[nsp] Protecting border routers

Tim Franklin tim at colt.net
Wed Dec 3 06:00:18 EST 2003


cisco-nsp-bounces at puck.nether.net wrote:

> To comment on the "management VRF" matter, we've found it doesn't
> presently work (static vrf-lite tested on c3550 & c7600/sup720
> platforms) on current software.  Setting service 'source-interface's
> to the Loopback interface inside the VRF causes no connectivity.  Is
> anyone aware of a way to make this work, or is this feature in the
> pipeline? 

It's possible to make it work by making the "management" space the global table, and putting "Internet" in it's own VRF(-lite).  Like mine, your brain is probably screaming at the wrongness of this, but it *does* work around the problem of which management bits do/don't work inside a VRF.

Regards,
Tim.

--
Tim Franklin          ____________
Project Engineer      \C/\O/\L/\T/   Product Engineering &
T: +44 20 7863 5714    V  V  V  V     Customer Solutions
F: +44 20 7863 5876







More information about the cisco-nsp mailing list