Chapter 14. Disabling Control Plane Protocols
When control plane policing (CoPP) is not implemented in hardware, it can be worth it to disable control plane protocols rather than rely on the software implementation of CoPP. However, this is drastic and not always applicable. This chapter explores ways to disable some control plane protocols to reduce the risk exposure of a switch.
Configuring Switches Without Control Plane Protocols
As shown in Chapter 12, “Introduction to Denial of Service Attacks,” a control plane in an Ethernet switch consists mainly of the following protocols:
L2 processing. A switch must process and respond to Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP), Port Aggression Protocol (PAgP), IEEE 802.1X, ...