Home > Articles > Cisco Certification > CCNA Security Portable Command Guide: Network Foundation Protection

CCNA Security Portable Command Guide: Network Foundation Protection

Chapter Description

This chapter lists some common threats against network infrastructures and goes on to discuss the Cisco Network Foundation Protection Framework, Control Plane Security, Management Plane Security, and Data Plane Security.

Cisco Network Foundation Protection Framework

The Cisco Network Foundation Protection (NFP) framework provides an umbrella strategy for infrastructure protection forming the foundation for continuous service delivery.

NFP logically divides a router and Catalyst switches into three functional areas:

Control plane

Provides the ability to route data correctly. Traffic consists of device-generated packets required for the operation of the network itself, such as Address Resolution Protocol (ARP) message exchanges or Open Shortest Path First (OSPF) protocol routing advertisements.

Management plane

Provides the ability to manage network elements. Traffic is generated either by network devices or network management stations using tools such as Telnet, Secure Shell (SSH), Trivial File Transfer Protocol (TFTP), File Transfer Protocol (FTP), Network Time Protocol (NTP), or Simple Network Management Protocol (SNMP).

Data plane (forwarding plane)

Provides the ability to forward data. Typically consists of user-generated packets being forwarded to another end station. Most traffic travels through the router via the data plane. Data plane packets are typically processed in fast-switching cache.

Figure 4-1 provides a conceptual view of the NFP framework.

Figure 4.1

Figure 4-1. NFP Planes

Each of these planes must be protected to provide network availability and ensure continuous service delivery. The Cisco NFP framework provides the tools and techniques to secure each of these planes.

3. Control Plane Security | Next Section Previous Section