Planes are the logical layers. Cisco uses planes to describe a specific functionality of a device in the network. In a controller-based network, you can move a plane from one device to another device or cloud.
All Cisco devices use three planes in their architecture to describe the functionalities they provide in the network. These planes are the data plane, control plane, and management plane.
The data plane
The data plane is the most active plane on the device. It is responsible for storing the information in the tables and making decisions based on the information stored in the tables. It is also known as the forwarding plane. It contains all logical and physical components that control the forwarding of a frame on the switch or a packet on the router.
When a packet enters the router, it checks the routing table to make the forwarding decision. After making the forwarding decision, it forwards or discards the packet based on the forwarding decision. On a switch, it checks the CAM or MAC table to make the forwarding decision for incoming frames.
All data processing-related functions such as packet or frame forwarding, access control lists, packet inspections, QoS, encapsulating and de-encapsulating traffic as it arrives at and leaves the router, adding and removing packet headers as needed, dropping traffic that hits a deny statement on an ACL happen at the data plane.
The control plane
The control plane provides all the information the data plane needs to process the data. It is responsible for running the different protocols on the device, such as routing protocols and layer two protocols.
By running these protocols, it learns information about the network and then stores that information in tables. For example, from a routing protocol such as OSPF (Open Shortest Path First) and EIGRP (Enhanced Interior Gateway Routing Protocol), it learns the network routes and then stores them in the routing table. It also handles the exchange of routing information and makes decisions, such as what goes into the routing table.
The control plane executes logic to create, manage, and populate routing tables. However, it does not use the populated data. The data plane uses the populated data.
The Management Plane
The management plane controls everything we need to log into the network device. It authenticates anyone who tries to access the device, authorizes the actions of individuals, and provides accounting features.
It also includes the components we use to manage the devices, such as the console and auxiliary ports. SNMP, HTTP, and HTTPs are part of it.
Differences between the data, control, and management planes
The following table compares the data plane, control plane, and management plane and lists their differences.
| Criteria | Data plane | Control plane | Management plane |
| Function | Forwarding incoming frames and packets | Collecting the information the data plane needs to take the forwarding decision | Providing an interface to access the device for management purposes |
| Protocols/components | Routing tables, CAM or MAC tables, ACLs, QoS, HDLC, PPP | RIP, IGRP, OSPF, EIGRP, STP, CDP, VTP | SNMP, HTTP, HTTPs, Telnet, SSH |
| Work with data packets/frames | Yes | No | No |
| Functionalities can be moved out of the device | No | Yes | Yes |
