[c-nsp] VRF-Lite Question
Shakeel Ahmad
shakeelahmad at gmail.com
Sun Feb 11 11:22:37 EST 2007
Arie,
thanks for reply -
> Why not just span the L2 VLANs all the way to the PIX?
As we are involving L3 in between Distribution and Core layer - we would
have to run a sperate protocol to span VLANs across L3 till core. Besides
cisco doc's says , in layered approach VLANs should not go out of the
cabinet.
Also i am new with VRF-Lite (just one or two Lab implementations), i read
that VRF needs a L3 interface - if we are doing trunk to PIX what is the
exact feature/syntax i can use for making that specific port for that RD.
regards,
SA
On 2/11/07, Arie Vayner (avayner) <avayner at cisco.com> wrote:
>
> Shakeel,
>
> Why not just span the L2 VLANs all the way to the PIX?
>
> In any way, using VRF Lite would enable you to use the PIX as a CE. The
> "PE" would just have a different VLAN in the VRF, which would be spanned
> over a trunk (or a full port if you wish) to the PIX. The PIX does not
> have any idea of the VRF - for it its just another interface (as it's a
> CE)
>
> Arie
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Shakeel Ahmad
> Sent: Sunday, February 11, 2007 16:50 PM
> To: [c-nsp]
> Subject: [c-nsp] VRF-Lite Question
>
> Hello,
>
> I am in middle of solving a puzzle and needed advice from you
> guyz...thanks in advance...
>
> Diagram: *http://tinyurl.com/37fho6*
> (A must see or question will be confusing)
>
> a client is following this topology and now wants to enable wireless
> access to all the users in all 3 buildings. Requirement is to use the
> physical 2950's in the building which are connected to 3550's which are
> connected at
> L3 to the core 4507R. VLANs are not spanned out of one single building -
> major requirement is to terminate the wireless users directly on a
> Virtual/Physical interface on PIX firewall while using the same
> infrastructure (without adding any extra hardware except wireless access
> points - LinkSys). Client do not want wireless users to share the
> routing table on core due to security reasons.
>
> As PIX is involved GRE is out of question - My immeidate suggestion
> would be VRF-Lite but i am confused here, how will PIX act as CE and if
> we see the VRF path it's of only two hops 3550 (L3) -> 4507R (L3).
> besides 4057R & PIX are located in a seperate building via fiber.
>
> any suggestion or possible solution will be appreciated.
>
> thanks,
> SA
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list