[c-nsp] CSCuy29638 - MPLS (for IPv4) Brokenness Fixed - ASR920
Charles Sprickman
spork at bway.net
Sat Aug 6 13:31:32 EDT 2016
> On Aug 6, 2016, at 11:30 AM, Nick Hilliard <nick at foobar.org> wrote:
>
> On 5 Aug 2016, at 11:02, Saku Ytti <saku at ytti.fi> wrote:
>> I disappointed Cisco does not mention CoPP at all.
>
> Or running ntp in a vrf, although that didn't stop problems with the last bad ntp bug on ios.
Being primarily a sysadmin, it’s always perplexed me why IOS binds services to every
active interface by default and provides no simple configuration directive to specify
which interface a service (ntp, ssh, tftp, snmp, etc.) should listen on. This is the norm
on *nix since the ’90’s. Even if some daemon listens on all configured IPs, there’s going
to be a config option to the daemon to specify which IP to bind to.
How easy would this make configuring things:
interface loopback0 ip address 10.10.10.101
ip ssh listen loopback0
ip ntp listen loopback0
ip snmp listen loopback0
ip access-list mgmt
permit from mgmt-ips to 10.10.10.101
deny from all
That seems so much simpler than CoPP and other baroque options to limit
management traffic…
Charles
>
> Nick
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list