I am never one to fear something new – except perhaps a new release of a JVM.
Some weeks ago, I decided it would be a good idea to upgrade one of my home routers to IOS 15.0(1)M – seeing as I paid enough for a maintenance contract, I’m entitled.  Ever since that day, I’ve been unable to ssh to the router with an access-class applied to the VTY lines.  Every time, it refuses my connection, but allows it without an access-class.
This morning, I stumbled upon the answer – put ‘vrf-also’ at the end of the access-class line: access-class 99 in vrf-also. This only matters if you’re running VRF Lite, as I am, because I have a separate firewall and ‘clean’ and ‘dirty’ VRFs.
Never fear something that’s new – expect breakage, and expect to learn.
Leave a Reply