[c-nsp] TIL: Maintenance Operations Protocol (MOP)

Nick Hilliard nick at foobar.org
Wed Apr 13 12:05:00 EDT 2022


Drew Weaver wrote on 05/08/2021 19:20:
> Yes, in my research I noticed that OS image age has nothing to do
> with it. Newer images with different trains have it enabled, older
> images in totally other trains as well.
> 
> Also even though it appears to emulate VTY simply configuring the
> transports doesn't disable it.
> 
> I mostly mentioned it because when I did some Googling I noticed it
> is referenced as being included in IOS XE.
> 
> It should be forcibly removed entirely in my opinion.
looping back on this, Cisco have opened a couple of bug IDs (CSCwa57951 
and CSCwa91505), and have (re-)published a blog entry here:

> https://blogs.cisco.com/security/router-spring-cleaning-no-mop-required-again

tl;dr: fixes will appear in ios XE 17.9(1). Until then, "no mop enabled" 
will be required on a per-interface basis.

Thanks to all in Cisco for getting this on the dev+fix radar!

Nick


More information about the cisco-nsp mailing list