How to configure management interface for WAN edge router
Create VRF-Lite for management purpose:
|
ip vrf MGMT
rd 1:1
|
Configure the required interface for this VRF:
|
interface GigabitEthernet0/2
description MGMT-INTF
ip vrf forwarding MGMT
ip address 10.1.0.10
255.255.255.0
load-interval 30
speed auto
duplex auto
|
Configure default route for this VRF:
|
ip route vrf MGMT 0.0.0.0
0.0.0.0 10.1.0.1
|
FTP for download/upload files to the router:
|
ip ftp source-interface GigabitEthernet0/2
ip ftp username cisco
ip ftp password cisco
|
Management access for VTY access:
|
ip access-list standard
ACL_MGMT_ACCESS
permit 10.1.0.0 0.0.0.255
deny any log
!
line vty 0 15
access-class ACL_MGMT_ACCESS
in vrf-also
exec-timeout 5 0
logging synchronous
transport input ssh
|
Note the vrf-also keyword for allowing this ACL from all VRF’s
NTP configuration:
|
ntp authentication-key 1 md5
013C10578F020123890C 7
ntp authenticate
ntp trusted-key 1
ntp source GigabitEthernet0/2
ntp server vrf MGMT 10.1.0.1
maxpoll 6 minpoll 4 version 2
|
And RADIUS configuration:
|
radius server RADIUS
address ipv4 10.5.0.45
auth-port 1812 acct-port 1813
timeout 2
retransmit 2
key 7 013C10578F0201238
!
ip radius source-interface GigabitEthernet0/2
vrf MANAGEMENT
|
No comments:
Post a Comment