Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1071
Views
0
Helpful
0
Replies

Netconf Security

rthakker
Level 1
Level 1

‎05-28-2020 04:55 AM

Hi,

 

Apology for the basic question, I am enabling Netconf on XR & XE platform but I am bit worried about security aspect of the Netconf so trying to grant least privilege access to the client.

 

  • When configuring CoPP on Cisco Device, under control-plane section do I have to allow client to SSH and Netconf both or I can only allow Netconf and it will work?

 

  •  My Netconf user is authenticated / authorised by TACACS so is there anyway to restrict what can User do? for example user should be able to do get and get-config but shouldn't be able to run edit-config, reload chassis, etc..?

 

  • Is there any way to monitor from XR and XE device what Netconf activity (get, get-config, edit-config, etc..)  using SNMP polling (Any OIDs) or Trap or Syslog message to assist in Audit trail? 

 

Any advice is greatly appreciated,

Ritesh

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents