[c-nsp] Device management in VRFs

Church, Charles Charles.Church at harris.com
Thu Apr 15 07:49:04 EDT 2010


Just as a follow-up, the ssh source interface doesn't put the scp outbound traffic into the VRF.  I haven't tried the SCP server on the switch, that might be a work-around.  Since I can SSH to the box via the VRF, I'd hope the SCP would work that way too.

Chuck

From: Andriy Bilous [mailto:andriy.bilous at gmail.com]
Sent: Monday, April 12, 2010 3:42 AM
To: Church, Charles
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Device management in VRFs

cisco seems to know about -vrf option in outgoing ssh connections on 4500.

http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst4500/12.2/53SG/configuration/vrf.html#wp1082522

As for copy you have to specify ip tftp/ftp source-interface to choose proper vrf (dunno if ip ssh source-interface will work for scp)
On Mon, Apr 12, 2010 at 5:06 AM, Church, Charles <Charles.Church at harris.com<mailto:Charles.Church at harris.com>> wrote:
Anyone,

               I'm wondering if there are any open feature requests or bugs for cleaning up the remaining things that don't seem to work in VRFs.  I've resorted to the idea of using the global table for management on 6500s and other devices for various things that don't like VRFs.  But now I run into the newer 4500 sups that have the dedicated 10/100 management port.  These ports are locked into a VRF called mgmtVrf.  Can't change it.  Find out there are some important things that aren't possible using a VRF, such as SSH client (can't connect to a host in a VRF) or pretty much any file copy operation initiated from the switch.  It'd be nice to use those ports since they're usable from ROMMON for remote recovery (we've got term servers attached), but this file copy feature is pretty important.  Any idea?

Thanks,

Chuck

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list