One of the ways to limit control plane access to your PE is to define an ACL and simply use it on your VTY lines. Using an ACL on VTYs will automatically prevent control plane access from VRFs even if the ACL itself permitted the source IPs. So even this configuration would work for you:
ip access-list standard VTY
line vty 0 15
access-class VTY in
If you actually wanted to allow access from VRFs as well based on the source IP, you would need the vrf-also keyword in the access-class command - this discussion was focused on its usage:
Using this approach, the management traffic has to enter only through the defined set of management interfaces, otherwise it will be dropped. You can define multiple interfaces in the control-plane host section.
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...