Note
This section only applies to VSP 8600 Series.Ensure that you do not define a default route in the Management Router VRF. A route used for non-virtualized client management applications, such as Telnet, Secure Shell (SSH), and FTP, originating from the switch, will always match a default route defined in the Management Router VRF.
If you want out-of-band management, as a best practice, define a specific static route in the Management Router VRF to the IP subnet where your management application resides.
When you specify a static route in the Management Router VRF, it enables the client management applications originating from the switch to perform out-of-band management without affecting in-band management. This enables in-band management applications to operate in the Global Router VRF.
Look at the Management Router VRF route table.
If no route is found, the applications will proceed to look in the Global Router VRF table.
DNS
FTP client with the copy command
NTP
rlogin
Note
Rlogin is only supported on VSP 8600 Series.
RADIUS authentication and accounting
SSH
SNMP clients in the form of traps
SYSLOG
TACACS+
Telnet
TFTP client
For management applications that originate outside the switch, the initial incoming packets establish a VRF context that limits the return path to the same VRF context.