How secure is vrf-mgmt on Cisco network devices?

Report Inappropriate Content · ‎10-27-2015

How secure is vrf-mgmt interface on the 3850 switches and 4300 routers? I plan to use vrf-mgmt interface for management on DMZ, and Public switches and Internet routers. My concern is if someone break in the Internet router, does vrf-mgmt will provide the patch to corporate internal network?

Thanks,

Eric

Ganesh Hariharan · ‎10-28-2015

How secure is vrf-mgmt interface on the 3850 switches and 4300 routers?  I plan to use vrf-mgmt interface for management on DMZ, and Public switches and Internet routers.  My concern is if someone break in the Internet router, does vrf-mgmt will provide the patch to corporate internal network?
Thanks,

Eric

Hi Eric,

This VRF, which is named mgmt-vrf, is automatically configured on the router and is dedicated to the Ethernet management interface; no other interfaces can join this VRF, and no other interfaces can be placed in the management VRF.

The management Ethernet interface VRF does not participate in the MPLS VPN VRF or any other network-wide VRF.

Major benifit is it Prevents transit traffic from traversing the route because all the module interfaces and the management Ethernet interface are automatically in different VRFs, no transit traffic can enter the management Ethernet interface and

Improves security of the interfac because the Mgmt-intf VRF has its own routing table because of being in its own VRF, routes can be added to the routing table of the management Ethernet interface only.

Hope it Helps..

-GI

Rate if it Helpss