Eugene, the O/P is self explanatory. The show control-plane host open shows all the port that the router is listening to. The O/P has port 22 and 23 which is ssh and telnet respectively. Does that mean telnet and ssh are control plane protocols?
The O/P includes management, control and service protocol port numbers. ISAKMP is in service plane right, you can 500 and 4500 in the O/P too. With regards Kings On Sun, Nov 7, 2010 at 1:13 PM, Eugene Pefti <[email protected]>wrote: > It’s a good point, Kings. > > Our customer uses their routers as DNS servers at their remote offices and > the traffic destined to the router itself can be falling under the > management plane. > > I thought that you control access to the router via a regular ACL which I > still do by applying it to different VLAN interfaces. > > But when I query the router to show me open ports under the control plane I > see DNS on the list as well. Hence DNS traffic is from control-plane ;) > > > > Router_LAB#show control-plane host open > > Active internet connections (servers and established) > > Prot Local Address Foreign > Address Service State > > tcp *:22 *:0 > SSH-Server LISTEN > > tcp *:23 > *:0 Telnet LISTEN > > tcp *:53 *:0 > DNS Server LISTEN > > udp *:53 *:0 > DNS Server LISTEN > > udp *:67 *:0 > DHCPD Receive LISTEN > > udp *:2887 > *:0 DDP LISTEN > > udp *:123 > *:0 NTP LISTEN > > udp *:4500 > *:0 ISAKMP LISTEN > > udp *:500 > *:0 ISAKMP LISTEN > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Saturday, November 06, 2010 11:52 PM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] DNS part of which plane > > > > Hi all > > As per the Yusuf flash cards, DNS is part of the Management plane. > > Management plane is used to manage the device and control plane is used to > dynamically build the network. > > The DNS builds the network by resolving the FQDN to IP address. > > I think, DNS should be in the control plane list. > > Any thoughts? > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
