Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1085
Views
0
Helpful
0
Replies

MPP-Management Plane Protection (MPP) not working on ASR9K

gff
Level 1
Level 1

‎05-11-2018 07:12 AM - edited ‎02-21-2020 07:45 AM

I am running IOS XR 6.1.4, with SP3 applied, on several new ASR9K's.  I would like to implement MPP to disallow management protocols on all but a few inband interfaces.

 

When I implement something like follows I can still ssh to ANY interface on the routers.  My understanding is that when MPP is configured ONLY interfaces and protocols specifically allowed will work and all others will be blocked.  What could I be doing wrong?

 

control-plane
management-plane
inband
interface Loopback0
allow SSH
allow SNMP
allow TFTP
!
interface GigabitEthernet0/0/0/0.40
allow SSH
!
!
!
!

 

It seems to be configured properly based on show mgmt-plane

 

RP/0/RSP0/CPU0:#show mgmt-pl
Fri May 11 09:09:32.525 CDT


Management Plane Protection

inband interfaces
----------------------

interface - Loopback0
ssh configured -
All peers allowed
snmp configured -
All peers allowed
tftp configured -
All peers allowed

interface - GigabitEthernet0/0/0/0.40
ssh configured -
All peers allowed

Thanks

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card