beautypg.com

Configuring management vrfs, Source interface and management vrf compatibility – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 645

background image

Example:

Brocade(config)# no vrf customer1

Warning: All IPv4 and IPv6 addresses (including link-local) from all interfaces in

VRF customer1 have been removed

Configuring Management VRFs

The management VRF is used to provide secure management access to the device by sending inbound
and outbound management traffic through the VRF specified as a global management VRF and through
the out-of-band management port, thereby isolating management traffic from the network data traffic.

By default, the inbound traffic is unaware of VRF and allows incoming packets from any VRF, including
the default VRF. The outbound traffic is only through the default VRF. The default VRF consists of out-
of-band management port and all the LP ports that do not belong to any other VRFs.

Any VRF, except the default VRF, can be configured as a management VRF. When a management
VRF is configured, the management traffic is allowed through the ports belonging to the specified VRF
and the out-of-band management port. The management traffic through the ports belonging to the other
VRFs and the default VRF are dropped and the rejection statistics are incremented.

If the management VRF is not configured, the management applications will follow the default behavior.
The management VRF configuration is applicable for both IPv4 and IPv6 management traffic.

The management VRF is supported by the following management applications:

• SNMP server
• SNMP trap generator
• Telnet server
• SSH server
• Telnet client
• RADIUS client
• TACACS+ client
• TFTP
• SCP
• Syslog

NOTE
The management VRF is not applicable to inbound and outbound traffic of the ping and traceroute
commands. These commands use the VRF specified in the command or the default VRF, if no VRF is
specified.

Source interface and management VRF compatibility

There is a source interface configuration associated with the management applications. When a source
interface is configured, the management applications use the lowest configured IP address of the
specified interface as source IP address in all the outgoing packets. If the configured interface is not
part of the management VRF, the response packet will not reach the destination. If the compatibility
check fails while configuring either the management VRF or the source interface, the following warning
message will be displayed. However, the configuration command will be accepted.

The source-interface for Telnet, TFTP is not part of the management-vrf

Configuring Management VRFs

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

645

53-1003087-04

See also other documents in the category Brocade Computer Accessories: