12-06-2023 02:06 PM
Most of our switches are 7650/7550's and we've got management VRFs configured. Looking for some kind of workaround on some of our sites since VRFs aren't available on the 7150 L3 devices. Thinking PBR with ACL restricting to that subnet. Has anyone here done this? Am I missing something?
12-08-2023 02:56 AM
Hi Matt,
With respect to the query raised, on the set up currently , with the 7650s and 7550s, there is a management VRF in place for the MGMT traffic to traverse; and something similar is needed for 7150s
if the 7150s are being deployed with Switch image : you could use Management-vlan to set up the mgmt vlan and use the OOBM interface management purposes
management-vlan (click on the link)
if on router code, you could have a vlan dedicated to management. Access - restricted via ACL to that subnet.
or further more/better yet, you could use ssh access-group to restrict access to the devices CLI via the network by defining the allowed IPs via the Standard ACL: same can also be done for SNMP, where access to the switch can be restricted via standard ACL.
ssh access-group
SNMP config statement
this way the traffic wont be affected : and only allowed devices will be able to access device.
Do let us know if the details help.
Thanks !!