See comments below...
On Mar 2, 2011, at 4:35 PM, Hammer wrote: > So if you apply an ACL to the VTY that says permit ip host 10.10.10.1 host > 1.1.1.1 (lo0 on router) eq 22 and you have transport input telnet VTY lines > then the only thing you have done is forced yourself to telnet to your > router over port 22. I don't think the ACL changes the port the management protocol (ie. telnet, ssh) listens on. I think you would use the rotary command under the VTY to do that. > > Here's my confusion. Is this redundant to CoPPs? I understand with policy > maps on CoPPs I have a greater degree of control but in the end, it's > redundant I think. My understanding of CoPP is that it is used to protect the device's CPU from for example excessive connections that terminate on the device or any packet that the device would have to process in CPU and not in hardware. CoPP not only allows you to rate limit the traffic but it also allows you to permit/deny the source of the traffic terminating on the device itself. This way you don't have to apply an access-list to every L3 interface on the device to protect it (which could be a pain to manage on routers with a lot of interfaces). CoPP is also a more efficient way to protect the device since it won't have to process (inspect) every packet going through it but only traffic terminating on it. HTH, Rogelio _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
