PrepAway - Latest Free Exam Questions & Answers

Which of the following is accomplished by implementing MPP on a router? (Select the best answer.)

Which of the following is accomplished by implementing MPP on a router? (Select the best answer.)

A. Only hosts on a particular subnet will be able to remotely manage the router.

B. Only hosts that are connected to a particular interface will be able to remotely manage the router.

C. Only hosts that perform 802.1X authentication will be able to remotely manage the router.
D. Only hosts that use SSH will be able to remotely manage the router.

Explanation:

Only hosts that are connected to a particular interface will be able to remotely manage the router.
Implementing Management Plane Protection (MPP) does not restrict remote management capability only to hosts on a particular subnet or only to hosts that perform 802.1X authentication.
MPP is a feature that restricts the interfaces and protocols over which remote administration can be performed. When MPP is configured, only traffic that enters the management interface can be used to remotely manage the device. Any management traffic from protocols that are not allowed by MPP will be dropped. If any other interface receives management traffic that is destined for the device, that traffic will also be dropped.
To enable MPP on a device, you should first issue the controlplanehost command in global configuration mode. Issuing the controlplane host command will place the router in controlplanehost configuration mode, where you should issue the management-interface command. The syntax of the managementinterface command is management interface interface allow protocols. The following protocols can be used with MPP:

– Blocks Extensible Exchange Protocol (BEEP)
– File Transfer Protocol (FTP) – Hypertext Transfer Protocol (HTTP)
– Secure HTTP (HTTPS)
– Simple Network Management Protocol (SNMP)
– Secure Shell (SSH) v1 and v2
– Telnet
-Trivial FTP (TFTP)

Multiple protocols can be specified in the management-interface command? each protocol should be separated by a space. For example, the following command set allows SSH and SNMP on FastEthernet0/1:

Router1(config)#controlplane host
Router1(configcphost)#managementinterface FastEthernet0/1 allow ssh snmp

If you issue the management-interface command for an interface that is already configured with the managementinterface command, the specified management protocols will be added to those that are already configured for that interface. If you issue the management-interface command twice, each time specifying a different interface, you can perform remote management over either of those interfaces.
MPP configures an interface as an inband management interface, which is also called a shared management interface. An inband management interface accepts both management packets and normal data packets. An outofband management interfaceaccepts only management traffic. The MPP feature on IOS devices can only be configured for inband management. The MPP feature on IOS XR highend routers can be configured for inband or outofband management.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html


Leave a Reply