[c-nsp] VSS out-of-band mgmt
Peter Rathlev
peter at rathlev.dk
Mon Jul 13 14:31:21 EDT 2009
On Mon, 2009-07-13 at 14:03 +0200, Holemans Wim wrote:
> I have a VSS router that I want to do some out-of-band mgmt with. Is
> this possible with VRF-lite ? I would like to build a channel with the
> UTP ports on the sup720, give the VSS an address on this trunk but
> keep this interface out of the standard routing table. Can this be
> done with VRF-lite ? Or is there another way to do out-of-band mgmt of
> a VSS cluster?
Remember that if you want to manage the device from a VRF and use ACLs
on your VTYs, you need the "vrf-also" statement to actually accept
traffic from VRFs at all:
And otherwise yes, just create a VRF without route-target statements and
include only your specific management interface in this VRF, with a
default route pointing out of there. So something along the lines of:
ip vrf management
rd 64512:1
exit
!
interface GigabitEthernet5/1
description OOB Management
no switchport
ip vrf forwarding management
ip address 10.0.0.10 255.255.255.0
no shutdown
exit
!
ip route vrf management 0.0.0.0 0.0.0.0 GigabitEthernet5/1 10.0.0.10
!
access-list 99 permit 172.16.0.0 0.0.0.255
!
line vty 0 15
access-class 99 in vrf-also
exit
!
Regards,
Peter
More information about the cisco-nsp
mailing list