6.4 control plane protection

As the title of the task imply and because the few words of the ticket didnt specified it (even undirectly) i didnt considered at all the possibility to set the filter on the interface because for what i've studied from Cisco, the control plane protection means something very specific. So i applied the filter to the control-plane of the router in the outbound direction.

Now if a question like this appear in the lab i havent any doubt i will answer wrong. I honestly hope not because it would make it impossible to pass. 

Comments

  • As the title of the task imply and because the few words of the ticket didnt specified it (even undirectly) i didnt considered at all the possibility to set the filter on the interface because for what i've studied from Cisco, the control plane protection means something very specific. So i applied the filter to the control-plane of the router in the outbound direction.

    Now if a question like this appear in the lab i havent any doubt i will answer wrong. I honestly hope not because it would make it impossible to pass. 

    You shouldn't read too much into the title of the these requirements.  Simply meet the requirements in the tasks given.  Also look for easiest pratical solution.

  • Pgallo,

    I think you are talking about to apply Control Plane Policy for the data plane traffic like ICMP in ping, which can be restricted with ACL as opposed to CoPP. Take a look into the following example:

    R2#sh run policy-map 

    policy-map POLICY

     class EIGRP

       drop

     class ICMP

       drop

     

    R2#sh policy-map control-plane 

     Control Plane 

     

      Service-policy input: POLICY

     

        Class-map: EIGRP (match-all)

          128 packets, 8714 bytes

          5 minute offered rate 0 bps, drop rate 0 bps

          Match: access-group 102

          drop

     

        Class-map: ICMP (match-all)

          0 packets, 0 bytes

          5 minute offered rate 0 bps, drop rate 0 bps

          Match: access-group 101

          drop

     

        Class-map: class-default (match-any)

          62 packets, 10437 bytes

          5 minute offered rate 0 bps, drop rate 0 bps

          Match: any 

     

    R1#ping 10.1.23.3 repeat 100

    Type escape sequence to abort.

    Sending 100, 100-byte ICMP Echos to 10.1.23.3, timeout is 2 seconds:

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Success rate is 100 percent (100/100), round-trip min/avg/max = 20/42/60 ms

    R1#

     

    R2#sh access-lists 

    Extended IP access list 101

        10 permit icmp any any

    Extended IP access list 102

        10 permit eigrp any any (164 matches)

    R2#

    No match for ICMP traffic at all, because it can be considered as a data plane traffic rather than a control traffic as we have matches for EIGRP hellos.

    Sorry if it didn't address your query. ;)

    Hope this helps!

  • JoeMJoeM ✭✭✭

    As the title of the task imply and because the few words of the ticket didnt specified it (even undirectly) i didnt considered at all the possibility to set the filter on the interface because for what i've studied from Cisco, the control plane protection means something very specific. So i applied the filter to the control-plane of the router in the outbound direction.

    Now if a question like this appear in the lab i havent any doubt i will answer wrong. I honestly hope not because it would make it impossible to pass. 

    Hi Pgallo,

    I bet this happens to everyone.   In the workbooks, the task's title is often a clue as to the needed tool/config.   If the title was not "Control Plane Protection",  most of us would automatically consider an ACL instead of CCPr.

    But what probably matters most, is if your config solves the issue -- without causing any other issues.  

    Did your config work?

  • If the title was not "Control Plane Protection",  most of us would automatically consider an ACL instead of CCPr.

    Nice one! the title may enforce the candidates to think unnecessarily about the solution. If there is no title, straight answer [;)]. Otherwise, we always start to think more about it. :)

    Thanks,

  • Thanks everybody for the advise. Anyway sometimes i pay too much attention to the title and this could be a mistake if the title want drag you away of the right point.

  • JoeMJoeM ✭✭✭

    Thanks everybody for the advise. Anyway sometimes i pay too much attention to the title and this could be a mistake if the title want drag you away of the right point.

    Pgallo,  I disagree a little.  Don't make WB-2 difficult.    When going through WB-2 ,  do pay attention to the headings of each task.   99% of the time, it will guide you correctly (in these workbooks).     Just take the lesson and move on to the next task/lesson.

    If we really wanted to argue the task, I would say the title is misleading (but it makes us think).  WB-2 are still learning labs (not testing).   

    Cheers

  • Hi Joe what i said is that if in the exam there will be misleading tasks that will be a problem. And that is independently of the difficult of the task itself. Paradoxically the most stupid tasks are those that could be more general and so they could let your interpretation sometimes more equivocal . Instead if you put 2 Kilometers of debugs over the monitor and make the task harder, the solution will bring you on a single specific solution. At least this is my personal experience.

     

Sign In or Register to comment.