Which of the following features protects the control plane by classifying traffic into three separate control plane
subinterfaces? (Select the best answer.)

A.
CoPP

B.
CPPr

C.
RBAC

D.
uRPF

Explanation:
Control Plane Protection (CPPr) protects the control plane by classifying control plane traffic into three separate
subinterfaces: the host subinterface, the transit subinterface, and the Cisco Express Forwarding (CEF)
exception subinterface. The host subinterface contains control plane IP traffic that is destined for a router
interface, including traffic from the following sources and protocols:
– Terminating tunnels
– Secure Shell (SSH)
– Simple Network Management Protocol (SNMP)
– Internal Border Gateway Protocol (iBGP)
– Enhanced Interior Gateway Routing Protocol (EIGRP)
The transit subinterface contains control plane IP traffic that is traversing the router, including the following
traffic:
– Nonterminating tunnel traffic
– Traffic that is softwareswitched by the route processor
The CEFexception subinterface contains control plane traffic that is redirected by CEF for process switching, as
well as traffic from the following sources and protocols:
– NonIP hosts
– Address Resolution Protocol (ARP)
– External BGP (eBGP)
– Open Shortest Path First (OSPF)
– Label Distribution Protocol (LDP)
– Layer 2 keepalives
CPPr is used to protect the control plane by filtering and rate limiting traffic in order to prevent excessive CPU
and memory consumption. To configure CPPr, you must perform the following steps:
– Create access control lists (ACLs) to identify traffic.
– Create a traffic class.
– Create a traffic policy, and associate the traffic class to the policy
– Apply the policy to the specific control plane subinterface.
Control Plane Policing (CoPP) is similar to CPPr, except CoPP does not separate control plane traffic into three
subinterfaces. To configure CoPP, you must perform the following steps:
– Create ACLs to identify traffic.
– Create a traffic class.
– Create a traffic policy, and associate the traffic class to the policy.
– Apply the policy to the control plane interface.
Both CoPP and CPPr use class maps to filter and ratelimit traffic. However, CPPr separates control plane traffic
into three subinterfaces: the host subinterface, the transit subinterface, and the Cisco Express Forwarding
(CEF)exception subinterface. For this reason, Cisco recommends that you use CPPr instead of CoPP
whenever possible.
RoleBased Access Control (RBAC) does not protect the control plane. RBAC protects the management plane
by granting limited access to administrators so that they can perform only the tasks required for their job. Forexample, you can configure permissions on an administrator’s account so that the administrator can issue only
certain commands, which will prevent the administrator from making unauthorized configuration changes or
from viewing restricted information.
Unicast Reverse Path Forwarding (uRPF) does not protect the control plane. uRPF protects the data plane by
checking the source IP address of a packet to determine whether an inbound packet arrived on the best path
back to the source based on routing table information. If the uRPF check passes, the packet is transmitted? if
the uRPF check fails, the packet is dropped.

Cisco: Control Plane Protection