Guest VLAN and VRF

Unanswered Question
Jul 11th, 2008
User Badges:

I have a guest vlan setup on a 6500 and put the SVI for this vlan in a seperate VRF. I also have a pix interface in this VRF which allows the users in this Vlan to surf the internet and keep the traffic isolated. Now the requirement has come up to pass this web traffic to a web-cache engine for web-caching and url filetring. It's a cisco's Web-Cache engine which runs WCCP with the 6500 in the global Route table. My question is how do i pass traffic from guest VRF to this web-cache engine? There is an extran interface on the Web-cache engine that i can plug into the VRF, but because of the wccp i think it's always going to return traffic back into the global RIB. Hope this makes sense. Please help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Fri, 07/11/2008 - 14:52
User Badges:
  • Blue, 1500 points or more


Currently WCCP isn't VFR-aware.

As per cisco its under development.


Syed

singh.andy Fri, 07/11/2008 - 15:01
User Badges:

how else can I do this? I can may be leak some routes between the VRF and Global RIB and have the traffic re-directed that way. Any ideas would be welcomed. thanks

sachinga.hcl Mon, 06/01/2009 - 10:25
User Badges:
  • Silver, 250 points or more

Hi Andy,


The VRF awareness for 12.4(T) is still probably 8-12 months out. VRF aware WCCP features are definitely in the pipeline, but nothing has been publically published on availability timelines.



It's now publically available on the forum... but , I've only found it on the 3750 and 3550 documentation.



at the 3750 you will need to place the redirect statement on each of the VLANs, ip wccp 61 redirect in


Kindly find here GRE Tunnel with VRF Configuration Example:


http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml


I have gotten as far as the WAE registering the router:

"WCCP configuration for TCP Promiscuous service 61 and 62 succeeded.

WCCP configuration for TCP Promiscuous succeeded.Please remember to

configure WCCP service 61 and 62 on the corresponding router."


wae01#sh wccp router

Router Information for Service: TCP Promiscuous 61

Routers Configured and Seeing this Wide Area Engine(1)

Router Id Sent To Recv ID

0.0.0.0 209.1.1.1 0000022F

--------------------------


--------------------------

The router registers the WAE as a WCCP client:

router04#

"*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 61 acquired on WCCP

client 209.1.1.2"

"*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 62 acquired on WCCP

client 209.1.1.2"


The router however cannot figure out what its ID is and does not see

itself as a WCCP group router.

router04#sh ip wccp

Global WCCP information:

Router information:

Router Identifier: -not yet determined-

Protocol Version: 2.0


Service Identifier: 61

Number of Service Group Clients: 1

Number of Service Group Routers: 0

Total Packets s/w Redirected: 0

Process: 0

Fast: 0

CEF: 0

Redirect access-list: ACCELERATED-TRAFFIC

Total Packets Denied Redirect: 0

Total Packets Unassigned: 25957

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

Total Bypassed Packets Received: 0

--------------------------




This is a short summary of important commands for working with VRF's.

View the VRF instances and the associated interfaces.


ml-mr-c6-gs#show ip vrf

Name Default RD Interfaces

blurvrf 100:2 Vlan215

Vlan326

tgvrf 100:1 Vlan132

Vlan325

TenGigabitEthernet1/1

ml-mr-c6-gs#


Show the routing table for a specific VRF.


ml-mr-c6-gs#show ip route vrf tgvrf


Routing Table: tgvrf

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external,

---More--


Gateway of last resort is 128.117.243.57 to network 0.0.0.0


O E2 192.52.106.0/24 [110/1] via 128.117.243.57, 1d19h, Vlan325

O E2 192.168.150.0/24 [110/160] via 128.117.243.57, 1d19h, Vlan325

172.17.0.0/29 is subnetted, 3 subnets

O E2 172.17.1.16 [110/0] via 128.117.243.57, 1d19h, Vlan325

O E2 172.17.1.8 [110/1] via 128.117.243.57, 1d19h, Vlan325

O E2 172.17.1.0 [110/1] via 128.117.243.57, 1d19h, Vlan325

--More--


Debugging should otherwise be similar to a regular switch or router.





Final Teragrid VRF Design and Diagrams



http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/final.shtml




Teragrid Testbed Design

http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/testbed.shtml




Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW

Configuring VRF-Lite


http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html




sachin garg

Actions

This Discussion