Comprehensive and Detailed Explanation with Exact Extracts:
Option B (CPM-filter ACL) is CORRECT:
The CPM-filter ACL is explicitly designed to match control-plane traffic and copy it to the CPM (Control/Management Plane). It is instantiated in hardware on all line cards.
Extract from Nokia SR Linux Security Guide (Section: Control Plane Protection):
"The cpm-filter ACL is instantiated on every line card to identify packets destined for the CPM (e.g., routing protocols, ICMP). Matched packets are copied to the CPM while data-plane traffic is forwarded normally."
Other Options are INCORRECT:
A: Capture-filter ACL is for packet mirroring (e.g., SPAN), not CPM copying.
C/D: Ingress/Egress ACLs filter user traffic and are not specific to CPM-bound packets.
Extract from Nokia SR Linux ACL Configuration Guide:
"Only cpm-filter ACLs are globally applied across line cards for CPM protection. Interface ACLs (ingress/egress) operate locally and do not copy packets to the CPM."
[References:, Nokia SR Linux Security Guide: Section "Control Plane Protection"., Nokia SR Linux ACL Configuration Guide., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit