[c-nsp] VRF-Lite Question

Shakeel Ahmad shakeelahmad at gmail.com
Sun Feb 11 16:06:48 EST 2007 

Thanks, one more question,

In VRF-Lite, there's a case when 2 VRF Interfaced need to route traffic on a
single interface outside - how can the outside interface be part of two VRF.
What community should be exported or imported in which VRF.

thanks,
SA


On 2/11/07, Ray Burkholder <ray at oneunified.net> wrote:
>
> I did a sample vrf config here:
> http://www.oneunified.net/blog/Cisco/vrflite.article
>
> A couple of points:
> A) I used GRE tunnels with the end points in the global routing table and
> the tunnel content in a separate vrf (keeps routing out of core as you
> required) when crossing routed boundaries, say between buildings and such
> where I use routed ports rather than trunked ports
> B) Latest PIX's are vrf aware.  You should be able to do a search on Cisco
> for these types of configs.  It is also known as  acontext-aware PIX
> config.
>
>
> That is vrf's in a nutshell.  If anything is still unclear, I can fill in
> the details.
>
> Ray.
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Shakeel Ahmad
> > Sent: Sunday, February 11, 2007 10:50
> > To: [c-nsp]
> > Subject: [c-nsp] VRF-Lite Question
> >
> > Hello,
> >
> > I am in middle of solving a puzzle and needed advice from you
> > guyz...thanks in advance...
> >
> > Diagram: *http://tinyurl.com/37fho6*
> > (A must see or question will be confusing)
> >
> > a client is following this topology and now wants to enable
> > wireless access to all the users in all 3 buildings.
> > Requirement is to use the physical 2950's in the building
> > which are connected to 3550's which are connected at
> > L3 to the core 4507R. VLANs are not spanned out of one single
> > building - major requirement is to terminate the wireless
> > users directly on a Virtual/Physical interface on PIX
> > firewall while using the same infrastructure (without adding
> > any extra hardware except wireless access points - LinkSys).
> > Client do not want wireless users to share the routing table
> > on core due to security reasons.
> >
> > As PIX is involved GRE is out of question - My immeidate
> > suggestion would be VRF-Lite but i am confused here, how will
> > PIX act as CE and if we see the VRF path it's of only two
> > hops 3550 (L3) -> 4507R (L3). besides 4057R & PIX are located
> > in a seperate building via fiber.
> >
> > any suggestion or possible solution will be appreciated.
> >
> > thanks,
> > SA
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > --
> > Scanned for viruses and dangerous content at
> > http://www.oneunified.net and is believed to be clean.
> >
> >
>
>
> --
> Scanned for viruses and dangerous content at
> http://www.oneunified.net and is believed to be clean.
>
>

More information about the cisco-nsp mailing list