
[Management Plane Protection (MPP)](https://networklessons.com/security/management-plane-protection-mpp) enhances the security of network devices by managing and controlling the processing of management traffic. Rather than merely disabling services such as HTTP, HTTPS, or [Telnet](/telnet)—which still allows a device to receive and process packets before refusing them—MPP entirely blocks unapproved traffic, mitigating potential DoS attacks. 

This is shown by comparing the response to a Telnet attempt: Without MPP:

```
H2#telnet 192.168.2.254
Trying 192.168.2.254 ...  
% Connection refused by remote host
```

The device refuses the connection after processing the packet, while with MPP:

```
H2#telnet 192.168.2.254 
Trying 192.168.2.254 ...  
% Connection timed out; remote host not responding 
```

...the connection attempt simply times out, with no packet processing involved. 

MPP is especially useful for protecting services that are enabled by default, and preventing the generation of logs from attempted connections to disabled services. Thus, enabling MPP provides a robust security measure beyond merely disabling protocols.

Take a look at [MPP vs ACLs](/mpp-vs-acls) for additional comparisons of other solutions with MPP.

## Links

https://networklessons.com/security/management-plane-protection-mpp

Management Plane Protection (MPP) vs Disabling Services

MPLS Label Switch Router

MPLS Layer 3 VPN communication between CE and PE routers

MPLS Layer 3 VPN communication between CE routers

MPLS Local Label Allocation Filtering

MPLS Penultimate hop popping

MPLS Route Distinguisher

MPLS Route Target

MPLS TE - Affinity attribute flag assignment best practices

MPLS TE - TE Tunnels

MPLS TE setup and hold priority

MPLS Troubleshooting

MPLS VPN extranet route leaking unique addressing

MPLS VRF names locally significant

MPLS addresses bound to peer LDP Ident output

MPLS advertising multiple customer subnets

MPLS entropy label

MPLS explicit NULL

MPLS implicit NULL

MPLS mandatory use of CEF

MPLS traffic engineering

MPLS-TE - why are IGPs necessary

MPLS-TE Local and Outgoing Labels in LSP Tunnels

MPLS-TE Path Message Behavior

MPLS-TE Tunnel and Recursive Routing

MPLS

MPP vs ACLs

MQTT return codes

MSDP Intra and Inter Domain Peerings Best Practices

MST - Root port selection for switches outside MST topology

MST Configuration and VLAN Specific STP Overrides

MST Root Bridge Selection and Port Blocking Behavior

MST and RSTP with vPC and EtherChannel

MST configuration revision number

MTU - Adjusting MTU to accommodate additional headers

MTU - Benefits of large L2 MTU

MTU - Interface MTU configuration considerations

MTU - Interface MTU vs IP MTU

MTU - MSS and Jumbo Frames

MTU - Path MTU Discovery (PMTUD)

MTU - Understanding L2 MTU and Frame Handling in Network Switches

MTU - default interface MTU

MTU Mismatch Test on Cisco IOS ISR4331 Routers

MTU Test on Cisco IOS ISR4331 Routers

MTU adjusting the MSS for TCP

MTU ip mtu allowed values

MTU on Etherchannel links

MTU on router subinterfaces

MTU size in Cisco IOS XR and IOS software

Media Access Control (MAC)

Memory - CAM and TCAM

Memory - TCAM Lookups

MetroEthernet - VLAN design considerations

MetroEthernet - Virtual Private LAN service

MetroEthernet - Virtual Private Wire Service

MetroEthernet

Multi-Topology Routing

Multicast - ASM and SSM on same network

Multicast - Any Source Multicast (ASM)

Multicast - AutoRP

Multicast - Bootstrap Router (BSR)

Multicast - Example Use Cases

Multicast - GLOP address space

Multicast - HSRP-aware PIM

Multicast - Local Network Control Block

Multicast - MSDP

Multicast - NX-OS and IOS config comparison

Multicast - PIM ALL-PIM-ROUTERS group

Multicast - PIM Bootstrap (BSR)

Multicast - PIM Control Messages

Multicast - PIM Snooping platform support

Multicast - PIM Snooping

Multicast - PIM dense vs sparse mode

Multicast - PIM join message during register stop suppression timer

Multicast - PIM

Multicast - Routing Table Timers

Multicast - Source Specific Multicast (SSM)

Multicast - Sparse Mode register suppression timer

Multicast - Understanding global vs interface-level configuration

Multicast - Upstream and Downstream

Multicast - Using MSDP with Anycast RPs

Multicast - generating a routing table entry

Multicast - ip igmp join-group vs ip igmp static-group

Multicast - reading the multicast routing table

Multicast - route-map on IOS-XE 16.9.4

Multicast - routing over the Internet

Multicast - troubleshooting multicast routing

Multicast Anycast RP and MSDP in Multi Site Environment

Multicast Anycast RP

Multicast Cisco Group Management Protocol

Multicast Dense Mode Prune Message Behavior on Shared Media

Multicast IGMPv3 include and exclude modes

Multicast IPv4 address space

Multicast MAC addresses

Multicast Manual RP Configuration in Small PIM Networks

Multicast Mapping Agent and RP placement

Multicast OIL IIF mroute table

Multicast PIM Assert and dense mode

Multicast PIM Auto RP and Mapping Agent single device