[c-nsp] Match-in-VRF
Derick Winkworth
dwinkworth at att.net
Wed Aug 4 13:34:11 EDT 2010
This limits the scope of a NAT rule/translation to the VRF specified in the NAT
rule. The most common issue is that outside NATs were always global, even if
you specified a VRF. You could not re-use the same translated address (pool)
for another VRF / different real address...
Essentially this command ensures you have real per-VRF inside and outside
translations which means you can re-use real and NAT'd addresses on a per VRF
basis without any issues.
This is now the default/native behavior of IOS XE. There is no match-in-vrf on
that platform because it is not needed.
________________________________
From: Oliver Boehmer (oboehmer) <oboehmer at cisco.com>
To: David Warner <davidwarner1975 at yahoo.com.au>; cisco-nsp at puck.nether.net
Sent: Wed, August 4, 2010 3:25:32 AM
Subject: Re: [c-nsp] Match-in-VRF
> Was hoping someone could advise with regards to what the NAT keywords
> "match-in-vrf" achieves? We typically use this in production. However,
Ive
> just
> been labbing NAT config using VRF lite and it doesnt appear to change
> behaviour
> and Cisco literature is unclear. With or without it, translations
occur in
> the
> relevant VRF.
not an expert, but do you use overlapping pools between vrfs? If you are
not, you don't need "match-in-vrf".. take a look at
http://docwiki.cisco.com/wiki/Category:NAT
oli
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list