[TABS_R id=8782]
You want to configure a router so that networkbased CLI access is limited to SSH connections that are received on a specified interface.Which of the following Cisco IOS features should you configure to achieve your goal? (Select the best answer.)
- CoPP
- CPPr
- MPP
- uRPF
Explanation:
You should configure Management Plane Protection (MPP) on a Cisco router to ensure that networkbased commandline interface (CLI) access is limited to Secure Shell (SSH) connections that are received on a specified interface. MPP enables you to specify one or more interfaces as management interfaces. A management interface is an interface that is permitted to receive management traffic, which is traffic from a specific set of network protocols that is destined for the router. Once MPP is enabled, only specified types of management traffic are permitted on their respective management interfaces. For example, you could configure a router’s FastEthernet 0/0 interface to permit SSH and Secure Hypertext Transfer Protocol (HTTPS) traffic and its FastEthernet 0/1 interface to permit Trivial File Transfer Protocol (TFTP) traffic. Without MPP, you would need to create the appropriate access control lists (ACLs) and apply them in the inbound direction to every interface on the router if you wanted to limit access to one or more interfaces and management protocols.
You should not configure Control Plane Policing (CoPP). CoPP is a Quality of Service (QoS) feature that can be used to limit the type and amount of traffic that reaches the control plane. Control plane traffic is traffic that is destined to the router and that requires CPU intervention for processing. Examples of control plane traffic are routing protocol updates, SSH sessions, and Hypertext Transfer Protocol (HTTP) connections. Because control plane traffic requires CPU intervention, it is possible to overload the CPU with a surge of traffic. When the CPU is overloaded, the router might be unable to update its routing information and transit traffic can be affected. CoPP enables you to configure QoS rates for various traffic types to ensure that sufficient processing time is available for critical protocols. CoPP policies are applied globally and cannot be limited to a single router interface.
You should not configure Control Plane Protection (CPPr). CPPr enhances the capabilities of CoPP by providing more granular control over control plane traffic. With CPPr, traffic is classified into three levels of control instead of the single level of control provided by CoPP. In addition, CPPr provides the ability to drop packets that are destined to Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) router ports that are either close or not listening. CPPr can also limit the number of packets from a particular protocol that are permitted into the control plane IP input queue. Like CoPP, CPPr policies are applied globally and cannot be limited to a single router interface. You should not configure unicast Reverse Path Forwarding (uRPF). uRPF is an antispoofing mechanism that verifies that the source address of a packet is reachable from the interface on which the packet was received. If uRPF is used in conjunction with an ACL, it can cause packets to become packetswitched. Packet switching requires CPU intervention and can create a burden on the control plane.
[TABS_R id=8782]