Solved: Re: ISR 4331 missing comands

Garrison Botts · ‎02-15-2018

Hello,

New to the ISR 4400s and I'm finding that there are some commands that seem to be missing.. I'm trying to do very simple things like prevent snmp,ssh, etc.. to any IP other than the management interface (G0)..

I've tried using MPP - the "control-plane host" command is missing.

I've tried using ACL/Class Map/Policy Map/ Service-Policy - the "drop" command is missing from the Policy Map ...

Is there something I've not done? This routers are right out the box and have the version of code isr4400-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin...

Thanks for any help..

Mark Malone · ‎02-15-2018

id say its in the sec license but the feature navigator link i provided should show you exactly you can pick the software and license version and see what features are available for that platform/software

View solution in original post

Mark Malone · ‎02-15-2018

MPP should be in that code i use it , what does it show you when you check the help ?
i have 155.3 in flash but moved up slightly recently

XXX(config)#control-plane host
XXX(config-cp-host)#?
Control Plane host configuration commands:
exit Exit from control-plane host configuration mode
management-interface Configure interface for receiving network management traffic
no Negate or set default values of a command

XXX(config-cp-host)#do sh ver | i 15
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S5a, RELEASE SOFTWARE (fc3)
System image file is "bootflash:isr4300-universalk9.03.16.05a.S.155-3.S5a-ext.SPA.bin"
XXX(config-cp-host)#

Garrison Botts · ‎02-15-2018

That's what's so crazy... I'm only seeing :

nR-IR-02(config-cp)#?
Control Plane configuration commands:
exit Exit from control-plane configuration mode
no Negate or set default values of a command
service-policy Configure QOS Service Policy

nR-IR-02(config-cp)#do sh ver | i 15
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
System image file is "bootflash:isr4400-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin"

Mark Malone · ‎02-15-2018

hmm what license you got running i got appxk9, securityk9,ipbasek9 and voice but it wouldnt be in the uck

feature navigator

http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/index.jsp

Garrison Botts · ‎02-15-2018

Cisco just checked and it looks like just the base license... one would think that the control plane configuration would be on that seeing as how it's to secure the router... I'm gonna have to do a little research with the customer to see what the deal is..

Mark Malone · ‎02-15-2018

id say its in the sec license but the feature navigator link i provided should show you exactly you can pick the software and license version and see what features are available for that platform/software

Garrison Botts · ‎02-19-2018

I'm pretty much in agreement here... I'm looking at the security license... It's crazy to me that "securing" the actual control plane would require a different license nowadays...

Garrison Botts · ‎02-15-2018

I've got Cisco TAC verifying that supposedly as we speak....

bcoverstone · ‎03-12-2024

I have one of the ISR 4400s with the securityk9 and it also is missing the "control-plane host" command. After over an hour of searching, there isn't any good documentation on the difference between IOS and IOS-XR, but this appears to be one of those things. (it's also how I found this post)

For future people Googling this, the IOS-XE COPP/COPR is handled differently than IOS and works on control-plane instead of control-plane host.

I believe this is the documentation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-6/configuration_guide/sec/b_166_sec_3850_cg/configuring_control_plane_policing.html