we had a network with Cat4500 SupV as Core and Cat3750/Cat3750G (not metro!) as Distribution platform.
I'm finding out if using VRF Lite is possible to separate two entities that use the same physical network and span the whole net to have one, max. two, contact point between these entities...to implement security policy
Should this work with the platform we had or to implement a VRF network we should have had Cat6500 ???
If this not work the only solution available is to use RACL at each Distribution node where there are both entitites to separate the traffic
thanks for any help
yes what you want to do is possible.
You will need the "multi-VRF aka VRF lite" where IP routing is performed. So in case the Cat3750 are pure Layer2 switches the VRFs are not needed there.
Think of a VRF as a sort of virtual router to which certain VLAN/ethernet interfaces are attached.
To separate two entities you would create two VRFs in the Catalyst 4500 according to "Configuring VRF-lite"
and also in the Catalyst 3750 along the description in "Configuring Multi-VRF CE"
Note that there has being a name change from VRF-lite to Multy-VRF. This is however exactly the same feature - afaik marketing wanted the change because it sounds better.
Did this help? Then please rate the post.