cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1192
Views
4
Helpful
4
Replies

VRF Config

Rams.Dandu
Level 1
Level 1

We are trying to configure VRFs in our network which has VSS6500 and 2960s. So can anyone help me out in finding the appropriate configuration documents for the setup.

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Venkata,

first of all you need to decide if you want to implement VRF lite also known as Multi VRF CE (no mpls involved)

or you want to use MPLS L3 VPN (VRF + MPLS).

config guide is here

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/pfc3mpls.html#wp1368507

C2960 should be only L2 switches.

you need to map a set of L2 Vlans to each VRF so that you can segregate.

SVI interfaces on VSS will be mapped in respective VRF using

ip vrf forwarding vrf-name

note that when you assign a L3 interface to a VRF you need to configure the ip address again.

A VRF lite approach can be enough for your needs, this leads to using dedicated Vlans for each VRF to build a topology:

example:

VRF1

access switch -- vlan 101 -- VSS --- vlan 102 --- FW or border router -- Internet

VRF2

access switch -- vlan 202 -- VSS --- vlan 203 --- FW or border router -- Internet

and so on

physical links will be 802.1Q trunks carrying needed vlans

each VRF is separated and only FW can make them to communicate if needed in a controlled way.

the FW can be external or a FWSM in VSS.

Hope to help

Giuseppe

Hi Giuseppe;

Thanks for a quick response; that did help me. But is there a link where i can find a config guide for VRF Lite ?

Regards;

Venkata

Hello Venkata,

you may like the following

Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW

Configuring VRF-Lite

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html

Edit:

thanks to Sachin that had attached it in MPLS forum saving me time to look for it

Hope to help

Giuseppe

Hello,

One more question. I'm trying to configure 2x6509(VSS+MEC)+external FW. I'm confused about VRF approach. Which variant would be better? Which advantage and disadvantage every one have:

1.   VRFx: [access switch] -- vlan 101 -- [VSS] --- vlan 102 --- [FW] -- <

2.   VRFx: [access switch] -- vlan 101 -- [VSS] --- vlan 101 --- [FW] -- <

Is it necessary to create an additional 102 vlan? I see just one advantage  - no 101 vlan's broadcasts on FW

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: