[c-nsp] VRF-Lite Question
Shakeel Ahmad
shakeelahmad at gmail.com
Sun Feb 11 09:49:59 EST 2007
Hello,
I am in middle of solving a puzzle and needed advice from you guyz...thanks
in advance...
Diagram: *http://tinyurl.com/37fho6*
(A must see or question will be confusing)
a client is following this topology and now wants to enable wireless access
to all the users in all 3 buildings. Requirement is to use the physical
2950's in the building which are connected to 3550's which are connected at
L3 to the core 4507R. VLANs are not spanned out of one single building -
major requirement is to terminate the wireless users directly on a
Virtual/Physical interface on PIX firewall while using the same
infrastructure (without adding any extra hardware except wireless access
points - LinkSys). Client do not want wireless users to share the routing
table on core due to security reasons.
As PIX is involved GRE is out of question - My immeidate suggestion would be
VRF-Lite but i am confused here, how will PIX act as CE and if we see the
VRF path it's of only two hops 3550 (L3) -> 4507R (L3). besides 4057R & PIX
are located in a seperate building via fiber.
any suggestion or possible solution will be appreciated.
thanks,
SA
More information about the cisco-nsp
mailing list