06-09-2020 12:56 PM
Apology for the basic question, I am enabling Netconf on XR & XE platform but I am bit worried about security aspect of the Netconf so trying to grant least privilege access to the client.
Any advice is greatly appreciated,
Ritesh
06-10-2020 06:48 AM - edited 06-10-2020 06:49 AM
Hi
This seems like a "how do i configure my router" question (meaning, what locks down the packets _inside my box_) as opposed to a "how does NSO communicate NETCONF securely to its soutbound devices..."
There are quite a few Cisco resources available for CoPP, and of course each implementation is OS-specific (XE/XR/NX) and in many cases "platform" specific (i.e. exact HW... because of forwarding behavior inside a platform (mainly on punt-paths of control plane/management plane packets) -- so really, your question about CoPP seems likely better addressed first.
Maybe these help:
https://tools.cisco.com/security/center/resources/copp_best_practices
https://www.cisco.com/en/US/docs/general/Test/dwerblo/broken_guide/copp.html
https://networklessons.com/cisco/ccie-routing-switching-written/copp-control-plane-policing
https://www.oreilly.com/library/view/router-security-strategies/9781587053368/
hth -
gregg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide