Cisco
352-001 · Question #721
352-001 Question #721: Real Exam Question with Answer & Explanation
The correct answer is B: The customer must pay special attention to the ICMPv6 rate limiting policy because it has. ICMPv6 still requires Control Plane Policing, but the rate-limiting policy must be carefully tuned because ICMPv6 carries critical LAN control functions absent in ICMPv4.
Question
Your customer wants to migrate their network from IPv4 to IPv6. They currently have Control Plane Policing deployed to protect their network devices from illegitimate ICMP traffic flooding. How do you adjust Control Plane Policing for ICMPv6 traffic, if it should be adjusted at all?
Options
- AUnlike ICMPv4, ICMPv6 must never be policed because it has additional functionality in the LAN
- BThe customer must pay special attention to the ICMPv6 rate limiting policy because it has
- CICMPv6 must be policed to the ICMPv4 lower value because the ICMPv6 packet size is bigger
- DThe policy must remain the same for ICMPv4 and ICMPv6
Explanation
ICMPv6 still requires Control Plane Policing, but the rate-limiting policy must be carefully tuned because ICMPv6 carries critical LAN control functions absent in ICMPv4.
Common mistakes.
- A. ICMPv6 must still be policed to protect the control plane from flooding attacks; the expanded LAN functionality is a reason to tune carefully, not a justification to omit policing entirely.
- C. No standard guidance mandates policing ICMPv6 at a lower absolute rate than ICMPv4 based solely on packet size; rate limits must reflect expected legitimate traffic volumes and functional requirements.
- D. The ICMPv4 and ICMPv6 policies cannot simply remain identical because ICMPv6 carries NDP and MLD traffic that was handled by separate protocols in IPv4, requiring different and more careful rate-limit thresholds.
Concept tested. CoPP tuning for ICMPv6 and NDP traffic
Community Discussion
No community discussion yet for this question.