Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
3
Replies

vrf-lite on lan

fd_case17
Level 1
Level 1

‎06-18-2008 06:11 AM - edited ‎03-05-2019 11:42 PM

on our lan we want to use vrf-lite to isolate 2 vlan from the others but they have to interact with the vrf WAN for exemple so there might be route leaking

Just a question about the conf

what's the difference between this config

ip vrf wan

rd 1:1

route-target export 1:1

route-target import 1:1

is it mandatory to apply these 2 route target ???

can we make this?

ip vrf wan

rd 1:1

export map wan-map

so we just export we want to for the vrf wan

What is the best solution

Labels:
0 Helpful
3 Replies 3

michaelchoo
Level 1
Level 1

‎06-18-2008 04:49 PM

route-target configs are only required if you run MPLS. Since you only want to run VRF-Lite, you don't have to configure route-target for your VRF(s). Consequently, there's not export-map required either. If you start playing around with export-map and the likes, you're opening up a whole new can of worms, 'cuz then you need to set up MP-BGP, etc. Unless you do want to set up your own MPLS network.

I don't think you need to create a "WAN VRF". You only need the 2 VRFs and the global routing table. How many layer-3 devices do you have? If you only have the WAN router as the routing device, you may not even need to leak routes. Just relevant static VRF routes in each VRF to reach the WAN (default route may be sufficient?). Might help if you can provide your intended network topology.

0 Helpful

fd_case17
Level 1
Level 1
In response to michaelchoo

‎06-19-2008 01:25 AM

hi,

"You only need the 2 VRFs and the global routing table."

How can I make this?

a static route in the 2 VRF to reach the WAN who

is in global table?

thanx

0 Helpful

michaelchoo
Level 1
Level 1
In response to fd_case17

‎06-19-2008 04:43 PM

well, what I meant was that you don't need "ip vrf" config for your "WAN segment". Here's an example config:

ip vrf Segment1

rd :1

ip vrf Segment2

rd :2

interface

description SVI for Segment1

ip vrf forwarding Segment1

ip address

interface

description SVI for Segment2

ip vrf forwarding Segment2

ip address

interface serial0/0

description WAN

ip address

Note on RD: best practice typically calls for BGP AS number being used for the 1st part of RD, while the 2nd part is typically an arbitrary number that you choose.

Now, not knowing your exact requirements or your topology, I can't guarantee that the configs above will meet your needs. They're just a guide. Will help heaps if you can provide topology and also state your requirements.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card