In-band Management Configuration

Enabling In-band Management in an Instance

Use the following CLI syntax to enable in-band management in an instance:

set inband management instance <instance-name>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command

The following example configures the management instance in which in-band management will be enabled:

set inband management instance management

The following example shows in-band management in an instance:

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
        }
      ]
    }

Enabling In-band Management Services

Syntax:

set inband management instance <instance-name> <service> <true/false>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command

<service>

Specifies the supported services to enable: apigw, ctrld, ntp, snmp, ssh, tacacs, telnet. By enabling any of these services, hosts reachable via the physical interface in the inband instance can access the services.

<true | false>

A true value enables the service. A false value disables the service.

Example: Enabling In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ssh": "true",
          "ctrld": "true"
        }
      ]
    }

Enabling API Gateway (APIGW) Service

To access the APIGW service running in the ONL, this service has to be enabled in in-band management.

Syntax:

set inband management instance <instance-name> apigw <true/false>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

<true | false>

A true value enables the APIGW service. A false value disables the APIGW service.

Example: Enabling APIGW In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "apigw": "true",
        }
      ]
    }

Enabling CTRLD Service

To access the CTRLD service running in the ONL, the CTRLD service has to be enabled in in-band management.

Syntax:

set inband management instance <instance-name> ctrld <true/false>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

<true | false>

A true value enables the CTRLD service. A false value disables the CTRLD service.

Example: Enabling CTRLD In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ctrld": "true",
        }
      ]
    }

Enabling NTP service

To access the NTP service running in the ONL, this service has to be enabled in in-band management.

Syntax:

set inband management instance <instance-name> ntp <true/false>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

<true | false>

A true value enables the ntp service. A false value disables the ntp service.

Example: Enabling NTP In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ntp": "true",
        }
      ]
    }

Enabling SNMP service

To access the Simple Network Management Protocol (SNMP) service running in the ONL, this service has to be enabled in in-band management.

Syntax:

set inband management instance <instance-name> snmp <true/false>

Attribute Description

<instance-name>

routing instance name in which in-band management has to be enabled.

<true | false>

A true value enables the SNMP service. A false value disables the SNMP service.

Example: Enabling SNMP In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "snmp": "true",
        }
      ]
    }

Enabling SSH service

To access the ssh service running in the LXC container hosting RBFS, ssh service has to be enabled.

Syntax:

set inband management instance <instance-name> ssh <true/false>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

<true | false>

A true value enables the ssh service. A false value disables the ssh service.

Example: Enabling SSH In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "ssh": "true",
        }
      ]
    }

Enabling TACACS Service

To access the TACACS service running in the ONL, this service has to be enabled in in-band management.

Syntax:

set inband management instance <instance-name> tacacs <true/false>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

<true | false>

A true value enables the TACACS service. A false value disables the TACACS service.

Example: Enabling TACACS In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "tacacs": "true",
        }
      ]
    }

Enabling Telnet Service

To access the telnet service running in the LXC container hosting RBFS, telnet service has to be enabled.

Syntax:

set inband management instance <instance-name> telnet <true/false>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

<true | false>

A true value enables the telnet service. A false value disables the telnet service.

Example: Enabling Telnet In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "telnet": "true",
        }
      ]
    }

Enabling Connection Tracking

Enabling connection tracking in inband installs dynamic ACLs for all the connection/packet initiated by the device so that the response packets are not dropped at the hardware.

Syntax:

set inband management instance <instance-name> connection-tracking true

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

true

Enables all in-band management services.

Example: Enabling Connection Tracking in In-band Management

"rtbrick-config:inband-management": {
    "instance": [
      {
        "name": "default",
        "connection-tracking": "true"
      }
    ]
  }

Enabling LIX1 Service

To enable or disable the "lix1" service within inband management, use the following CLI command:

set inband management instance <instance-name> lix1 <true | false>

Attribute

Description

<instance-name>

Specifies the routing instance where the in-band lix1 service is to be enabled.

<true | false>

Setting this attribute to "true" enables the "lix1" service, while setting it to "false" disables the service.

Example: Enabling the "lix1" service in inband management

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "default",
          "lix1": "true",
        }
      ]
    }

Enabling All Services in In-band Management

Enabling this service will allow access to all services running in LXC/ONL. Once this service is enabled, packets that don’t hit any of the other acls/services in RBFS are redirected to LXC/ONL.

Syntax:

set inband management instance <instance-name> all true

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

true

Enables all in-band management services.

Example: Enabling all In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "all": "true",
        }
      ]
    }

Enabling In-band Management for a Specific Source

Enabling any of the in-band services as mentioned in the previous section will expose this service to all the sources which are reachable via in-band service.

To restrict this to specific source prefixes, source-prefix-list has to be enabled using the following command.

By configuring this, the hosts having IPs in the mentioned source prefix list only can access this service.

Syntax:

set inband management instance <instance-name> source-prefix-list <source-prefix-list-name>

Attribute Description

<instance-name>

Routing instance name in which in-band management has to be enabled.

<source-prefix-list-name>

Specifies the name of the source prefix-list which is configured in 'set forwarding-options prefix-list' command.

Example: Enabling source prefix list in In-band Management Services

    "rtbrick-config:inband-management": {
      "instance": [
        {
          "name": "management",
          "source-prefix-list": "source-prefix1"
        }
      ]
    }