Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Local router, FR DLCI to VLAN mapping

On a CE router I need to ensure that inbound traffic from a serial interface (FR encap. local DLCI 100) is mapped to local logical VLAN 100. I need to this for multiple DLCIs.

I need to inspect all traffic at a firewall before it is permitted out another DLCI.

Thanks,

Rob

8 REPLIES

Re: Local router, FR DLCI to VLAN mapping

Are there subinterfaces on the ethernet side of this router that routes for various vlans ?

New Member

Re: Local router, FR DLCI to VLAN mapping

Yes, sorry I left that info off.

Subinterface on a q-trunk.

Re: Local router, FR DLCI to VLAN mapping

On the FR DLCI side, are they point to point or multipoint subinterfaces ? You can use policy routing on each subinterface on FR side to be send to a particular outgoing subinterface on ethernet side.

New Member

Re: Local router, FR DLCI to VLAN mapping

The FR DLCI side will most likely be p-t-p. PBR does appear to be the most likely solution. What other option are there?

Thanks,

Rob

Re: Local router, FR DLCI to VLAN mapping

You may optionally try bridging between the respective sub interfaces. Even though this is not a very recommended solution.

HTH

PS: Please remember to rate replies!

New Member

Re: Local router, FR DLCI to VLAN mapping

I agree, bridging would not be my first choice.

PBR may be the way to go.

Thanks,

Rob

Re: Local router, FR DLCI to VLAN mapping

Hello,

I do see two possibilities to achieve your requirements.

First you could enable Policy based routing on each interface. This way you can send the incoming traffic to an outgoing interface of your choice. In my opinion this gets somewhat messy and not too easy to implement from an administrative point of view.

Second you could implement Multi-VRF in your router. Each VRF works like a separate, single (virtual) router. You would create a set of VRFs containing one FR subinterface and one VLAN subinterface each. All IP traffic would then be routed in each VRF (static or dynamic) from FR to VLAN and vice versa.

Assuming it is your firewall trunking (dot1Q) to your FR router, the only allowed path between the FR DLCIs would be through your firewall. This solution would be my definate favourite also with respect to security. An example config would look like this:

ip cef

ip vrf Cust1

rd 65000:1

ip vrf Cust2

rd 65000:2

interface Serial0/0

encapsulation frame-relay

interface Serial0/0.1 point-to-point

ip address 10.1.1.1 255.255.255.252

ip vrf forwarding Cust1

frame-relay interface-dlci 100

interface Serial0/0.2 point-to-point

ip address 10.2.1.1 255.255.255.252

ip vrf forwarding Cust2

frame-relay interface-dlci 200

interface FastEthernet1/1.100

encapsulation dot1Q 100

ip address 10.10.1.1 255.255.255.0

ip vrf forwarding Cust1

interface FastEthernet1/1.200

encapsulation dot1Q 200

ip address 10.20.1.1 255.255.255.0

ip vrf forwarding Cust2

ip route vrf Cust1 0.0.0.0 0.0.0.0 FastEthernet1/1.100 10.10.1.2

ip route vrf Cust1 10.1.0.0 255.255.0.0 Serial0/0.1 10.1.1.2

ip route vrf Cust2 0.0.0.0 0.0.0.0 FastEthernet1/1.200 10.20.1.2

ip route vrf Cust2 10.2.0.0 255.255.0.0 Serial0/0.2 10.2.1.2

You need to adjust the ip addresses, interfaces and so on to your environment. It will also be possible to use dynamic IP routing across your FR DLCIs.

As you can see you need FR subinterfaces and also a WAN router supporting Multi-VRF (aka vrf-lite).

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: Local router, FR DLCI to VLAN mapping

Hello,

I guess I need to read up on Multi-VRF. It does appear to be a nice solutions.

Thanks,

Rob

334
Views
5
Helpful
8
Replies
CreatePlease login to create content