Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MPLS-VPN CE to CE separation

Hi Pros,

I'm looking for a way to separate 2 or more CE's for reaching each other on the same VRF,

For example if I have a customer VRF (MPLS-VPN L3) which configured with default route to the Internet and many branch offices which are connected to, now the customer wants that each branch could reach the Internet but not to talk with other branches.

thanks ahead,

Talm

2 REPLIES
Cisco Employee

MPLS-VPN CE to CE separation

Hi Talm,

you'd better make the needed changes on the PEs (major re-configuration is needed).

I.e. you create a new VRF for the users which should not connect to other branches while you leave the any-to-any sites in the existing vrf.

Then you play with  RT's import/export maps to achieve your goal.

Or you can apply ACLs on the CEs, but that it is not a great idea as it goes against the main idea of MPLS VPNs.

Riccardo

New Member

MPLS-VPN CE to CE separation

Hi Riccardo,

thank you for your replay but if i understand you correct, in this scenario, I will need a VRF for each branch.

BR,

talm

227
Views
5
Helpful
2
Replies
CreatePlease login to create content