It is recommended to implement the separation of management and data/customer traffic in your Juniper devices (e.g. QFX Series Switches, MX Series). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, implement central network management that can impose security protocol to…
Tag: <span>NTP</span>
Objective: To separate management traffic from data/customer traffic in your Cisco XR routers. Preferably, Data and Management are into 2 separate network domains. Pre-requisite: UTP cables (for each RSP management port in case for switchover) are connected to a network switch to access the OOB management gateway * * Management IP Configuration* * 1. Configure the vrf for management vrf management description VRF for Out-of-Band address-family ipv4 unicast 2. Set the physical IP address on each RSP management port. There are total of…
Cisco IOS e.g. Vlan10 = interface management vlan NTP Server = 192.168.10.100 conf t 1. Configure ACL to deny NTP requests and query access-list 100 remark to block NTP requests and query access-list 100 deny any 2. Configure ACL to allow only the NTP servers to peer or synch with access-list 200 remark NTP to peer access-list 200 permit 192.168.10.100 access-list 200 deny any 3. Configure NTP conf t ntp source Vlan10 ntp access-group peer 200 ntp access-group serve 100 ntp access-group…
Leave a Comment