Configuring In-band Management

Enabling In-band Management in an Instance

Syntax:

set inband management instance <instance-name>

Attribute	Description
<instance-name>	Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command

Attribute

Description

<instance-name>

Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command

Example: In-band Management in an Instance

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
        }
      ]
    }

Enabling In-band Management Services

Syntax:

set inband management instance <instance-name> <service> <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command
<service>	Specifies the service to be enabled (ssh ,telnet, ctrld, ntp, tacacs, all)
<true \| false>	A `true` value enables the service. A `false` value disables the service.

<instance-name>

routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command

Specifies the service to be enabled (ssh ,telnet, ctrld, ntp, tacacs, all)

A true value enables the service. A false value disables the service.

Example: Enabling In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ssh": "true",
          "ctrld": "true"
        }
      ]
    }

Enabling SSH service

To access the ssh service running in the LXC container hosting RBFS, ssh service has to be enabled.

By configuring this, the hosts are reachable in in-band instance via the physical interface can access this service

Syntax:

set inband management instance <instance-name> ssh <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<true \| false>	A `true` value enables the ssh service. A `false` value disables the ssh service.

<instance-name>

routing instance name in which in-band management has to be enabled.

A true value enables the ssh service. A false value disables the ssh service.

Example: Enabling SSH In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ssh": "true",
        }
      ]
    }

Enabling Telnet Service

To access the telnet service running in the LXC container hosting RBFS, telnet service has to be enabled.

By configuring this, the hosts are reachable in in-band instance via the physical interface can access this service

Syntax:

set inband management instance <instance-name> telnet <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<true \| false>	A `true` value enables the telnet service. A `false` value disables the telnet service.

<instance-name>

routing instance name in which in-band management has to be enabled.

A true value enables the telnet service. A false value disables the telnet service.

Example: Enabling Telnet In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "telnet": "true",
        }
      ]
    }

Enabling CTRLD Service

To access the CTRLD service running in the ONL, the CTRLD service has to be enabled in in-band management.

By configuring this, the hosts are reachable via the physical interface in the inband instance can access this service.

Syntax:

set inband management instance <instance-name> ctrld <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<true \| false>	A `true` value enables the CTRLD service. A `false` value disables the CTRLD service.

<instance-name>

routing instance name in which in-band management has to be enabled.

A true value enables the CTRLD service. A false value disables the CTRLD service.

Example: Enabling CTRLD In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ctrld": "true",
        }
      ]
    }

Enabling NTP service

To access the NTP service running in the ONL, this service has to be enabled in in-band management.

By configuring this, the hosts are reachable in in-band instance via the physical interface can access this service

Syntax:

set inband management instance <instance-name> ntp <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<true \| false>	A `true` value enables the ntp service. A `false` value disables the ntp service.

<instance-name>

routing instance name in which in-band management has to be enabled.

A true value enables the ntp service. A false value disables the ntp service.

Example: Enabling NTP In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ntp": "true",
        }
      ]
    }

Enabling API Gateway (APIGW) Service

To access the APIGW service running in the ONL, this service has to be enabled in in-band management.

By configuring this, the hosts are reachable in in-band instance via the physical interface can access this service

Syntax:

set inband management instance <instance-name> apigw <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<true \| false>	A `true` value enables the APIGW service. A `false` value disables the APIGW service.

<instance-name>

routing instance name in which in-band management has to be enabled.

A true value enables the APIGW service. A false value disables the APIGW service.

Example: Enabling APIGW In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "apigw": "true",
        }
      ]
    }

Enabling TACACS Service

To access the TACACS service running in the ONL, this service has to be enabled in in-band management.

By configuring this, the hosts are reachable in in-band instance via the physical interface can access this service

Syntax:

set inband management instance <instance-name> tacacs <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<true \| false>	A `true` value enables the TACACS service. A `false` value disables the TACACS service.

<instance-name>

routing instance name in which in-band management has to be enabled.

A true value enables the TACACS service. A false value disables the TACACS service.

Example: Enabling TACACS In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "tacacs": "true",
        }
      ]
    }

Enabling All Service

Enabling this service will allow access to all service running in LXC/ONL.

Once this service is enabled, packets that don’t hit any of the other acls/services in RBFS are redirected to LXC/ONL.

Syntax:

set inband management instance <instance-name> all <true/false>

Attribute Description

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<true \| false>	A `true` value enables all services. A `false` value disables all services.

<instance-name>

routing instance name in which in-band management has to be enabled.

A true value enables all services. A false value disables all services.

Example: Enabling all In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "all": "true",
        }
      ]
    }

Enabling In-band Management for a Specific Source

Enabling any of the in-band services as mentioned in previous section will expose this service to all the sources which are reachable via in-band service.

To restrict this to specific source prefixes, source-prefix-list has to be enabled using the following command.

By configuring this, the hosts having IPs in the mentioned source-prefix-list only can access this service.

Syntax:

set inband management instance <instance-name> source-prefix-list <source-prefix-list-name>

Attribute	Description
<instance-name>	routing instance name in which in-band management has to be enabled.
<source-prefix-list-name>	Specifies the name of the source prefix list which is configured in 'set forwarding-options prefix-list' command.

Attribute

Description

<instance-name>

routing instance name in which in-band management has to be enabled.

<source-prefix-list-name>

Specifies the name of the source prefix list which is configured in 'set forwarding-options prefix-list' command.

Example: Enabling source prefix list in In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "source-prefix-list": "source-prefix1"
        }
      ]
    }