Implementing Management Plane Protection on Cisco IOS XR Software
How to Configure a Device for Management Plane Protection
SC-189
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Step 6
interface {type instance | all}
Example:
RP/0/RP0/CPU0:router(config-mpp-outband)# interface
GigabitEthernet 0/6/0/2
RP/0/RP0/CPU0:router(config-mpp-outband-Gi0_6_0_2)#
Configures a specific out-of-band interface, or all
out-of-band interfaces, as an out-of-band interface.
Use the interface command to enter management
plane protection out-of-band configuration mode.
• Use the all keyword to configure all interfaces.
Step 7
allow {protocol | all} [peer]
Example:
RP/0/RP0/CPU0:router(config-mpp-outband-Gi0_6_0_2)#
allow TFTP peer
RP/0/RP0/CPU0:router(config-tftp-peer)#
Configures an interface as an out-of-band interface
for a specified protocol or all protocols.
• Use the protocol argument to allow
management protocols on the designated
management interface.
–
HTTP or HTTPS
–
SNMP (also versions)
–
Secure Shell (v1 and v2)
–
TFTP
–
Telnet
• Use the all keyword to configure the interface to
allow all the management traffic that is
specified in the list of protocols.
• (Optional) Use the peer keyword to configure
the peer address on the interface.
Step 8
address ipv6 {peer-ip-address | peer
ip-address/length}
Example:
RP/0/RP0/CPU0:router(config-tftp-peer)# address ipv6
33::33
Configures the peer IPv6 address in which
management traffic is allowed on the interface.
• Use the peer-ip-address argument to configure
the peer IPv6 address in which management
traffic is allowed on the interface.
• Use the peer ip-address/length argument to
configure the prefix of the peer IPv6 address.
Command or Action Purpose
To Next Page
Loading...
