It is recommended to implement the separation of management and data/customer traffic in your Huawei Service Routers (e.g. NE40E Series). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. These are the steps on hardening the security on Huawei Routers. Management instance can be configured using these commands: ip vpn-instance STRING<1-31> description TEXT<1-242> ipv4-family Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization…
Tag: <span>management</span>
Objective: To separate management traffic from data/customer traffic in your Huawei Routers Preferably, Data and Management are into 2 separate network domains. Pre-requisite: UTP cables (for each MPU management port in case for switchover) are connected to a network switch to access the OOB management gateway To go configuration mode: system-view To preview configuration change before commiting display configuration candidate * * Management IP Configuration* * a. Configure the vpn instance for management ip vpn-instance <vpn instance name> description <description> ipv4-family b. Set…
One of the best security practices in networking is separation of management traffic and data/control traffic. One way to achieve this is to use the management ports of Juniper devices to physically connect it preferably to different network. The management Ethernet interface is usually em0 or fxp0 in Juniper, and provides out-of-band(OOB)management network of the device. Assuming UTP cables are already connected to both management ports of both routing engine (RE) of the Juniper devices, here are the steps to…
Leave a Comment