https://community.cisco.com/t5/network-security/control-plane-protection/m-p/1949856#M933282 <P>Hi guys,</P><P></P><P>I want to implement control plane protection for fragmented packets. As far as i know if fragmented packet are traversing through router then service-policy will be applied at control-plane transit but if fragmented packets are destine to router itself then it will be applied at control-plane host. Correct me if i am wrong. Moreover I want to know the difference between</P><P></P><P>Control-plane </P><P>Control-plane host</P><P>Control-plane transit</P><P>Control-plane cef</P> Fri, 21 Feb 2020 12:41:41 GMT scorpion007 2020-02-21T12:41:41Z https://community.cisco.com/t5/network-security/control-plane-protection/m-p/1949856#M933282 <P>Hi guys,</P><P></P><P>I want to implement control plane protection for fragmented packets. As far as i know if fragmented packet are traversing through router then service-policy will be applied at control-plane transit but if fragmented packets are destine to router itself then it will be applied at control-plane host. Correct me if i am wrong. Moreover I want to know the difference between</P><P></P><P>Control-plane </P><P>Control-plane host</P><P>Control-plane transit</P><P>Control-plane cef</P> Fri, 21 Feb 2020 12:41:41 GMT https://community.cisco.com/t5/network-security/control-plane-protection/m-p/1949856#M933282 scorpion007 2020-02-21T12:41:41Z https://community.cisco.com/t5/network-security/control-plane-protection/m-p/1949857#M933283 <HTML><HEAD></HEAD><BODY><P>Hi Bro</P><P>What you’re doing is good. It’s always best to block the fragmented packets at the control-plane level, rather than via the normal ACL.</P><P></P><P>In the basic/lower feature sets IOS versions, there is no breakdown in terms of control-plane. With the advanced/higher feature sets IOS versions, you have control-plane host, control-plane transit and control-plane cef. Your next question would be when do I apply them, in what given situations, am I right? Basically, in a nutshell, here goes</P><P></P><P>a)&nbsp;&nbsp;&nbsp; control-plane host handles packets destined for router itself e.g. management traffic (telnet/ssh/tacacs+/radius) and routing traffic.</P><P>b)&nbsp;&nbsp;&nbsp; control-plane transit works on IP based packets traversing through the router e.g. internet browsing, email etc.</P><P>c)&nbsp;&nbsp;&nbsp; control-plane cef focuses on non-IP packets e.g. CDP, ARP etc.</P><P></P><P>With this in mind, you might wanna expand your knowledge in depth, by reading this Cisco document <A href="http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htcpp.html">http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htcpp.html</A></P><P></P><P></P><P></P><P></P><P><STRONG>P/S: if you think this comment is useful, please do rate them nicely <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> and click on the button THIS QUESTION IS ANSWERED.</STRONG></P></BODY></HTML> Mon, 20 Aug 2012 00:08:49 GMT https://community.cisco.com/t5/network-security/control-plane-protection/m-p/1949857#M933283 Ramraj Sivagnanam Sivajanam 2012-08-20T00:08:49Z https://community.cisco.com/t5/network-security/control-plane-protection/m-p/1949858#M933284 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>I need some help on implementing CPPr, i need configurtion to apply on router, i have done some but i am not sure is it right or not, Thanks</P></BODY></HTML> Tue, 01 Oct 2013 23:24:10 GMT https://community.cisco.com/t5/network-security/control-plane-protection/m-p/1949858#M933284 shakeelccie 2013-10-01T23:24:10Z