That’s right. We see all ports that open on the router that belongs to the so-called host subinterface of Control Plane. What are debating about then ? ;)
I didn’t find that DNS belongs to management plane in Cisco’s official documentation. Perhaps Yusuf in his flash cards is not right as the list of protocols mentioned in the Figure for this question is too big. Unless I confuse entirely the concept of Control and Management Plane From: Kingsley Charles [mailto:[email protected]] Sent: Sunday, November 07, 2010 12:56 AM To: Eugene Pefti Cc: [email protected] Subject: Re: [OSL | CCIE_Security] DNS part of which plane Eugene, the O/P is self explanatory. The show control-plane host open shows all the port that the router is listening to. The O/P has port 22 and 23 which is ssh and telnet respectively. Does that mean telnet and ssh are control plane protocols? The O/P includes management, control and service protocol port numbers. ISAKMP is in service plane right, you can 500 and 4500 in the O/P too. With regards Kings On Sun, Nov 7, 2010 at 1:13 PM, Eugene Pefti <[email protected]> wrote: It’s a good point, Kings. Our customer uses their routers as DNS servers at their remote offices and the traffic destined to the router itself can be falling under the management plane. I thought that you control access to the router via a regular ACL which I still do by applying it to different VLAN interfaces. But when I query the router to show me open ports under the control plane I see DNS on the list as well. Hence DNS traffic is from control-plane ;) Router_LAB#show control-plane host open Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:22 *:0 SSH-Server LISTEN tcp *:23 *:0 Telnet LISTEN tcp *:53 *:0 DNS Server LISTEN udp *:53 *:0 DNS Server LISTEN udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN udp *:123 *:0 NTP LISTEN udp *:4500 *:0 ISAKMP LISTEN udp *:500 *:0 ISAKMP LISTEN From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Saturday, November 06, 2010 11:52 PM To: [email protected] Subject: [OSL | CCIE_Security] DNS part of which plane Hi all As per the Yusuf flash cards, DNS is part of the Management plane. Management plane is used to manage the device and control plane is used to dynamically build the network. The DNS builds the network by resolving the FQDN to IP address. I think, DNS should be in the control plane list. Any thoughts? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
