Hello Johan, You might have already gone through this, but http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_policng_external_docbase_0900e4b1805eee4d_4container_external_docbase_0900e4b180dd87e0.html is a good reference to read about the Control-plane.
About the control-plane subinterfaces -> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_prot_ps6441_TSD_Products_Configuration_Guide_Chapter.html is a good reference document. Regarding which interface to use when configuring, i would look for clues in the question itself. Here are the possible scenarios i see : - For applying service-policies on the "transit" sub-interface, the question will usually indicate that. - For applying service-policies on the "cef-exception" sub-interface, all you have to do is look at the traffic that needs to blocked and see if it matches the traffic which is being processed by the cef-exception subif ( ex : L2 traffic, ARP, etc ) - The issue i usually face is when it comes to deciding between the Global "CONTROL PLANE" , or the sub-interface "control-plane HOST " - For this, again, if the question specifically asks you to apply it in the control-plane subinterface, i would do that. - Otherwise i would just go ahead and apply it on the global-control plane. - Ex: If the question asked us to block all telnet traffic to the router from a particular IP/Subnet and if the question did not include any specific details about applying it on the control-plane "host" subinterface, i would just put in the global-control plane. - But there are some features (ex : Mangement plane protection ) which have to be applied only the "host" subinterface. That should be easy to do because there's no other way to do it. Hope this helps! Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
