Using a 4948E switch with FastEthernet1 as the management interface which uses the VRF mgmtVrf. I cannot get DNS resolution to work for some reason.
I am using code enterprise 15.1-2.SG and here are the relevant config snippets:
ip domain-lookup source-interface FastEthernet1
ip domain-name domain.com
ip name-server 220.127.116.11
ip name-server 18.104.22.168
vrf forwarding mgmtVrf
ip address 192.168.20.10 255.255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 192.168.20.1
If I try to ping using a host name it fails, even if I specify to use the VRF.
SWITCH#ping vrf mgmtVrf google.com
Translating "google.com"...domain server (22.214.171.124) (126.96.36.199)
% Unrecognized host or address, or protocol not running.
I read online there are some commands in a different code that support specifying the VRF along with the name servers, but I don't have those options. All I can do is set the source-interface on the domain-lookup command.
I had to open a case with TAC and they told me that the lastest code on the 4948E does not support VRF-aware DNS, and there is no work-around. I ended up having to not use the management interface Fa1 for management, and instead go back to using a VLAN interface riding over the production trunks, since you cannot un-attach Fa1 from the VRF.
Its also possible that scp is not vrf-aware on the 4948. I could not get a "copy scp: bootflash:" to work even when using an IP address for the scp host. Strage that it doesn't work since I do have "ip ssh source-interface FastEthernet1" set in the config. Had to resort to using tftp which is SLOW when trying to copy an image over a WAN link.