Will need to make this as secure as possible so things like SNMP, SSH, Syslog, HTTPS and Netflow for / via NetSight are all done out of band on the management network only. All the switches in use are either S or K series.
My first thoughts are that I would have to do this with Policy and ACL's, but it would be preferential to use a separate VRF.
So my questions are:
- What would the best why to ago about this in the most secure manner?
- Perhaps there is a better method in EOS?
- If I was to use a VRF for management (and my point in using it), is I could then just enable the management protocols on the management VRF and turn them off on the default VRF. (I don't believe its possible, but it would provide the simplest and most secure set-up, perhaps still in conjunction with policy and ACL's)