From: Shaughn Smith (Shaughn.Smith@za.verizonbusiness.com)
Date: Wed Aug 27 2008 - 07:54:40 ART
Hi
If you follow the config I did then you should achieve just that.
The one VRF/VPN will speak to both while they wont speak between each
other
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
omar parihuana
Sent: Tuesday, August 26, 2008 12:27 AM
To: Shaughn Smith; Cisco certification
Subject: Re: Central Services with one CE Router // VRF Lite
Hi,
Thank you for your reponse...
I know that RT works with BGP but I'm not enterily sure if I use RT will
be
useful in my case, I'm using one only router for five VPNs and need that
one
VPN will be able to reach the others, and the others won't be able to
communicate between them. No router PE is involved.
Thanks!
Rgds.
On 8/25/08, Shaughn Smith <Shaughn.Smith@za.verizonbusiness.com> wrote:
>
> Your config looks fairly correct, however the way you have it now the
> other VRF's will be able to speak to each other. I would do this
>
> ip vrf group_mgmt
> rd 65001:110
> route-target export 65001:110
> route-target import 65001:500
>
> ip vrf telecom_mgmt
> rd 65001:100
> route-target export 65001:100
> route-target import 65001:500
>
> ip vrf server_mgmt
> rd 65001:500
> route-target export 65001:500
> route-target import 65001:100
> route-target import 65001:110
>
> This config means that vrf server-mgmt can connect to both VRF's but
> they cant connect to each other.
>
> I am not sure what your route-target export 65001:300 was doing though
?
>
>
> You could also setup a route-map, set extcommunity Rt to xxxx and then
> use that as an export map on the server-mgmt vrf. You would then
import
> that specific RT on the other 2 VRF's
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> omar parihuana
> Sent: Monday, August 25, 2008 11:40 PM
> To: Cisco certification
> Subject: Central Services with one CE Router // VRF Lite
>
> Hi List,
>
> I need configure multiple routing instance using a only router, I
> configured VRF-Lite, I've just created the VRF, RD, RT and multiples
VPN
> are
> working well, however I need that one VRF be able to connect to others
> VPNs,
> for example, I configured:
>
> !
> ip cef
> ip vrf group_mgmt
> rd 65001:110
> route-target export 65001:110
> route-target export 65001:300
> route-target import 65001:110
> route-target import 65001:400
> !
> ip vrf telecom_mgmt
> rd 65001:100
> route-target export 65001:100
> route-target export 65001:300
> route-target import 65001:100
> route-target import 65001:400
> !
> ip vrf server_mgmt
> rd 65001:500
> route-target export 65001:400
> route-target import 65001:300
> route-target import 65001:400
> !
>
>
> !
> interface FastEthernet0/0.100
> encapsulation dot1Q 100
> ip vrf forwarding telecom_mgmt
> ip address 172.21.5.1 255.255.255.252
> !
> interface FastEthernet0/0.110
> encapsulation dot1Q 110
> ip vrf forwarding group_mgmt
> ip address 172.21.5.5 255.255.255.252
> !
> !
> interface FastEthernet0/1
> description LAN Management
> ip vrf forwarding server_mgmt
> ip address 206.49.208.214 255.255.255.224
> duplex auto
> !
>
> I need that VRF server_mgmt be able to connect to other VRFs (I've
tried
> to
> configure RT but without BGP I think that RT will not work) So, I need
> that
> VRF server_mgmt routing table show the others VRF routes, but between
> the
> others VPN connectivity is not allowed (like Central Services in
> VPN/MPLS,
> but I need to do it only with one router)
>
> Pls suggestion will be appreciate.
>
> Rgds.
>
> --
> Omar E.P.T
> -----------------
> Certified Networking Professionals make better Connections!
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART