06-18-2018 07:00 AM - edited 03-08-2019 03:24 PM
I have an ASR that I'm using to connecting our ExpressRoutes and 10G links back to our headquarters. I'd like to add our DIA as well but I'm having a hard time finding out how to setup security on this device. (ie, block SSH, SNMP, HTTPS from the DIA interface, etc) Some reading indicates that I should be able to use ZONES on it but the commands are unrecognized on my unit. Do I need an upgrade to be able to use ZONES? Is there a different way I should be implementing security on this device?
EQX-DA2-ASR#show rom-monitor r0
System Bootstrap, Version 15.4(2r)S, RELEASE SOFTWARE (fc1)
Copyright (c) 1994-2014 by cisco Systems, Inc.
EQX-DA2-ASR#show platform
Chassis type: ASR1001-X
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1001-X ok 1d04h
0/0 BUILT-IN-2T+6X1GE ok 1d04h
R0 ASR1001-X ok, active 1d04h
F0 ASR1001-X ok, active 1d04h
P0 ASR1001-X-PWR-AC ok 1d04h
P1 ASR1001-X-PWR-AC ok 1d04h
P2 ASR1001-X-FANTRAY ok 1d04h
Slot CPLD Version Firmware Version
--------- ------------------- ---------------------------------------
0 14041015 15.4(2r)S
R0 14041015 15.4(2r)S
F0 14041015 15.4(2r)S
Solved! Go to Solution.
06-18-2018 07:57 AM
Hello,
you need at least IOS XE Release 2.1 for the ZBF feature to be available...
That said, if all you want to do is block certain protocols from the interface, why not use an access list ?
06-18-2018 07:57 AM
Hello,
you need at least IOS XE Release 2.1 for the ZBF feature to be available...
That said, if all you want to do is block certain protocols from the interface, why not use an access list ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide