Most of our switches are 7650/7550's and we've got management VRFs configured. Looking for some kind of workaround on some of our sites since VRFs aren't available on the 7150 L3 devices. Thinking PBR with ACL restricting to that subnet. Has anyone here done this? Am I missing something?
With respect to the query raised, on the set up currently , with the 7650s and 7550s, there is a management VRF in place for the MGMT traffic to traverse; and something similar is needed for 7150s if the 7150s are being deployed with Switch image : you could use Management-vlan to set up the mgmt vlan and use the OOBM interface management purposes management-vlan (click on the link)
if on router code, you could have a vlan dedicated to management. Access - restricted via ACL to that subnet.
or further more/better yet, you could use ssh access-group to restrict access to the devices CLI via the network by defining the allowed IPs via the Standard ACL: same can also be done for SNMP, where access to the switch can be restricted via standard ACL.