When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols start flapping on that device.
Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective?
To prevent routing protocol flapping while achieving the security objective of protecting the control plane from malicious traffic, it is necessary to properly test and configure the Control Plane Policy on input traffic. By setting the conform-action to transmit and the exceed-action to drop in the input direction, malicious traffic is effectively filtered before it reaches the control plane, thus preventing disruption. This ensures that routing protocols are not affected while maintaining security.
I agree with the post from Networkingguy, first we permit (transmit) all traffic to see how much packets are exceeding. Pls see: https://networklessons.com/cisco/ccie-routing-switching-written/copp-control-plane-policing However, we would need to use exceed-action drop in order to protect the control plane (security objective). The question is formed ambiguously. Still I vote for B, because testing should be performed before setting the drop action.
B is correct
B correct: https://www.exam-answer.com/configure-control-plane-policing-prevent-routing-protocol-flapping
can someone resolve whether answer B or C are correct? Thanks
I think given answer is right. This is an excerpt from Cisco: he CoPP feature on a Cisco device does exactly what it sounds like: It polices the traffic coming to the control plane. For this purpose, the control plane is treated as a logical source and destination, with its own inbound and outbound interfaces. Only traffic that is destined for the control plane is policed as part of this feature. This is in addition to any policing, filtering, or any other processing done at the interface where the packet was received by the device. So, you police traffic coming to the Control Plane so that it doesn't have to process it. https://www.ciscopress.com/articles/article.asp?p=2928193&seqNum=3
I know the answer is either A or B because of the ACL but here is the a paragraph from the OCG Enarsi book page 861 Direction: CoPP can be applied to packets entering or leaving the control plane interface. Therefore, the correct direction needs to be specified. For incoming packets, you specify input, and for outgoing packets you specify output. Direction can be verified with the output of show policy-map control-plane as well. Note that not all versions support output CoPP, and for the ones that do, you need to ensure that the correct traffic is being classified in the ACLs and the class maps. For example, when it comes to BGP, OSPF (Open Shortest Path First), and EIGRP, you typically use output CoPP for the replies that are being sent because of an already received packet. For ICMP, it would be error and informational reply messages. For Telnet, SSH (Secure Shell), HTTP (Hypertext Transfer Protocol), or SNMP (Simple Network Management Protocol), you would be dealing with replies or traps. If the ACL and class map are not configured appropriately for the replies, the desired result will not be achieved. So my guess is A.
I also viewed this excerpt as the answer, but the question is talking about protecting the router from malicious traffic, and this (to me) meant inbound traffic is being policed and maybe some of the routing protocol packets are getting caught in the policy map
B or C correct. I only know that" the input direction" is correct.
Input direction because we are sussing out Malicious public traffic that might come in, and we are testing so we would want to use conform and exceed to just give results of what we are working with.
The given answer is correct
ExamShark, you are a twat for copy and pasting the same response on every question. I haven't seen you say anything useful, hope you get the lot ya dawg