I have been reading some articles, and blogs, about accessing the VTY lines when the traffic is coming from an interface that is apart of a VRF. According to what I have read, you should not be able connected to the VTY line unless you put an access-list on the VTY lines with the "vrf-also" keyword. Also, the articles were referring to using 4500s, or lower end switches.
I am coming up with a design and wanted to implement VRF-lite. When I was mocking up the design I noticed I could connect to the VTY lines of a device eventhough the L3 interface I was telnet'd to was in a VRF. I was using three 3725s to see if this actually worked, or not.
I was hoping that in the end traffic within this VRF would not be able to connect to the management plane. Also, does the inability to connect to the VTY lines a platform/IOS specific issues? Any insight would be appreciated. Thanks.
access to the device through a certain VRF dose not mean you can not mange the device
the VRF is just virtulising the control plane/routing of the router once you in through telnet or ssh for example you can manage that router but the benefit of having differnt vrf for managment is to have a separate routing and management interface of the actual global routing table and other interfaces
this is by default in the ASR and Nexus which they have a dedicated management interface in management VRF
Although other replies below suggested this wasn't the case, I found what you had read to be true.
On a C3750 switch I had a vty acl, I then added a VRF and wanted to get to the cli via that VRF, but I couldn't, I always got connection refused. When I added "vrf-also" keyword to the access-class command on the vty line I could now gain access.
Cisco recently announced the availability of the IOS-XE train – IOS-XE Cupertino 17.7.1. This is a standard maintenance release supporting switching, wireless, SP-Access, Routing as well as IoT (Internet of things) platforms with a sustaining support life...
What is AppQoE?
AppQoE is a WAN optimization stack and optimizes WAN traffic for different use cases for applications that are deployed on-prem or in cloud.
What are the benefits of using AppQoE?
AppQoE improves application experience by d...
The application delivery challenges have been the enemy of network since the advent of Internet. So, what are these application delivery challenges that can bring down a network to its heels?
Above are some of the common problems faced not only by tradit...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. Now we are looking to YOU, our amazing tech community, to weigh in. Check out the amazing educational content we've uncovered and vote for your favorites before Friday, Fe...