nms monitoring different network applications on a single or multiple vrf

Tony JOrdan · ‎01-20-2014

Hi All,

as a design guide or best practice what would the best approach be.

We have seperate switch infrastructure for wifi and voice/data. The current network has the flexibility for vrf's on different servcies, ie one for voice/data, one for wifi.

I plan to use a vrf for network management for voice/data and one for wifi. Would there be any value in this or should both management networks be in the same vrf.

Access to the vrf from the NMS would be via a firewall either way.

Cheers

Tony

Vinod Arya · ‎01-21-2014

When we talk about managing devices using a Network Management Tool or Application, the most simple management fundamental is the devices should be reachable to the NMS Server.

No matter how the network topology is made and what protocols are in order, devices needs to communicate with the NMS server freely. Due to this I am not sure if any NMS will be able to show you devices with such topologies automatically, but you have to make such logical groupings, be it as per your device zones, device platforms, technolgies (wifi, Voice etc), VRF's and other functional distributions.

You can manually group such logical separations on your NMS tool to match your network.

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Tony JOrdan · ‎01-21-2014

Ok thanks Vinod,

I think my point was more from a security perspective that monitoring different equipment in less or more secure zones should be on the same network management network.

Cheers

Tony

Vinod Arya · ‎01-21-2014

On Security perspective, NMS servers, usually on Data Centers, either inside or outisde FW would need specific ports and protocols to be allowed to communicate with devices.

Also, for traffic security, secure protocols can be used, like SNMP v3, HTTPS, SSH, SCP, FTP etc which allows passwords and encryption.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **