure CPPr, you must perform the following steps:
– Create access control lists (ACLs) to identify traffic.
– Create a traffic class.
– Create a traffic policy, and associate the traffic class to the policy
– Apply the policy to the specific control plane subinterface.
Control Plane Policing (CoPP) is similar to CPPr, except CoPP does not separate control plane traffic into three subinterfaces. To configure CoPP, you must perform the following steps:
– Create ACLs to identify traffic.
– Create a traffic class.
– Create a traffic policy, and associate the traffic class to the policy.
– Apply the policy to the control plane interface.
Both CoPP and CPPr use class maps to filter and ratelimit traffic. However, CPPr separates control plane traffic into three subinterfaces: the host subinterface, the transit subinterface, and the Cisco Express Forwarding (CEF)exception subinterface. For this reason, Cisco recommends that you use CPPr instead of CoPP whenever possible.
RoleBased Access Control (RBAC) does not protect the control plane. RBAC protects the management plane by granting limited access to administrators so that they can perform only the tasks required for their job. For example, you can configure permissions on an administrator’s account so that the administrator can issue only certain commands, which will prevent the administrator from making unauthorized configuration changes or from viewing restricted information.
Unicast Reverse Path Forwarding (uRPF) does not protect the control plane. uRPF protects the data plane by checking the source IP address of a packet to determine whether an inbound packet arrived on the best path back to the source based on routing table information. If the uRPF check passes, the packet is transmitted? if the uRPF check fails, the packet is dropped.