05-01-2012 05:38 PM - edited 03-04-2019 04:13 PM
Is there a keyword that we use under the interface to specify that it is purely management?
We need to assure that the subnet and any node on that subnet is not shared with the default routing table.
Also, how do we set the gateway for the management interface if the node we are sourcing the ssh session from is on a different private subnet?
Thanks for the help
-robert
05-02-2012 01:54 AM
Hello Robert,
you could use a VRF object for example Management and you could associate the involved interface to it.
something like
ip vrf Management
rd 1:100
!
int fas0/0
ip vrf forwarding Management
ip address X.X.X.X 255.255.255.Y
! note when associating an interface to a vrf existing IP address is removed so you need to reconfigure it a it is shown above
you can then add static routes that will be installed in vrf Management routing table using the following syntax:
ip route vrf Management 10.10.10.0 255.255.255.0 X.X.X.Z
where X.X.X.Z is the default gateway in X.X.X.0 IP subnet the same to which the interface IP address belongs
you need to provide a router on the path to the management node
to be noted some of recent switches like C4948 or C4900M are sent with a built in management VRF.
WARNING: you should verify that you are able to access in SSH and SNMP your device when the interface is associated to the proposed VRF.
I strongly recommend to perform testing before deploying in production or at least to make an attempt in a declared maintenance time window.
Hope to help
Giuseppe
05-03-2012 02:41 PM
we have to add the VRF keyword under VTY
unfortunately, this exposes SSH/Telnet access to the router for all customers tied to a VRF (using the same private IP scheme)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide