SC-227
Cisco IOS XR System Security Configuration Guide
Implementing Management Plane Protection on
Cisco IOS XR Software
The Management Plane Protection (MPP) feature in Cisco IOS XR software provides the capability to
restrict the interfaces on which network management packets are allowed to enter a device. The MPP
feature allows a network operator to designate one or more router interfaces as management interfaces.
Device management traffic may enter a device only through these management interfaces. After MPP is
enabled, no interfaces except designated management interfaces accept network management traffic
destined to the device.
Restricting management packets to designated interfaces provides greater control over management of
a device, providing more security for that device. The following other benefits are described:
• Improved performance for data packets on nonmanagement interfaces.
• Support for network scalability.
• Need for fewer access control lists (ACLs) to restrict access to a device, and prevention of
management packet floods on switching and routing interfaces from reaching the CPU.
For information on MPP commands, see the Management Plane Protection Commands on Cisco IOS XR
Software module in Cisco IOS XR System Security Command Reference.
Feature History for Implementing Management Plane Protection on Cisco IOS XR Software
Contents
• Restrictions for Implementing Management Plane Protection, page SC-228
• Information About Implementing Management Plane Protection, page SC-228
• How to Configure a Device for Management Plane Protection, page SC-229
• Configuration Examples for Implementing Management Plane Protection, page SC-232
• Additional References, page SC-233
Release Modification
Release 3.5.0 This feature was introduced on the Cisco CRS-1 and
Cisco XR 12000 Series Router.
To Next Page
Loading...
Need help?
General
