Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Implementing Management Plane Protection on Cisco IOS XR Software

How to Configure a Device for Management Plane Protection

SC-229

Cisco IOS XR System Security Configuration Guide

Examples of protocols processed in the management plane are Simple Network Management Protocol

(SNMP), Telnet, HTTP, Secure HTTP (HTTPS), and SSH. These management protocols are used for

monitoring and for command-line interface (CLI) access. Restricting access to devices to internal

sources (trusted networks) is critical.

Management Plane Protection Feature

The protocol, which is used for the MPP feature, is disabled by default. When a protocol is enabled, the

only default management interfaces can be the RP and standby route processor (SRP) Ethernet interfaces

that allow only management traffic. You must configure other interfaces by using the MPP CLI as

management interfaces. The feature does provide default management interfaces, such as RP and SRP

Ethernet interfaces, which are out-of-band interfaces that allow only management traffic. Using a single

CLI command, you can configure, modify, or delete a management interface. When you configure a

management interface, no interfaces except that management interface accept network management

packets destined to the device.

Following are the management protocols that the MPP feature supports. These management protocols

are also the only protocols affected when MPP is enabled.

• SSH, v1 and v2

• SNMP, all versions

• Telnet

• TFTP

• HTTP

• HTTPS

Benefits of the Management Plane Protection Feature

Implementing the MPP feature provides the following benefits:

• Greater access control for managing a device than allowing management protocols on all interfaces.

• Improved performance for data packets on nonmanagement interfaces.

• Support for network scalability.

• Simplifies the task of using per-interface ACLs to restrict management access to the device.

• Fewer access control lists (ACLs) are needed to restrict access to the device.

• Prevention of packet floods on switching and routing interfaces from reaching the CPU.

How to Configure a Device for Management Plane Protection

This section contains the following task:

• Configuring a Device for Management Plane Protection, page SC-230

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.