© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Cisco Network Foundation Protection Securing the Management Plane
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Protocols of the Management Plane Telnet SNMP SSH HTTP HTTPS
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Tools Used to Secure the Management Plane Cisco MPP feature for Cisco IOS Release 12.4(6)T SSH access only ACLs on the vty ports Cisco IOS Software login enhancement Role-based CLI views
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Cisco IOS MPP AttackerAdministrator Denied! Fa0/0 Fa0/1
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Securing the Management Plane router(config)# control-plane host router(config-cp-host)# management-interface FastEthernet 0/0 allow ssh snmp Administrator Fa0/0
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Verifying MPP router# show management-interface Management interface FastEthernet0/0 Protocol Packets processed ssh 84 snmp 1203 Administrator Fa0/0
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v Summary The management plane performs management functions for a network device. Several tools are available to secure the management plane. The Cisco MPP feature allows you to designate one or more router interfaces as management interfaces. There are three steps used to configure MPP. Use the show management-interface command to verify MPP.
© 2007 Cisco Systems, Inc. All rights reserved.SNRS v2.03-8