Control Plane

Control plane management defines which protocols are allowed to access the device through specific interfaces. It supports both inband (data-plane) and out-of-band (management-plane) interface configurations with per-protocol access control lists using IPv4 and IPv6 prefixes and host addresses.

Diagram

Classes

configuration (iosxr.devices)

Name	Type	Constraint	Mandatory	Default Value
control_plane	Class	`[control_plane]`	No

control_plane (iosxr.devices.configuration)

Name	Type	Constraint	Mandatory	Default Value
management_plane	Class	`[management_plane]`	No

management_plane (iosxr.devices.configuration.control_plane)

Name	Type	Constraint	Mandatory	Default Value
inband	Class	`[inband]`	No
out_of_band	Class	`[out_of_band]`	No

inband (iosxr.devices.configuration.control_plane.management_plane)

Name	Type	Constraint	Mandatory	Default Value
interfaces	List	`[interfaces]`	No
interfaces_all	Class	`[interfaces_all]`	No

out_of_band (iosxr.devices.configuration.control_plane.management_plane)

Name	Type	Constraint	Mandatory
inband_behavior	Boolean	`true`, `false`	No
interfaces	List	`[interfaces]`	No
interfaces_all	Class	`[interfaces_all]`	No
vrf	String		No

interfaces (iosxr.devices.configuration.control_plane.management_plane.inband)

Name	Type	Constraint	Mandatory
name	String		Yes
all	List	`[all]`	No
http	List	`[http]`	No
netconf	List	`[netconf]`	No
snmp	List	`[snmp]`	No
ssh	List	`[ssh]`	No
telnet	List	`[telnet]`	No
tftp	List	`[tftp]`	No
xml	List	`[xml]`	No

interfaces_all (iosxr.devices.configuration.control_plane.management_plane.inband)

Name	Type	Constraint	Mandatory
all	List	`[all]`	No
http	List	`[http]`	No
netconf	List	`[netconf]`	No
snmp	List	`[snmp]`	No
ssh	List	`[ssh]`	No
telnet	List	`[telnet]`	No
tftp	List	`[tftp]`	No
xml	List	`[xml]`	No

all (iosxr.devices.configuration.control_plane.management_plane.inband.interfaces)

Name	Type	Constraint	Mandatory	Default Value
address	Any	IP or Choice[`any`] or String[Regex: `^.[\$\%]\{.$`]	Yes
length	Any	Integer[min: `0`, max: `128`] or Choice[`any`] or String[Regex: `^.[\$\%]\{.$`]	Yes

Data Normalization

Protocol Entries

Each protocol is configured as a list of entries with address and length fields. The address type is automatically detected and routes entries to the appropriate attributes (IPv4 or IPv6 prefixes).

address: any with length: any enables the protocol on the device without ACL restrictions.

Example YAML Code:

Example-1: Enable SSH and SNMP on an inband interface with IPv4 prefix restrictions.

iosxr:
  devices:
    - name: router-1
      host: 10.10.10.1:57400
      configuration:
        control_plane:
          management_plane:
            inband:
              interfaces:
                - name: GigabitEthernet0/0/0/0
                  ssh:
                    - address: 10.0.0.0
                      length: 8
                    - address: 10.1.1.1
                      length: 32
                  snmp:
                    - address: 172.16.0.0
                      length: 12

Example-2: Enable SSH and NETCONF with out-of-band management with VRF and any hosts.

iosxr:
  devices:
    - name: router-1
      host: 10.10.10.1:57400
      configuration:
        control_plane:
          management_plane:
            out_of_band:
              vrf: MGMT
              interfaces:
                - name: MgmtEth0/RP0/CPU0/0
                  ssh:
                    - address: any
                      length: any
                  netconf:
                    - address: any
                      length: any