Separate routing processes on 6506E switch

zac.quinn · ‎12-19-2008

Hi all,

I have a 6506E switch with multiple VLAN's. I need to interconnect 2 groups of VLAN's via a PIX 525E running 6.2 so can't subinterface. Is it possible to run a routing process on the 6506E for vlans's a-c and another also on the 6506E for vlan's d-f allowing the firewall to control access between the groups? By default the 6506E routes all the connected vlans a-f together which circumvents the firewall.

TIA Zac

Jon Marshall · ‎12-19-2008

Zac

Yes you can do this using VRF-lite -

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/46sg/configuration/guide/vrf.html

I know this doc is for the 4500 but it works on the 6500, i can just never fine the doc for that.

Vrf-lite will allow you to have 2 completely separate routing and forwarding tables one for vlan a-c (vrf1) and one for vlans d - f (vrf2).

Assuming you are using 2 interfaces on the pix you would then allocate ports that the interfaces connect into on the 6500 as either vrf1 or vrf2.

Jon

zac.quinn · ‎03-17-2009

Apologies for not getting back to you. Many thanks for the info but in the end the topology changed so this was no longer required and I forgot I'd even asked the question!!!