In-band Management Configuration
Enabling In-band Management in an Instance
Use the following CLI syntax to enable in-band management in an instance:
set inband management instance <instance-name>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command |
The following example configures the management
instance in which in-band management will be enabled:
set inband management instance management
The following example shows in-band management in an instance:
"rtbrick-config:inband-management": {
"instance": [
{
"name": "management",
}
]
}
Enabling In-band Management Services
Syntax:
set inband management instance <instance-name> <service> <true/false>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. All the IFLs in this instance will be enabled with in-band management service after executing this command |
<service> |
Specifies the supported services to enable: apigw, ctrld, ntp, snmp, ssh, tacacs, telnet. By enabling any of these services, hosts reachable via the physical interface in the inband instance can access the services. |
<true | false> |
A |
Example: Enabling In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "ssh": "true", "ctrld": "true" } ] }
Enabling API Gateway (APIGW) Service
To access the APIGW service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> apigw <true/false>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling APIGW In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "apigw": "true", } ] }
Enabling CTRLD Service
To access the CTRLD service running in the ONL, the CTRLD service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> ctrld <true/false>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling CTRLD In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "ctrld": "true", } ] }
Enabling NTP service
To access the NTP service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> ntp <true/false>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling NTP In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "ntp": "true", } ] }
Enabling SNMP service
To access the Simple Network Management Protocol (SNMP) service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> snmp <true/false>
Attribute | Description |
---|---|
<instance-name> |
routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling SNMP In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "snmp": "true", } ] }
Enabling SSH service
To access the ssh service running in the LXC container hosting RBFS, ssh service has to be enabled.
Syntax:
set inband management instance <instance-name> ssh <true/false>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling SSH In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "ssh": "true", } ] }
Enabling TACACS Service
To access the TACACS service running in the ONL, this service has to be enabled in in-band management.
Syntax:
set inband management instance <instance-name> tacacs <true/false>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling TACACS In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "tacacs": "true", } ] }
Enabling Telnet Service
To access the telnet service running in the LXC container hosting RBFS, telnet service has to be enabled.
Syntax:
set inband management instance <instance-name> telnet <true/false>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<true | false> |
A |
Example: Enabling Telnet In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "telnet": "true", } ] }
Enabling Connection Tracking
Enabling connection tracking in inband installs dynamic ACLs for all the connection/packet initiated by the device so that the response packets are not dropped at the hardware.
Syntax:
set inband management instance <instance-name> connection-tracking true
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
true |
Enables all in-band management services. |
Example: Enabling Connection Tracking in In-band Management
"rtbrick-config:inband-management": { "instance": [ { "name": "default", "connection-tracking": "true" } ] }
Enabling LIX1 Service
To enable or disable the "lix1" service within inband management, use the following CLI command:
set inband management instance <instance-name> lix1 <true | false>
Attribute |
Description |
<instance-name> |
Specifies the routing instance where the in-band lix1 service is to be enabled. |
<true | false> |
Setting this attribute to "true" enables the "lix1" service, while setting it to "false" disables the service. |
Example: Enabling the "lix1" service in inband management
"rtbrick-config:inband-management": { "instance": [ { "name": "default", "lix1": "true", } ] }
Enabling All Services in In-band Management
Enabling this service will allow access to all services running in LXC/ONL. Once this service is enabled, packets that don’t hit any of the other acls/services in RBFS are redirected to LXC/ONL.
Syntax:
set inband management instance <instance-name> all true
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
true |
Enables all in-band management services. |
Example: Enabling all In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "all": "true", } ] }
Enabling In-band Management for a Specific Source
Enabling any of the in-band services as mentioned in the previous section will expose this service to all the sources which are reachable via in-band service.
To restrict this to specific source prefixes, source-prefix-list has to be enabled using the following command.
By configuring this, the hosts having IPs in the mentioned source prefix list only can access this service.
Syntax:
set inband management instance <instance-name> source-prefix-list <source-prefix-list-name>
Attribute | Description |
---|---|
<instance-name> |
Routing instance name in which in-band management has to be enabled. |
<source-prefix-list-name> |
Specifies the name of the source prefix-list which is configured in 'set forwarding-options prefix-list' command. |
Example: Enabling source prefix list in In-band Management Services
"rtbrick-config:inband-management": { "instance": [ { "name": "management", "source-prefix-list": "source-prefix1" } ] }