This is the first post in a series that I’m calling Cisco Done Quick (CDQ).

Have you ever had a Cisco router that didn’t have a wired management interface? Serial is all fine and good, but sometimes you don’t have a Serial Console Server but you do have a management network.

If the router supports VRFs, you can easily create a VRF just for management traffic. This is a great option and can be quickly accomplished with a few commands:

Basic config:

In configure mode:

ip vrf MANAGEMENT
 exit
interface GigabitEthernet0/0
 ip vrf forwarding MANAGEMENT
 ip address dhcp
 exit

This creates the VRF named “MANAGEMENT” and assigns a single interface to it. Rather than using DHCP, I’d usually statically assign an IP, but you get the idea.

TFTP and other standard protocols:

Let’s say you want all TFTP traffic to use the new management interface… that’s easy with the “ip xxxx source-interface” set of commands:

ip tftp source-interface gi 0/0

Syslog:

logging host aaa.bbb.ccc.ddd vrf MANAGEMENT

NTP:

ntp server vrf MANAGEMENT aaa.bbb.ccc.ddd
ntp source gig 0/0
ntp logging

Conclusion

I’m a big advocate for separation of management and production traffic. It eases some of my security concerns. These steps are simple and in my experience quite useful. Enjoy.