Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Isolating routing between to segments

I have requirements to route between to different subnets but need to isolate the routing from other interfaces on the router. I have a 6509 and need to integrate an old route that is not up to par. I was looking at map-routes to keep the routing on the two interfaces correct, but I am need to also stop the other routed traffic from seeing the two isolated segments and interfaces. When I assign the interface vlan (with an IP Address) an entry is added to the route table (RIP) and could be used by other local traffic.

Can I remove the route entry or use a “private vlan” to stop communication between the two routing environments

Thanks

Dan

3 REPLIES
Hall of Fame Super Blue

Re: Isolating routing between to segments

Dan

If you want completely separate routing tables then you need to look at something like vrf-lite. Attached is a link to a doc that explains the concept of vrf-lite -

http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html#wp80419

If you want to configure it just do a search on Cisco site for "4500 vrf-lite". For some reason i can never find the 6500 vrf-lite configuration but it is the same.

Vrf-lite allows you to associate interfaces to specific vrf's and each vrf has it's own independent routing table.

Jon

Hall of Fame Super Silver

Re: Isolating routing between to segments

hello Dan, Jon

I agree with Jon the best tool here is an MPLS VRF: Virtual routing table:

Example:

ip vrf Legacy

rd yourBGPASnumber:100

int vlan X | gi x/y

ip vrf forwarding Legacy

! retype the ip address !!

int vlan Y | gi z/k

ip vrf forwarding Legacy

! retype the ip address !!

This put the two interfaces in a separate routing table.

You can also run routing protocol over it

router rip

version 2

address-family ipv4 vrf Legacy

network x.x.x.x

Hope to help

Giuseppe

Purple

Re: Isolating routing between to segments

Can't you just use ACL's to regulate whats going in and out of those subnets ?

149
Views
0
Helpful
3
Replies
CreatePlease to create content