MPP Configuration for Cisco Router: Gigabit Ethernet 0/3 and Gigabit Ethernet 0/2 Interfaces

Prev Question Next Question

Question

Which of these configurations shows how to configure MPP when only SSH, SNMP, and HTTP are allowed to access the router through the Gigabit Ethernet 0/3 interface and only HTTP is allowed to access the router through the Gigabit Ethernet 0/2 interface?

Answers

A. Router(config-cp-host)# management-interface GigabitEthernet 0/3 allow http ssh snmp Router(config-cp-host)# management-interface GigabitEthernet 0/2 allow http

B. Router(config-cp-host)# management-interface GigabitEthernet 0/3 allow http ssh tftp snmp Router(config-cp-host)# management-interface GigabitEthernet 0/2 allow http

C. Router(config-cp-host)# management-interface GigabitEthernet 0/3 allow http ssh snmp Router(config-cp-host)# management-interface GigabitEthernet 0/2 allow http ssh

D. Router(config-cp-host)# management-interface GigabitEthernet 0/3 http ssh snmp Router(config-cp-host)# management-interface GigabitEthernet 0/2 http.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The correct answer is A. Router(config-cp-host)# management-interface GigabitEthernet 0/3 allow http ssh snmp Router(config-cp-host)# management-interface GigabitEthernet 0/2 allow http.

MPP (Management Plane Protection) is a security feature in Cisco IOS that allows you to control and secure the access to the management plane of the device. The management plane is responsible for managing and configuring the device itself, and it is critical for the device's operation. MPP allows you to restrict access to the management plane only to authorized hosts and protocols.

In this question, we are asked to configure MPP to allow access to the router's management plane through the Gigabit Ethernet 0/3 interface only for SSH, SNMP, and HTTP, and through the Gigabit Ethernet 0/2 interface only for HTTP.

To configure MPP, we use the "management-interface" command in Cisco IOS. The syntax for this command is as follows:

management-interface interface-name [allow | drop] protocol-list

where:

interface-name is the name of the interface you want to protect
allow | drop specifies whether you want to allow or drop traffic to the management plane
protocol-list is a list of protocols that are allowed or denied to access the management plane

Based on this syntax, we can see that option A is the correct answer. It configures MPP to allow access to the management plane of the router through the Gigabit Ethernet 0/3 interface, allowing only SSH, SNMP, and HTTP traffic. It also configures MPP to allow access to the management plane of the router through the Gigabit Ethernet 0/2 interface, allowing only HTTP traffic. This is exactly what the question asked for.

Option B is incorrect because it allows TFTP traffic through the Gigabit Ethernet 0/3 interface, which was not allowed by the question. Option C is also incorrect because it allows SSH traffic through the Gigabit Ethernet 0/2 interface, which was not allowed by the question. Option D is incorrect because it does not use the "allow" keyword to specify the allowed protocols, and it does not specify the protocols for the Gigabit Ethernet 0/2 interface.

Prev Question Next Question