Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 192

How to Configure a Device for Management Plane Protection
Command or Action
Step 4
inband
Example:
RP/0/RP0/CPU0:router(config-mpp)# inband
RP/0/RP0/CPU0:router(config-mpp-inband)#
Step 5
interface {type instance | all}
Example:
RP/0/RP0/CPU0:router(config-mpp-inband)# interface
GigabitEthernet 0/6/0/1
RP/0/RP0/CPU0:router(config-mpp-inband-Gi0_6_0_1)#
Step 6
allow {protocol | all} [peer]
Example:
RP/0/RP0/CPU0:router(config-mpp-inband-Gi0_6_0_1)#
allow Telnet peer
RP/0/RP0/CPU0:router(config-telnet-peer)#
Step 7
address ipv4 {peer-ip-address | peer
ip-address/length}
Example:
RP/0/RP0/CPU0:router(config-telnet-peer)# address
ipv4 10.1.0.0/16
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-186
Implementing Management Plane Protection on Cisco IOS XR Software
Purpose
Configures an inband interface and enters
management plane protection inband configuration
mode.
Configures a specific inband interface, or all inband
interfaces. Use the interface command to enter
management plane protection inband interface
configuration mode.
Use the all keyword to configure all interfaces.
•
Configures an interface as an inband interface for a
specified protocol or all protocols.
Use the protocol argument to allow
•
management protocols on the designated
management interface.
– HTTP or HTTPS
SNMP (also versions)
–
Secure Shell (v1 and v2)
–
TFTP
–
Telnet
–
Use the all keyword to configure the interface to
•
allow all the management traffic that is
specified in the list of protocols.
(Optional) Use the peer keyword to configure
•
the peer address on the interface.
Configures the peer IPv4 address in which
management traffic is allowed on the interface.
Use the peer-ip-address argument to configure
•
the peer IPv4 address in which management
traffic is allowed on the interface.
Use the peer ip-address/length argument to
•
configure the prefix of the peer IPv4 address.
OL-20382-01