Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

vrf lite

We have 3750 switches as L2 access switches, which is dually homed to two 6509 with MSFC as the distribution layer. The 6509s are connected to the core.

We are using two ranges of IPs, for users vlans connected to the 3750s. The first range is 10.1.x.x, and 172.16.x.x. All these VLANs are terminated on the 6509s.

We want to stop the two IP ranges (10.1.x.x. and 172.16.x.x) from reaching each other directly via the 6509s. So, in order for a user from 10.1.x.x range to access user from 172.1.6.x.x, the packet has to go through the core. Right now, because the two ranges are defined on the 6509s, so the packet just jumps between VLANs on the 6509.

The only way I could think of to do that is using VRF lite, where I can create two VPNs, one for 10.1 range and one for 172.16 range.

My question, is there any other solutions? If not, who is going to be CE and who is going to be PE? We will need CE-PE-CE

thanks

1 REPLY
Silver

Re: vrf lite

Well, you could disable ip routing, then the switch will not be able to route between vlans. If this will hinder some other functionality then the VRF lite is another good solution.

But you do not need MPLS in your situation since you are only looking for traffic seperation. Hence no concept of PE.

On your 6500 create two vrfs to correspond to the networks. Apply the vrfs to the appropriate vlan interfaces on the 6500. I think that is all that is needed to achieve your scenario.

115
Views
0
Helpful
1
Replies
CreatePlease to create content