[c-nsp] VRF-aware management
Clinton Work
clinton at scripty.com
Wed Jan 17 13:12:08 EST 2007
I investigated this a year ago for the same purpose and at that time not all
management protocols were VRF aware on the 6500/Sup720. In IOS 12.2(18)SXF
you can get at least VRF aware tftp, ssh, telnet, and SNMP. VRF aware
management was added in stages so its a real challenge to determine which
IOS load has all the required features.
Here are some of the IOS feature names that I could find on the Cisco website:
IOS 12.4T:
DNS - VRF aware DNS
IOS 12.3T:
Per VRF for TACACS+ Servers
VRF Aware System Message Logging (Syslog)
IOS 12.2T:
SNMP Support over VPN
The trick for telnet/ssh looks like the vrf-also keyword:
Router(config-line)# access-class 1 in vrf-also
I assume that the following tftp command inherits the interface VRF:
ip tftp source-interface <interface>
Church, Chuck wrote:
> All,
>
> We're seeing a need to use a VRF on 6500s with Sup720 for
> management purposes, as we've got some IP conflicts between our
> management network and some customer networks. All customer networks
> will reside in the global routing table, but our management functions -
> syslog, SNMPv3, SSH, and copying via SCP we'd like to put in a VRF, with
--
===================================================
Clinton Work clinton at scripty.com
Calgary, AB
More information about the cisco-nsp
mailing list