[c-nsp] VTY access through VRF interface

Jay Nakamura zeusdadog at gmail.com
Thu Oct 7 15:15:38 EDT 2010 

I am trying to configure a router with couple VRF and I need to be
able to ssh/telnet to vty through VRF interface.  I haven't had this
problem with other routers prior to 15.0M.  Am I missing a command I
don't know about to enable this?

With 12.4x, I used "access-class .... vrf-also" and that seems to have
done it.  The router I am working with is a 1941 with 15.0(1)M3
I don't have any firewall or anything else that could prevent logging
in (That I can see)  I can login through the interface on the global
table, trying to get on the VRF interface gets me connection refused

Here is the redacted config


version 15.0
no ip source-route
ip cef
!
!
ip vrf Inside
 rd 64512:3
 import map VRFDefaultMap
 route-target export 64512:3
 route-target import 64512:2
!
ip vrf Outside
 rd 64512:2
 route-target export 64512:2
 route-target import 64512:3
!
!
!
interface GigabitEthernet0/0
 ip address x.x.x.1 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0/1
 ip vrf forwarding Inside
 ip address 172.17.0.1 255.255.252.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
interface Serial0/0/0
 ip vrf forwarding Outside
 ip address y.y.y.2 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 no clock rate 2000000
 !
!
router bgp 64512
 no synchronization
 bgp log-neighbor-changes
 no auto-summary
 !
 address-family ipv4 vrf Inside
  no synchronization
  redistribute connected
  redistribute static
 exit-address-family
 !
 address-family ipv4 vrf Outside
  no synchronization
  redistribute connected
  redistribute static
  default-information originate
 exit-address-family
!
ip route 0.0.0.0 0.0.0.0 x.x.x.1
ip route vrf Outside 0.0.0.0 0.0.0.0 y.y.y.1
!
!
ip prefix-list DefaultOnly seq 5 permit 0.0.0.0/0
!
route-map VRFDefaultMap permit 10
 match ip address prefix-list DefaultOnly
line vty 0 4
 access-class MgmntACL in vrf-also
 exec-timeout 120 0
 privilege level 15
 password 7 ****
 login local
 transport input telnet ssh
line vty 5 15
 access-class MgmntACL in vrf-also
 exec-timeout 120 0
 privilege level 15
 password 7 ****
 login local
 transport input telnet ssh

More information about the cisco-nsp mailing list