[nsp] Protecting border routers
Tim Franklin
tim at colt.net
Wed Dec 3 06:00:18 EST 2003
cisco-nsp-bounces at puck.nether.net wrote:
> To comment on the "management VRF" matter, we've found it doesn't
> presently work (static vrf-lite tested on c3550 & c7600/sup720
> platforms) on current software. Setting service 'source-interface's
> to the Loopback interface inside the VRF causes no connectivity. Is
> anyone aware of a way to make this work, or is this feature in the
> pipeline?
It's possible to make it work by making the "management" space the global table, and putting "Internet" in it's own VRF(-lite). Like mine, your brain is probably screaming at the wrongness of this, but it *does* work around the problem of which management bits do/don't work inside a VRF.
Regards,
Tim.
--
Tim Franklin ____________
Project Engineer \C/\O/\L/\T/ Product Engineering &
T: +44 20 7863 5714 V V V V Customer Solutions
F: +44 20 7863 5876
More information about the cisco-nsp
mailing list