09-26-2018 05:25 AM - edited 03-10-2019 01:05 AM
Hello,
We would like to implement MPP on our Routers and Switches to limit Mgmt Protocols to specific interfaces.
I was reading about the advantages of MPP over regular ACL applied to interfaces that when a Management Protocol traffic arrived to an untrusted interface, the CPU is not punted thus preventing DOS attacks
The thing is that we want also to limit the source subnet that is allowed to SSH the Routers for Managing the devices via :
ip access-list extended ACL-Src-Subnet
permit tcp 10.10.77.0 0.0.255 eq 22
line vty 0 4
access-class ACL-Src-Subnet in
Will this configuration punt the CPU and defeat the purpose of MPP ?
Please advise
09-26-2018 05:57 AM
how is your configuration for the MPP, any specific interface ? do you have any specific OOB in place ?
09-26-2018 06:44 AM
09-26-2018 07:59 AM
09-26-2018 08:17 AM
09-26-2018 08:21 AM
09-26-2018 11:50 PM
Hello,
Thank you for the clarification , really helpful.
12-06-2019 08:18 PM
I just watch a video over at networklessons.com where they enforce MPP and show that it silently drops the denied packets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide