https://community.ruckuswireless.com/t5/ICX-Switches/PBR-as-VRF-Substitute-on-7150/m-p/72767#M5042 <P>Hi Matt,&nbsp;</P><P>With respect to the query raised, on the set up currently , with the 7650s and 7550s, there is a management VRF in place for the MGMT traffic to traverse; and something similar is needed for&nbsp; 7150s&nbsp;<BR />if the 7150s are being deployed with Switch image : you could use Management-vlan to set up the mgmt vlan and use the OOBM interface management purposes&nbsp;<BR /><A href="https://docs.commscope.com/bundle/fastiron-08090-commandref/page/GUID-4E7D719F-FDD8-4098-BD59-FA61418959AE.html" target="_self">management-vlan</A>&nbsp;(click on the link)&nbsp;</P><P>if on router code, you could have a vlan dedicated to management. Access - restricted via ACL to that subnet.&nbsp;</P><P>or further more/better yet, you could use ssh access-group to restrict access to the devices CLI via the network by defining the allowed IPs via the Standard ACL: same can also be done for SNMP, where access to the switch can be restricted via standard ACL.&nbsp;</P><P><A href="https://docs.commscope.com/bundle/fastiron-08095-commandref/page/GUID-541A79ED-0DA6-46D3-96CD-0880F43DD7BF.html" target="_self">ssh access-group</A>&nbsp;<BR /><A href="https://docs.commscope.com/bundle/fastiron-08095-commandref/page/GUID-E0EDB8BC-AC55-4251-A920-FB317129683F.html" target="_self">SNMP config statement</A>&nbsp;</P><P>this way the traffic wont be affected : and only allowed devices will be able to access device.&nbsp;</P><P>&nbsp;</P><P>Do let us know if the details help.&nbsp;</P><P>&nbsp;</P><P>Thanks !!&nbsp;</P> Fri, 08 Dec 2023 10:56:25 GMT jdryan 2023-12-08T10:56:25Z https://community.ruckuswireless.com/t5/ICX-Switches/PBR-as-VRF-Substitute-on-7150/m-p/72709#M5037 <P>Most of our switches are 7650/7550's and we've got management VRFs configured.&nbsp; Looking for some kind of workaround on some of our sites since VRFs aren't available on the 7150 L3 devices.&nbsp; Thinking PBR with ACL restricting to that subnet.&nbsp; Has anyone here done this?&nbsp; Am I missing something?</P> Wed, 06 Dec 2023 22:06:25 GMT https://community.ruckuswireless.com/t5/ICX-Switches/PBR-as-VRF-Substitute-on-7150/m-p/72709#M5037 matt_236689 2023-12-06T22:06:25Z https://community.ruckuswireless.com/t5/ICX-Switches/PBR-as-VRF-Substitute-on-7150/m-p/72767#M5042 <P>Hi Matt,&nbsp;</P><P>With respect to the query raised, on the set up currently , with the 7650s and 7550s, there is a management VRF in place for the MGMT traffic to traverse; and something similar is needed for&nbsp; 7150s&nbsp;<BR />if the 7150s are being deployed with Switch image : you could use Management-vlan to set up the mgmt vlan and use the OOBM interface management purposes&nbsp;<BR /><A href="https://docs.commscope.com/bundle/fastiron-08090-commandref/page/GUID-4E7D719F-FDD8-4098-BD59-FA61418959AE.html" target="_self">management-vlan</A>&nbsp;(click on the link)&nbsp;</P><P>if on router code, you could have a vlan dedicated to management. Access - restricted via ACL to that subnet.&nbsp;</P><P>or further more/better yet, you could use ssh access-group to restrict access to the devices CLI via the network by defining the allowed IPs via the Standard ACL: same can also be done for SNMP, where access to the switch can be restricted via standard ACL.&nbsp;</P><P><A href="https://docs.commscope.com/bundle/fastiron-08095-commandref/page/GUID-541A79ED-0DA6-46D3-96CD-0880F43DD7BF.html" target="_self">ssh access-group</A>&nbsp;<BR /><A href="https://docs.commscope.com/bundle/fastiron-08095-commandref/page/GUID-E0EDB8BC-AC55-4251-A920-FB317129683F.html" target="_self">SNMP config statement</A>&nbsp;</P><P>this way the traffic wont be affected : and only allowed devices will be able to access device.&nbsp;</P><P>&nbsp;</P><P>Do let us know if the details help.&nbsp;</P><P>&nbsp;</P><P>Thanks !!&nbsp;</P> Fri, 08 Dec 2023 10:56:25 GMT https://community.ruckuswireless.com/t5/ICX-Switches/PBR-as-VRF-Substitute-on-7150/m-p/72767#M5042 jdryan 2023-12-08T10:56:25Z