[c-nsp] Logical Router Segmentation
Derick Winkworth
dwinkworth at att.net
Sat Jan 10 18:43:13 EST 2009
You might be able to do this without vrf-lite, with something like PBR...
You only have two "domains" and each domain only has two logical
interfaces. So you could create four policies, one for each interface
that sets the egress interface that you want all traffic coming into
that interface to go to... so in the case of the internet interface...
the policy would just direct all inbound packets to the firewall
ethernet interface...
Chris Burwell wrote:
> Brad,
>
> Thank you for the suggestion!
>
> http://www.hiddenone.net/Topology.pdf
>
> That PDF has two pages. Page one represents our current topology and
> page two represents what I would like to do. The red lines on page two
> represent what would be outside of our network (the two connections).
>
> - Chris
>
> On Fri, Jan 9, 2009 at 7:10 PM, Brad Hedlund <brhedlun at cisco.com> wrote:
>
>> On 1/9/09 5:52 PM, "Chris Burwell" <cburwell at gmail.com> wrote:
>>
>>
>>> I am looking for a bit of guidance on logically segmenting an existing
>>> router.
>>> I appreciate any help!
>>>
>> Chris,
>> I think it would help if you drew this up in a Visio, saved it as a PDF, and
>> uploaded it to a URL for folks to look at as they read your overview and
>> questions.
>>
>>
>> Cheers,
>> Brad Hedlund
>> bhedlund at cisco.com
>> http://www.internetworkexpert.org
>>
>>
>>
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.176 / Virus Database: 270.10.5/1885 - Release Date: 1/9/2009 7:59 PM
>
>
More information about the cisco-nsp
mailing list