EasyManua.ls Logo

Cisco CRS-1 - Carrier Routing System Router - Page 190

Cisco CRS-1 - Carrier Routing System Router
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Implementing Management Plane Protection on Cisco IOS XR Software
How to Configure a Device for Management Plane Protection
SC-184
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Management Plane Protection Feature
The MPP protection feature, as well as all the management protocols under MPP, are disabled by default.
When you configure an interface as either out-of-band or inband, it automatically enables MPP.
Consequently, this enablement extends to all the protocols under MPP.
If MPP is disabled and a protocol is activated, all interfaces can pass traffic.
When MPP is enabled with an activated protocol, the only default management interfaces allowing
management traffic are the route processor (RP) and standby route processor (SRP) Ethernet interfaces.
You must manually configure any other interface for which you want to enable MPP as a management
interface, using the MPP CLI that follows. Afterwards, only the default management interfaces and those
you have previously configured as MPP interfaces will accept network management packets destined for
the device. All other interfaces drop such packets.
Note Logical interfaces (or any other interfaces not present on the data plane) filter packets based on the
ingress physical interface.
After configuration, you can modify or delete a management interface.
Following are the management protocols that the MPP feature supports. These management protocols
are also the only protocols affected when MPP is enabled.
SSH, v1 and v2
SNMP, all versions
Telnet
TFTP
HTTP
HTTPS
Benefits of the Management Plane Protection Feature
Implementing the MPP feature provides the following benefits:
Greater access control for managing a device than allowing management protocols on all interfaces.
Improved performance for data packets on non-management interfaces.
Support for network scalability.
Simplifies the task of using per-interface access control lists (ACLs) to restrict management access
to the device.
Fewer ACLs are needed to restrict access to the device.
Prevention of packet floods on switching and routing interfaces from reaching the CPU.
How to Configure a Device for Management Plane Protection
This section contains the following tasks:
Configuring a Device for Management Plane Protection for an Inband Interface, page SC-185

Table of Contents

Other manuals for Cisco CRS-1 - Carrier Routing System Router

Preview: Administration Guide
Administration Guide436 pages
Preview: Getting Started Guide
Getting Started Guide289 pages
Preview: Troubleshooting Guide
Troubleshooting Guide264 pages
Preview: Migration Guide
Migration Guide250 pages
Preview: Api Guide
Api Guide127 pages
Preview: Hardware Installation Guide
Hardware Installation Guide104 pages

Related product manuals