The management, control, data planes are defined by cisco NFP The control plane protection is one of the methods that administrators can use to protect the CPU of the Cisco IOS device. The control plane protection will maintain the routing stability, Network reachability and packet delivery and the control plane increase the reliability, confidentiality, integrity, and availability of network devices. To know more about Control Plane Protection in Cisco Networking, keep reading this article till the end.
The control plane protection is restricted in the ipv4 input path. and access control list is directory cannot apply direct the control plane subinterfaces. it is not supported on distributed hardware- switching platforms the following list are the important tools and technologies to protect the control plane
- Cisco auto secure
- Routing protocol authentication
- Control plane policing
The cisco auto secure is another security feature in cisco IOS 12.2, 12.3
The auto secure feature secures the Router by using a single CLI command and it is secure access to the router configure a required minimum password length The auto secure is configured on set-up time or run time
Router Protocol Authentication
The router protocol authentication has prevented the attacker from injecting fraudulent routes there are two ways to configure the routing protocol authentication. the OSPF and BGP require individual configuration and key chain used in RIP and EIGRP protocols.
Control Plane Policing (CoPP)
The control plane policing increases the security on the switch protecting RP from unnecessary traffic and giving control plane traffic. The control plane policing not support MAC ACLs, and it configured with match protocol arp command the show policy-map control-plane command is used for developing monitoring statistics for control plane policy.
There are many features affect IP packets for the route processor of a network device. and deploying CPP, Cisco Express Forwarding, Router and VLAN access control lists, Unicast Reverse Path Forwarding is the lists of control plane protection interact with another
Control-Plane Interface and Sub-Interfaces
Host sub-interface – The host subinterface receives all control plane IP and it is directly destined for one of the routers interfaces The ARP or CDP are do not fall in control plane host subinterface
Transit sub interfaces – The transit sub interface receives all control plane IP traffic and is software switched by the route processor port filtering and per control, the queue cannot apply on transit subinterface
CEF-exception sub interface – this subinterface receives configured input feature in the CEF port filtering and per control queue cannot apply on transit subinterface
- What is Management Plane Protection in Cisco
- Cisco Network Foundation Protection (NFP) – Management, Control, & Data plane
Download What is Control Plane Protection in Cisco in pdf – Click here