Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1171
Views
0
Helpful
2
Replies

vrf for Internet Access

Go to solution
alex.dersch
Level 4
Level 4

‎08-17-2013 01:00 PM

Hello,

i'd like to configure a dedicated vrf for Internet access only. On my CE router i configured three vrf (Internet, red and blue) in the vrf internet i import the route target from blue and red, and the vrf blue and red i import only the default route. Everything is working fine, only one thing bothers me, i can ping from the vrf red destinations in the vrf blue and vice versa. How can i prevent this routing?

thanks in advanced.

Alex

here the config of my router.

ip prefix-list internet seq 5 permit 0.0.0.0/0

!

route-map internet permit 10

match ip address prefix-list internet

set extcommunity rt 100:200

!

ip vrf internet

rd 100:100

route-target both 100:100

route-target import 100:110

route-tarbet import 100:120

export map internet

!

ip vrf red

rd 100:110

route-target both 100:110

route-target import 100:200

!

ip vrf blue

rd 100:120

route-target both 100:120

route-target import 100:200

Labels:
Preview file
24 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎08-17-2013 06:07 PM

Hi Alex,

Given the FW is the next hop for the default route, the traffic from one vrf to the other goes through the FW and get routed back to the CE and then to the respective vrf router. You could add the rules on the FW to prevent

traffic being routed between FW.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎08-17-2013 06:07 PM

Hi Alex,

Given the FW is the next hop for the default route, the traffic from one vrf to the other goes through the FW and get routed back to the CE and then to the respective vrf router. You could add the rules on the FW to prevent

traffic being routed between FW.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to Harold Ritter

‎08-18-2013 04:18 AM

Hi Harold,

it was not the Firewall which returned the the traffic. There was a L3 Switch involved which returned the traffic. I bypassed the L3 Switch and the Firewall is blocking the traffic correctly.

thanks a lot

Alex

0 Helpful
Customers Also Viewed These Support Documents