Search This Blog

Sunday, March 8, 2015

VRF-Lite for management interface

How to configure management interface for WAN edge router

Create VRF-Lite for management purpose:

ip vrf MGMT
rd 1:1

Configure the required interface for this VRF:

interface GigabitEthernet0/2
description MGMT-INTF
ip vrf forwarding MGMT
ip address
load-interval 30
speed auto
duplex auto

Configure default route for this VRF:

ip route vrf MGMT

FTP for download/upload files to the router:

ip ftp source-interface GigabitEthernet0/2
ip ftp username cisco
ip ftp password cisco

Management access for VTY access:

ip access-list standard ACL_MGMT_ACCESS
deny   any log
line vty 0 15
access-class ACL_MGMT_ACCESS in vrf-also
exec-timeout 5 0
logging synchronous
transport input ssh

Note the vrf-also keyword for allowing this ACL from all VRF’s

NTP configuration:

ntp authentication-key 1 md5 013C10578F020123890C 7
ntp authenticate
ntp trusted-key 1
ntp source GigabitEthernet0/2
ntp server vrf MGMT maxpoll 6 minpoll 4 version 2

And RADIUS configuration:

radius server RADIUS
address ipv4 auth-port 1812 acct-port 1813
timeout 2
retransmit 2
key 7 013C10578F0201238
ip radius source-interface GigabitEthernet0/2 vrf MANAGEMENT

No comments:

Post a Comment