VRF Interaction With Other Features
AAA RADIUS Servers
•
AAA RADIUS servers can be configured on any VRF instance including the default VRF instance.
However, all of the RADIUS servers must reside on the same VRF instance.
•
The VRF instance that the RADIUS server is configured on becomes the "management" VRF instance
and can perform authentication for any of the following services:
Console
Telnet
FTP
SSH (ssh, sftp, and scp)
•
If the VRF instance that the RADIUS servers reside on is deleted or disabled, access to the RADIUS
servers will be disabled as well.
BGPv4
•
Each BGPv4 routing instance requires configuration of an Autonomous System number, router ID
number, and primary IP address that is explicit to the associated VRF instance.
•
BGP neighbors defined for a specific VRF instance and address family (IPv4 and IPv6) will peer with
neighbors accessible through interfaces associated with the same VRF instance.
IP-IP and GRE Tunnels
Tunnel endpoint addresses always exist in the default VRF instance regardless of the instance in which the
tunnel interface is configured.
Management Applications (Telnet and SSH)
•
Telnet and SSH (ssh, sftp, and scp) sessions "to" the switch are now VRF aware. Client support for
these utilities is supported only in the default VRF instance.
•
A maximum of 4 combined Telnet sessions are allowed simultaneously across all VRFs on the switch.
•
A maximum of 8 combined SSH sessions are allowed simultaneously across all VRFs on the switch
Quality of Service (QoS)
•
The Auto-NMS feature (non-VRF aware) recognizes all of the IP interfaces configured in the default
VRF instance. The first eight of these interfaces are prioritized by Auto-NMS to ensure switch manage-
ability in the event of a DoS attack.
•
Policy Based Routing, as indicated in the table above, is a default VRF application. The functionality
of this feature remains the same as in releases prior to the implementation of Multiple VRF instances.
VRF Policies
•
A VRF policy condition parameter is available to specify a VRF name to which the policy condition
applies. This parameter can also specify the default VRF, and a no form of the command exists to
remove a VRF condition parameter. For example:
page 25-10
HTTP
SNMP
802.1X
MAC-based authentication
OmniSwitch AOS Release 6 Network Configuration Guide
Configuring Multiple VRF
September 2009