Control Plane Questions

Note: If you are not sure about Access list, please read our Control Plane Policing (CoPP) Tutorial.

Question 1

Explanation

The “show policy-map control-plane” is used to display the service-policy associated to the control-plane. It also shows the packets that matched the class-map. An example of the output of this command is shown below:

Question 2

Explanation

We see the notification “% Please create RSA keys to enable SSH” so we have to create RSA keys with the command:

R1(config)#crypto key generate rsa

Question 3

Explanation

The traffic managed by a device can be divided into three functional components or planes:
+ Data plane
+ Management plane
+ Control plane

The vast majority of traffic flows through the device via the data plane; however, the route processor handles certain traffic, such as routing protocol updates, remote-access services, and network management traffic such as SNMP. This type of traffic is referred to as the control and management plane. The route processor is critical to network operation. Therefore any service disruption or security compromise to the route processor, and hence the control and management planes, can result in network outages that impact regular operations. For example, a DoS attack targeting the route processor typically involves high bursty traffic resulting in excessive CPU utilization on the route processor. Such attacks can be devastating to network stability and availability. The bulk of traffic managed by the route processor is handled by way of the control and management planes.

The CoPP feature is used to protect the aforementioned control and management planes; to ensure stability, reachability, and availability and to block unnecessary or DoS traffic. CoPP uses a dedicated control plane configuration through the modular QoS CLI (MQC) to provide filtering and rate limiting capabilities for the control plane packets.

Reference: https://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=10

Question 4

Explanation

Below are the steps to follow for copying the Cisco IOS software image from a router acting as TFTP server to another router.

1. Check the image size on Router1 with the show flash command.
2. Check the image size on Router2 with the show flash command to verify if enough space is available on Router2 for the system image file to be copied.
3. Configure Router1 as the TFTP server: Router1(config)#tftp-server flash:/c2500-js-l.122-10b
4. When the TFTP server is configured, download the specified image from Router1 to Router2 using the copy tftp flash command.

Reference: https://www.cisco.com/c/en/us/support/docs/routers/2500-series-routers/15092-copyimage.html