10-05-2009 02:32 AM - edited 03-06-2019 07:59 AM
We are trying to configure VRFs in our network which has VSS6500 and 2960s. So can anyone help me out in finding the appropriate configuration documents for the setup.
10-05-2009 03:44 AM
Hello Venkata,
first of all you need to decide if you want to implement VRF lite also known as Multi VRF CE (no mpls involved)
or you want to use MPLS L3 VPN (VRF + MPLS).
config guide is here
C2960 should be only L2 switches.
you need to map a set of L2 Vlans to each VRF so that you can segregate.
SVI interfaces on VSS will be mapped in respective VRF using
ip vrf forwarding vrf-name
note that when you assign a L3 interface to a VRF you need to configure the ip address again.
A VRF lite approach can be enough for your needs, this leads to using dedicated Vlans for each VRF to build a topology:
example:
VRF1
access switch -- vlan 101 -- VSS --- vlan 102 --- FW or border router -- Internet
VRF2
access switch -- vlan 202 -- VSS --- vlan 203 --- FW or border router -- Internet
and so on
physical links will be 802.1Q trunks carrying needed vlans
each VRF is separated and only FW can make them to communicate if needed in a controlled way.
the FW can be external or a FWSM in VSS.
Hope to help
Giuseppe
10-05-2009 11:14 PM
Hi Giuseppe;
Thanks for a quick response; that did help me. But is there a link where i can find a config guide for VRF Lite ?
Regards;
Venkata
10-06-2009 03:53 AM
Hello Venkata,
you may like the following
Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW
Configuring VRF-Lite
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html
Edit:
thanks to Sachin that had attached it in MPLS forum saving me time to look for it
Hope to help
Giuseppe
12-23-2010 07:57 AM
Hello,
One more question. I'm trying to configure 2x6509(VSS+MEC)+external FW. I'm confused about VRF approach. Which variant would be better? Which advantage and disadvantage every one have:
1. VRFx: [access switch] -- vlan 101 -- [VSS] --- vlan 102 --- [FW] -- <
2. VRFx: [access switch] -- vlan 101 -- [VSS] --- vlan 101 --- [FW] -- <
Is it necessary to create an additional 102 vlan? I see just one advantage - no 101 vlan's broadcasts on FW
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: