Chapter 14. Disabling Control Plane Protocols

When control plane policing (CoPP) is not implemented in hardware, it can be worth it to disable control plane protocols rather than rely on the software implementation of CoPP. However, this is drastic and not always applicable. This chapter explores ways to disable some control plane protocols to reduce the risk exposure of a switch.

Configuring Switches Without Control Plane Protocols

As shown in Chapter 12, “Introduction to Denial of Service Attacks,” a control plane in an Ethernet switch consists mainly of the following protocols:

  • L2 processing. A switch must process and respond to Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP), Port Aggression Protocol (PAgP), IEEE 802.1X, ...

Get LAN Switch Security: What Hackers Know About Your Switches now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.