DRAG DROP
Drag and drop the statements about device security from the left onto the correct features on the right.
Select and Place:
DRAG DROP
DRAG DROP
Drag and drop the statements about device security from the left onto the correct features on the right.
Select and Place:
CoPP 356
MPP 124
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/xe-3s/qos-plcshp-xe-3s-book/qos-plcshp-xe-3s-book_chapter_010100.pdf
Control Plane Policing (CoPP) is a Cisco IOS control-plane feature that offers rate limiting of all control-plane traffic. CoPP allows you to configure a quality of service (QoS) filter that manages the traffic flow of control plane packets. This QoS filter helps to protect the control plane of Cisco IOS routers and switches against denial-of-service (DoS) attacks and helps to maintain packet forwarding and protocol states during an attack or during heavy traffic loads.
The MPP feature is disabled by default. When you enable the feature, you must designate one or more interfaces as management interfaces and configure the management protocols that will be allowed on those interfaces. The feature does not provide a default management interface. Using a single CLI command, you can configure, modify, or delete a management interface.When you configure a management interface, no interfaces except that management interface will accept network management packets destined to the device. When the last configured interface is deleted, the feature turns itself off.
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/security/configuration/guide/syssec_cg41crs_chapter7.html
The advantage is that forwarding (or customer) traffic cannot interfere with the management of the router, which significantly reduces the possibility of denial-of-service attacks.
The Management Plane Protection (MPP) feature in Cisco IOS software provides the capability to restrict the interfaces on which network management packets are allowed to enter a device.
9. show mgmt-plane [inband | out-of-band] [interface {type instance}]
CoPP 236
MPP 145
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/copp.html
https://www.cisco.com/c/en/us/about/security-center/copp-best-practices.html
CoPP is not be enabled in hardware unless you have enabled PFC QoS globally with the mls qos command.
The combination of ACLs, traffic storm control, and CoPP software protection provides protection against broadcast DoS attacks.
Each of these types represents a specific group of packets that a network device will receive on ingress from network interfaces and be required to process.