03-31-2021 06:00 AM
Hej
NCS5508 version 7.2.2
I have been trying to apply MPP to our new devices, and was intending to use "apply-group" to shorten the configuration.
I want to enable access only from Bundle-Ether interfaces and using the below wild card. (I have also used 'Bundle-Ether *'), but it does not work.
However, if I apply a Bundle-Ether directly under management-plane inband then it works.
Could use some help.
Regards
group INBAND-MGMT control-plane management-plane inband interface 'Bundle-Ether*' allow SSH peer address ipv4 1.2.3.4 ! ! control-plane management-plane inband apply-group INBAND-MGMT
Solved! Go to Solution.
03-31-2021 06:11 AM
Hi,
the apply group will help you with the additional configuration, not the interfaces themselves, you will still need to list them under control-plane.
example
group APPLYGROUP control-plane management-plane inband interface 'TenGigE.*' allow SNMP peer address ipv4 1.2.3.0/24 Under control-plane management configure the interfaces: control-plane management-plane inband interface TenGigE0/0/0/0 ! interface TenGigE0/0/0/1 Once you have configured the interfaces you may then apply the flex-CLi group: control-plane management-plane inband apply-group APPLYGROUP Now this Flex-CLI will match the criteria apply the configuration. RP/0/RP0/CPU0:NCS5501-C#show mgmt-plane Management Plane Protection inband interfaces ---------------------- interface - TenGigE0_0_0_0/ snmp configured - peer v4 allowed - 1.2.3.0/24 interface - TenGigE0_0_0_1/ snmp configured - peer v4 allowed - 1.2.3.0/24
03-31-2021 06:11 AM
Hi,
the apply group will help you with the additional configuration, not the interfaces themselves, you will still need to list them under control-plane.
example
group APPLYGROUP control-plane management-plane inband interface 'TenGigE.*' allow SNMP peer address ipv4 1.2.3.0/24 Under control-plane management configure the interfaces: control-plane management-plane inband interface TenGigE0/0/0/0 ! interface TenGigE0/0/0/1 Once you have configured the interfaces you may then apply the flex-CLi group: control-plane management-plane inband apply-group APPLYGROUP Now this Flex-CLI will match the criteria apply the configuration. RP/0/RP0/CPU0:NCS5501-C#show mgmt-plane Management Plane Protection inband interfaces ---------------------- interface - TenGigE0_0_0_0/ snmp configured - peer v4 allowed - 1.2.3.0/24 interface - TenGigE0_0_0_1/ snmp configured - peer v4 allowed - 1.2.3.0/24
04-06-2021 01:32 AM
Thanks for the help I found the problem I had. I needed "." in the wildcard
So instead of 'Bundle-Ether*' I needed to do 'Bundle-Ether.*' . A small thing but made it work.
RP/0/RP0/CPU0:test4p1dk(config-mpp-inband)#do show mgmt-plane
Tue Apr 6 10:29:57.741 CEST
Management Plane Protection
inband interfaces
----------------------
interface - Bundle-Ether666/
ssh configured -
peer v4 allowed - 1.2.3.4
03-31-2021 06:35 AM
I followed what you did step by step but it does not seem to work.
1) Created Group
2) Configure interface under MGMT plane
3) Apply Group
control-plane management-plane inband apply-group INBAND-MGMT interface Bundle-Ether666 ! !
I only see the Outband MGMT interface still.
RP/0/RP0/CPU0:test4p1dk(config)#do show mgmt-plane Wed Mar 31 15:34:53.022 CEST Management Plane Protection outband interfaces ---------------------- interface - MgmtEth0_RP0_CPU0_0/ ssh configured - peer v4 allowed - 4.3.2.1 interface - MgmtEth0_RP1_CPU0_0/ ssh configured - peer v4 allowed - 4.3.2.1 RP/0/RP0/CPU0:test4p1dk(config)#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide