Management services overview and service restriction instructions.

The vRouter supports significant flexibility in configuring management services. Unlike many other VRF implementations, the vRouter does not require that you separate management functions on a dedicated VRF routing instance. Instead, the vRouter offers the ability to enable and disable management services in the context of a particular routing instance (or in some cases, instances).

This approach can be used to restrict management service access to a specific routing instance, if desired, or to create a more-complex access structure, subject to the following restrictions.

The following services must run on a single routing instance:

• SNMP
• RADIUS
• TACACS+
• NTP

The following services can run on a single routing instance and multiple routing instances:

• DNS
• DHCP
• SSH
• syslog
• Telnet

Services like LLDP, which operate at Layer 2, must be configured on a systemwide basis (not bound to a particular routing instance).

When determining how to set up management services, consider the interfaces you want to use, the functions you want to perform, and whether the service can be applied to individual routing instances. For example, the following figure shows a sample division of management functions in a vRouter with three routing instances:

• BLUE: Configured for DHCP, DNS, SSH, and syslog.
• RED: Configured for DHCP and DNS.
• WHITE: Configured for SSH, RADIUS, TACACS+, SNMP, and NTP.