[c-nsp] MPLS VPN with lot of PPP interfaces and central firewall (Half Duplex VRF / HDVRF)
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Feb 23 03:02:31 EST 2010
>
> Am 19.02.2010 10:13, Gerald Krause schrieb:
> > I hope the rest of my Half Duplex VRF will work now as this initial
> > problem seems to be solved.
>
> I'am still unable to separate the branches (LANs) on the LNS/PE. I
would
> expect, that any certain LAN1 from CPE1 isn't allowed to access a LAN2
> behind a CPE2 directly through the LNS/PE but this isn't the case.
>
> Maybe I have a wrong understanding how I should configure the two
> Down/UP-VRFs correctly and/or how the export/import works in such a
> case. Any suggestions would be appreciate.
Interesting.. Your config looks ok. I don't have a lab setup ready, but
can you inject a (bogus or valid) default from a remote PE into the
"VRFTEST-UP" so you actually provide any routing for the branches?
i.e.
hostname hub-PE
!
ip vrf VRFTEST-HUB
rd x:y
route-target export 101:0
route-target import 102:2
!
int lo123
ip vrf forwarding VRFTEST-HUB
ip address 1.1.1.1 255.255.255.255
!
router bgp ..
address-family ipv4 vrf VRFTEST-HUB
default-information originate
redistribute static
redistribute connected
!
ip route vrf 0.0.0.0 0.0.0.0 Null0
oli
More information about the cisco-nsp
mailing list