5.1.b Implement and troubleshoot device access control

5.1.b [iii] Management plane protection

The Management Plane Protection (MPP) feature in Cisco IOS provides the capability to restrict the interfaces on which network management packets are allowed to enter a device . The MPP feature allows a network operator to designate one or more router interfaces as management interfaces.

Device management traffic is permitted to enter a device only through these management interfaces. After MPP is enabled, no interfaces except designated management interfaces will accept network management traffic destined to the device. Restricting management packets to designated interfaces provides greater control over management of a device, providing more security for that device. Other benefits include improved performance for data packets on non management interfaces, support for network scalability, need for fewer access control lists (ACLs) to restrict access to a device, and management packet floods on switching and routing interfaces are prevented from reaching the CPU.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 5034-5042).  . Kindle Edition.