Hi All,

I would like to check with you all on the below design ,  suggestions would be great help

connectivity : Tacacse server---------> Router -----------> Nexus 5K--------> 3850 catalyst switch

design-  tacacs server  reachable  via Router ,
            Router Gi/0 connected to Nexus 5K eth1/1 ( L3 port , and part of Management VRF)  
            nexus 5K management VRF configured
             Nexus 5K access port  Eth1/2 ( vlan2, also configued under vrf Mgmt) connected to Access port vlan 2 at 3850 Gi 1/0/48

 .SO here I have question , the Nexus connected port Ethernet 1/2  to catalyst 3850 ( configured as access port ) should also call under VRF Mgmt , or it need to keep only access port

interface Ethernet1/2
 des Mgmt_3850 sw  Gi 1/0/48
 vrf  member MGMT
switch mode access
switchport access vlan 2

------or ---------

interface Ethernet1/2
 des Mgmt_3850 sw  Gi 1/0/48
switch mode access
switchport access vlan 2

Router config
=====================
Int gi0/0
ip address 10.10.10.1 25.255.255
desc Nexus 5K
no shut
!
Nexus PRIMARY - configuration
=============================
interface Ethernet1/1
ip address 10.10.10.2 25.255.255

vlan 2
 name Management

vrf context MGMT
 ip route 0.0.0.0/0 10.10.10.1 ( Pointed router LAN port )
!

interface Vlan2
 vrf  member MGMT
 des MGMT
 ip address 10.200.238.2/29

 hsrp version 2
  hsrp 200
    preempt
    priority 150
    ip 10.200.238.1
  no shutdown
!

interface Ethernet1/2
 des Mgmt_3850 sw  Gi 1/0/48
 vrf  member MGMT
switch mode access
switchport access vlan 2
no shut

3850 switch config

===================

interfaceGi1/0/48
 des Nexus Mgmt Eth 1/2
switch mode access
switchport access vlan 2

default gateway 10.200.238.1