Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
4
Replies

Routing between 2 CEs on same PE

jrmoraes77
Level 1
Level 1

‎11-01-2002 10:04 AM

I would like to build a dedicated VPN to manage all CEs on my network. All CEs should be connected only to my NOC CE (where is my all NMS), and conversatins between CEs cannot occour.

I my lab, I test this environment, but allways all CEs connected on same PE can connect.

I need to know if anyone experienced this situation and how to fix it.

Thank's

Labels:
0 Helpful
4 Replies 4

p.krane
Level 3
Level 3

‎11-07-2002 08:40 AM

I guess you are looking at a hub & spoke MPLS-VPN solution where the NOC-hub should communicate with all CEs, but the CEs (spokes) should not communicate with each other.

You may have to manipulate the route targets to achieve this.

Refer to http://www.cisco.com/en/US/products/sw/netmgtsw/ps2327/products_maintenance_guide_chapter09186a0080088092.html#xtocid29

for more details

0 Helpful

gnaganab
Cisco Employee
Cisco Employee

‎12-20-2002 04:14 PM

Hi there, The title and the description are not in sync. I am confused as what you are looking for. Route-maps make route manipulation really flexible. Forward your topo and configs if you still want a solution.

best regards,

Gopal

0 Helpful

thisisshanky
Level 11
Level 11
In response to gnaganab

‎01-25-2003 11:22 AM

Hello Jose,

In your case, the best topology would be a hub and spoke MPLS VPN, where the spokes cannot see each other. For this route-targets should be manipulated.

Consider central site X, remote CE sites A and B.

On the PE For the 2 sites, A and B, you would be creating two VRFs for each site. say VPN_A and VPN_B.

ip vrf VPN_A

rd 10:1

route-target export 100:1

route-target import 200:1

ip vrf VPN_B

rd 20:1

route-target export 300:1

route-target import 200:1

On the PE For the NOC CE,

ip vrf VPN_NOC

rd 30:1

route-target export 200:1

route-target import 100:1

route-target import 300:1

This should isolate the VPN connection from each CE to NOC CE. Individual CEs wont see each other in this case.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

mheusinger
Level 10
Level 10

‎02-06-2003 12:39 AM

Hi, the best solution would be to setup managed router service (a central service like VPN topology) The idea is: have a separate NMS vrf and import only the loopback IPs from the managed CEs. Mark those routes through a route-map with an additional RT and import it in vrf NMS. mark your NMS networks with another RT and export the routes.

In case you need an example config, let me know.

kind regards

Martin

0 Helpful
Customers Also Viewed These Support Documents