[c-nsp] VRF-Lite Question

[Arie Vayner (avayner)]

Shakeel,

Why not just span the L2 VLANs all the way to the PIX?

In any way, using VRF Lite would enable you to use the PIX as a CE. The
"PE" would just have a different VLAN in the VRF, which would be spanned
over a trunk (or a full port if you wish) to the PIX. The PIX does not
have any idea of the VRF - for it its just another interface (as it's a
CE)

Arie 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Shakeel Ahmad
Sent: Sunday, February 11, 2007 16:50 PM
To: [c-nsp]
Subject: [c-nsp] VRF-Lite Question

Hello,

I am in middle of solving a puzzle and needed advice from you
guyz...thanks in advance...

Diagram: *http://tinyurl.com/37fho6*
(A must see or question will be confusing)

a client is following this topology and now wants to enable wireless
access to all the users in all 3 buildings. Requirement is to use the
physical 2950's in the building which are connected to 3550's which are
connected at
L3 to the core 4507R. VLANs are not spanned out of one single building -
major requirement is to terminate the wireless users directly on a
Virtual/Physical interface on PIX firewall while using the same
infrastructure (without adding any extra hardware except wireless access
points - LinkSys). Client do not want wireless users to share the
routing table on core due to security reasons.

As PIX is involved GRE is out of question - My immeidate suggestion
would be VRF-Lite but i am confused here, how will PIX act as CE and if
we see the VRF path it's of only two hops 3550 (L3) -> 4507R (L3).
besides 4057R & PIX are located in a seperate building via fiber.

any suggestion or possible solution will be appreciated.

thanks,
SA
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/