Management Plane Access Control (MPAC) enhances system security by protecting devices against Denial of Service (DoS) attacks.
In a common deployment scenario, the router may run multiple services at the same time, such as routing services OSPF and BGP, MPLS services LDP and RSVP, system service TFTP server, and diagnostic functions ping and tracert.
This enables attackers to send various attack packets to the router. Unless protective features such as MPAC are enabled, the router sends packets destined for its interfaces (including the loopback interface) directly to the CPU without any filtering. As a result, CPU and system resources are wasted and the system comes under DoS attacks.
To prevent such attacks, define an MPAC policy to filter packets.