Implementing Management Plane Protection on Cisco IOS XR Software
How to Configure a Device for Management Plane Protection
SC-186
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Step 4
inband
Example:
RP/0/RP0/CPU0:router(config-mpp)# inband
RP/0/RP0/CPU0:router(config-mpp-inband)#
Configures an inband interface and enters
management plane protection inband configuration
mode.
Step 5
interface {type instance | all}
Example:
RP/0/RP0/CPU0:router(config-mpp-inband)# interface
GigabitEthernet 0/6/0/1
RP/0/RP0/CPU0:router(config-mpp-inband-Gi0_6_0_1)#
Configures a specific inband interface, or all inband
interfaces. Use the interface command to enter
management plane protection inband interface
configuration mode.
• Use the all keyword to configure all interfaces.
Step 6
allow {protocol | all} [peer]
Example:
RP/0/RP0/CPU0:router(config-mpp-inband-Gi0_6_0_1)#
allow Telnet peer
RP/0/RP0/CPU0:router(config-telnet-peer)#
Configures an interface as an inband interface for a
specified protocol or all protocols.
• Use the protocol argument to allow
management protocols on the designated
management interface.
–
HTTP or HTTPS
–
SNMP (also versions)
–
Secure Shell (v1 and v2)
–
TFTP
–
Telnet
• Use the all keyword to configure the interface to
allow all the management traffic that is
specified in the list of protocols.
• (Optional) Use the peer keyword to configure
the peer address on the interface.
Step 7
address ipv4 {peer-ip-address | peer
ip-address/length}
Example:
RP/0/RP0/CPU0:router(config-telnet-peer)# address
ipv4 10.1.0.0/16
Configures the peer IPv4 address in which
management traffic is allowed on the interface.
• Use the peer-ip-address argument to configure
the peer IPv4 address in which management
traffic is allowed on the interface.
• Use the peer ip-address/length argument to
configure the prefix of the peer IPv4 address.
Command or Action Purpose
To Next Page
Loading...
