Anyone would like to explain why using VRF interface as management?

wfqk · ‎04-17-2016

Anyone would like to explain why using VRF interface as management? Without the VRF interface, what will happen? Thank you

Philip D'Ath · ‎04-17-2016

You can use a VRF for management if you want your management network separated from your main network. It is like having a virtual out of band network.

If you don't want to have a separate management network that is fine (and this is very common in small to medium sized networks), then you can just use the default global vrf.

Joseph W. Doherty · ‎04-18-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Anyone would like to explain why using VRF interface as management?

For security reasons similar to why a L2 switch's management IP might be in a dedicated VLAN.

Without the VRF interface, what will happen?

Management IP should then be in the default global VRF, likely shared with other hosts that aren't just management IPs. (Much like a manageable switch that doesn't support VLANs, or defaulting to using VLAN 1.)