Module 10 Flashcards
Step 1 of designing a ZPF
Determine the zones
Step 2 of designing a ZPF
Establish policies between zones
Step 3 of designing a ZPF
Design the physical infrastructure
Step 4 of designing a ZPF
Identify subsets within zones and merge traffic requirements
Are ZPFs dependent on ACLs? (benefit)
No
What is Cisco Common Classification Policy Language (C3PL)? (benefit)
A structured method to create traffic policies based on events, conditions, and actions
What does C3PL provide? (benefit)
Scalability
How does C3PL provide scalability? (benefit)
One policy affects any given traffic, instead of needing multiple ACLs and inspection actions for different types of traffic
What can be grouped into zones? (benefit)
Virtual and physical interfaces
What are policies applied to? (benefit)
Unidirectional traffic between zones
What does the action ‘inspect’ do?
Performs Cisco IOS stateful packet inspection
What does the action ‘drop’ do?
Similar to deny statement in an ACL. Log option is available to log the rejected packets
What does the action ‘pass’ do?
Similar to permit statement in an ACL. Pass action does not track the state of connections or sessions within the traffic
Neither interface is a zone member. (inspect, drop, pass)
Traffic passes
Both interfaces are members of the same zone. (inspect, drop, pass)
Passes because they are both members
