Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PBR within the same VRF with MPLS

We manage a campus MPLS network comprised of Cisco 76xx routers as my "P" devices.  Attached to the MPLS core are several PE devices (Cisco 6509 VSS pairs).  I have a single VRF named "students" that exists across all my PE devices.  Across this "students" VRF I have some addresses that are public and some that are private.  When any "students" VRF traffic hits my enterprise edge PE device, I need to policy route this traffic to either (A) the firewall for NAT'ing the private addresses or (B) for public addresses just route directly to the Internet (around the firewalls).  My challenge is that this traffic enters the enterprise edge PE via an MPLS interface.  Can I put a policy on an MPLS interface for this?  This is a production environment so I can't just throw it on and see if it works.  I also can't really find any definitive documentation on exactly how to do this. 

I appreciate any help with this matter.


  • LAN Switching and Routing
Everyone's tags (5)

PBR within the same VRF with MPLS

can you perform the NAT at the Edge 6509 PE instead of the firewall ? if yes,  you can use in this case VRF-aware NAT

below is a simple example

you can use ACL/route map to match the source addresses to be NAT ( which is the private in your case )

hope this help

New Member

PBR within the same VRF with MPLS

Unfortunately NAT is not an option on our Edge-PE devices.  Corp policy dictates the use of the firewalls for NAT in this case.  Besides, we really do not wish to perform NAT on our PE devices.