Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list with Vrf tag

Is there any ios supports access-list with vrf tag or any other solution for this.

my problem is

i want to compare source address with vrf tag and assign next hop by using route map.

your valuable reply will be help full for me.

4 REPLIES

Re: Access-list with Vrf tag

Hi,

I would assume another approach will get you where you want. You can use

1) a route-map towards the RR/other PE routers matching on RT and network setting the BGP next hop

2) a route-map under the VRF config:

ip vrf VRFname

rd 65000:1

export map SetBGPstuff4VRFname

route-target ...

route-map SetBGPstuff4VRFname

match ip address 100

set next-hop a.b.c.d

3) IF you want ALL prefixes from a VRF with a different BGP next hop:

ip vrf VRFname

rd 65000:1

bgp next-hop a.b.c.d

route-target ...

Please also be aware, that the next hop IP MUST be on the PE where the VRF resides! Otherwise the label switching part will be broken, because the VPN label is assigned by the PE and understood only by the PE.

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: Access-list with Vrf tag

thanks martin

as for my network i dont have vrf in my PE router.so all my traffic is tag with vrf once it hits my core.after that i want to set next-hop address( inside of the vrf interface).

Silver

Re: Access-list with Vrf tag

While I'm not entirely clear about what you are asking, I think VRF selection by Policy Base Routing is close to it. Check the following links

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00806996d5.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a0080699424.html

New Member

Re: Access-list with Vrf tag

Hi,

Adding to the above posts, you can also consider the following:

1) Creating a VRF - VRF_ABC

2) On incoming/ingress interface configure - "ip policy route-map VRF_Select" &

"ip recieve VRF_ABC" &

3) "access-list 10 permit 10.1.1.0 0.0.0.255"

4) "route-map VRF_Select permit"

"match ip address 10"

"set verf VRF_ABC"

Also would like other's to comment whether this would actually be okay...

Thanks

Cheers,

~sultan

3144
Views
0
Helpful
4
Replies
CreatePlease login to create content