Hi
so this is the thing you can easily source how traffic leaves the router by which interface with setting the source for that traffic , now currently if you want to redirect traffic back in by say a particular interface port you need to use acls to block it coming back in through the other ports , we have done this for security its time consuming and is not the best method and the acls become very lengthy when using a lot of MGMT protocols and devices
There is another feature called MPP but its not fully released yet in ios-xe but I have a feature enhancement request open with Cisco currently to get it added , its there in cli but its not fully supported so you will have issues when trying to use it
Im hoping the feature gets pushed soon in the next release or two , I have been told it should be fingers crossed
don't use telnet its not secure and you can see your password if someone sniffs the wire even on the lan locally , use ssh version 2 , set the keys to at least 1024
*****************************************
This is what I got back before I raised the enhancement
As per the information the feature MPP is not supported on ASR1k(IOS-XE) as of now. Please refer feature navigator link below:
http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/by-feature-technology.jsp
From the link above you can select the feature "Management plane protection" and you will find the supported platforms. Unfortunately this is not yet supported on IOS-XE platforms. Digging internally I could find an enhancement bug as well to add this feature for IOS-XE which was raised earlier however the DDTS was in closed since there was no relevant request raised at that time. You may find the DDTS information from the link below:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCts41086/?reffering_site=dumpcr
