RE: Central Services with one CE Router // VRF Lite

From: Shaughn Smith (Shaughn.Smith@za.verizonbusiness.com)
Date: Mon Aug 25 2008 - 19:13:51 ART

• Next message: omar parihuana: "Re: Central Services with one CE Router // VRF Lite"
• Previous message: omar parihuana: "Central Services with one CE Router // VRF Lite"
• Maybe in reply to: omar parihuana: "Central Services with one CE Router // VRF Lite"
• Next in thread: omar parihuana: "Re: Central Services with one CE Router // VRF Lite"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Your config looks fairly correct, however the way you have it now the
other VRF's will be able to speak to each other. I would do this

ip vrf group_mgmt
 rd 65001:110
 route-target export 65001:110
 route-target import 65001:500

ip vrf telecom_mgmt
 rd 65001:100
 route-target export 65001:100
 route-target import 65001:500

ip vrf server_mgmt
 rd 65001:500
 route-target export 65001:500
 route-target import 65001:100
 route-target import 65001:110

This config means that vrf server-mgmt can connect to both VRF's but
they cant connect to each other.

I am not sure what your route-target export 65001:300 was doing though ?

You could also setup a route-map, set extcommunity Rt to xxxx and then
use that as an export map on the server-mgmt vrf. You would then import
that specific RT on the other 2 VRF's

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
omar parihuana
Sent: Monday, August 25, 2008 11:40 PM
To: Cisco certification
Subject: Central Services with one CE Router // VRF Lite

Hi List,

I need configure multiple routing instance using a only router, I
configured VRF-Lite, I've just created the VRF, RD, RT and multiples VPN
are
working well, however I need that one VRF be able to connect to others
VPNs,
for example, I configured:

!
ip cef
ip vrf group_mgmt
 rd 65001:110
 route-target export 65001:110
 route-target export 65001:300
 route-target import 65001:110
 route-target import 65001:400
!
ip vrf telecom_mgmt
 rd 65001:100
 route-target export 65001:100
 route-target export 65001:300
 route-target import 65001:100
 route-target import 65001:400
!
ip vrf server_mgmt
 rd 65001:500
 route-target export 65001:400
 route-target import 65001:300
 route-target import 65001:400
!

!
interface FastEthernet0/0.100
 encapsulation dot1Q 100
 ip vrf forwarding telecom_mgmt
 ip address 172.21.5.1 255.255.255.252
!
interface FastEthernet0/0.110
 encapsulation dot1Q 110
 ip vrf forwarding group_mgmt
 ip address 172.21.5.5 255.255.255.252
!
!
interface FastEthernet0/1
 description LAN Management
 ip vrf forwarding server_mgmt
 ip address 206.49.208.214 255.255.255.224
 duplex auto
!

I need that VRF server_mgmt be able to connect to other VRFs (I've tried
to
configure RT but without BGP I think that RT will not work) So, I need
that
VRF server_mgmt routing table show the others VRF routes, but between
the
others VPN connectivity is not allowed (like Central Services in
VPN/MPLS,
but I need to do it only with one router)

Pls suggestion will be appreciate.

Rgds.

-- 
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!
Blogs and organic groups at http://www.ccie.net

• Next message: omar parihuana: "Re: Central Services with one CE Router // VRF Lite"
• Previous message: omar parihuana: "Central Services with one CE Router // VRF Lite"
• Maybe in reply to: omar parihuana: "Central Services with one CE Router // VRF Lite"
• Next in thread: omar parihuana: "Re: Central Services with one CE Router // VRF Lite"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART