The MPP protection feature, as well as all the management protocols under MPP, are disabled by default. When you configure
an interface as either out-of-band or inband, it automatically enables MPP. Consequently, this enablement extends to all the
protocols under MPP.
If MPP is disabled and a protocol is activated, all interfaces can pass traffic.
When MPP is enabled with an activated protocol, the only default management interfaces allowing management traffic are the
route processor (RP) and standby route processor (SRP) Ethernet interfaces. You must manually configure any other interface
for which you want to enable MPP as a management interface, using the MPP CLI that follows. Afterwards, only the default management
interfaces and those you have previously configured as MPP interfaces will accept network management packets destined for
the device. All other interfaces drop such packets.
Note
|
Logical interfaces (or any other interfaces not present on the data plane) filter packets based on the ingress physical interface.
|
After configuration, you can modify or delete a management interface.
Following are the management protocols that the MPP feature supports. These management protocols are also the only protocols
affected when MPP is enabled.
-
SSH, v1 and v2
-
SNMP, all versions
-
Telnet
-
TFTP
-
HTTP
-
HTTPS