PrepAway - Latest Free Exam Questions & Answers

Which three protocols should be explicitly managed by using Control Plane Policing on an Internet border route

Which three protocols should be explicitly managed by using Control Plane Policing on an Internet
border router? (Choose three.)

PrepAway - Latest Free Exam Questions & Answers

A.
LDAP

B.
ICMP

C.
RTP

D.
BGP

E.
SSH

F.
RDP

Explanation:
Control Plane Security and Packet QoS Overview
To protect the CP on a router from DoS attacks and to provide packet QoS, the Control Plane
Policing feature treats the CP as a separate entity with its own ingress (input) and egress (output)
ports, which are like ports on a router and switch. Because the Control Plane Policing feature
treats the CP as a separate entity, a set of rules can be established and associated with the
ingress and egress port of the CP.
These rules are applied only after the packet has been determined to have the CP as its
destination or when a packet exits from the CP. Thereafter, you can configure a service policy to
prevent unwanted packets from progressing after a specified rate limit has been reached; for
example, a system administrator can limit all TCP/SYN packets that are destined for the CP to a
maximum rate of 1 megabit per second. Input CP services are executed after router input port
services and a routing decision on the input path have been made. As shown in Figure 2, CP
security and packet QoS are applied on:
An aggregate level by the central switch engine and applied to all CP packets received from all
line cards on the router (see Aggregate Control Plane Services)

A distributed level by the distributed switch engine of a line card and applied to all CP packets
received from all interfaces on the line card (see Distributed Control Plane Services)
Figure 2 Input Control Plane Services: Aggregate and Distributed Services

The following types of Layer 3 packets are forwarded to the control plane and processed by
aggregate and distributed control plane policing:
Routing protocol control packets
Packets destined for the local IP address of the router
Packets from management protocols (such as Simple Network Management Protocol [SNMP],
Telnet, and secure shell [SSH])
Note Ensure that Layer 3 control packets have priority over other packet types that are destined
for the control plane.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html


Leave a Reply