Configuring In-band Management
Enabling In-band Management in an Instance
Use the following CLI syntax to enable in-band management in an instance:
set inband management instance <instance-name>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command |
The following example configures the management instance in which in-band management will be enabled:
set inband management instance managementThe following example shows in-band management in an instance:
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
}
]
}Enabling In-band Management Services
Syntax:
set inband management instance <instance-name> <service> <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command |
<service> |
Specifies the supported services to enable: apigw, ctrld, ntp, snmp, ssh, tacacs, telnet. By enabling any of these services, hosts reachable via the physical interface in the inband instance can access the services. |
<true | false> |
A |
Example: Enabling In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"ssh": "true",
"ctrld": "true"
}
]
}
Enabling API Gateway (APIGW) Service
To access the APIGW service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> apigw <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling APIGW In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"apigw": "true",
}
]
}
Enabling CTRLD Service
To access the CTRLD service running in the ONL, the CTRLD service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> ctrld <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling CTRLD In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"ctrld": "true",
}
]
}
Enabling NTP service
To access the NTP service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> ntp <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling NTP In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"ntp": "true",
}
]
}
Enabling SNMP service
To access the Simple Network Management Protocol (SNMP) service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> snmp <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling SNMP In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"snmp": "true",
}
]
}
Enabling SSH service
To access the ssh service running in the LXC container hosting RBFS, ssh service has to be enabled.
Syntax:
set inband management instance <instance-name> ssh <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling SSH In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"ssh": "true",
}
]
}
Enabling TACACS Service
To access the TACACS service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> tacacs <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling TACACS In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"tacacs": "true",
}
]
}
Enabling Telnet Service
To access the telnet service running in the LXC container hosting RBFS, telnet service has to be enabled.
Syntax:
set inband management instance <instance-name> telnet <true/false>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling Telnet In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"telnet": "true",
}
]
}
Enabling Connection Tracking
Enabling connection tracking in inband installs dynamic ACLs for all the connection/packet initiated by the device so that the response packets are not dropped at the hardware.
Syntax:
set inband management instance <instance-name> connection-tracking true
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
true |
Enables all in-band management services. |
Example: Enabling Connection Tracking in In-band Management
"rtbrick-config:inband-management": {
"instance": [
{
"name": "default",
"connection-tracking": "true"
}
]
}
Enabling All Services in In-band Management
Enabling this service will allow access to all services running in LXC/ONL. Once this service is enabled, packets that don’t hit any of the other acls/services in RBFS are redirected to LXC/ONL.
Syntax:
set inband management instance <instance-name> all true
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
true |
Enables all in-band management services. |
Example: Enabling all In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"all": "true",
}
]
}
Enabling In-band Management for a Specific Source
Enabling any of the in-band services as mentioned in the previous section will expose this service to all the sources which are reachable via in-band service.
To restrict this to specific source prefixes, source-prefix-list has to be enabled using the following command.
By configuring this, the hosts having IPs in the mentioned source prefix list only can access this service.
Syntax:
set inband management instance <instance-name> source-prefix-list <source-prefix-list-name>
| Attribute | Description |
|---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<source-prefix-list-name> |
Specifies the name of the source prefix-list which is configured in 'set forwarding-options prefix-list' command. |
Example: Enabling source prefix list in In-band Management Services
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
"source-prefix-list": "source-prefix1"
}
]
}