We are about to implement vrf-lite on our 6509 switch. Currently 6509 switch connect to several branches via atm oc3 link. We want to separate each brach office traffic with vrf-lite function. Additionaly each branch office will be subject to different firewall policy. We thought about attach an external firewall to 6509 with dot1q encapsulation. Is this solution working? Appreciate any help.Thanks.
why not use a firewall service module in the 6500? its a high performance firewall and providing you purchase the correct number of context license for the number of virtual firewalls (offices?) you intend to have it will work nicely. You can create a separate virtual firewall for each office. The virtual firewall is a pix with in a pix. There is one admin context used to define the vlans associated with each firewall instance.
On each vlan layer 3 interface "behind" the firewall you can define the vrf. I think this will allow you to avoid an external firewall and provide top-notch security.
This document is an early notification of a behaviour change that will be introduced in IOS XR release 6.5.
IOS XR configuration principles relevant for this article are:
On router platforms all interfaces must be by defaul...
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application ...