cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
338
Views
5
Helpful
2
Replies

MPLS-VPN CE to CE separation

talmadari
Level 1
Level 1

Hi Pros,

I'm looking for a way to separate 2 or more CE's for reaching each other on the same VRF,

For example if I have a customer VRF (MPLS-VPN L3) which configured with default route to the Internet and many branch offices which are connected to, now the customer wants that each branch could reach the Internet but not to talk with other branches.

thanks ahead,

Talm

2 Replies 2

rsimoni
Cisco Employee
Cisco Employee

Hi Talm,

you'd better make the needed changes on the PEs (major re-configuration is needed).

I.e. you create a new VRF for the users which should not connect to other branches while you leave the any-to-any sites in the existing vrf.

Then you play with  RT's import/export maps to achieve your goal.

Or you can apply ACLs on the CEs, but that it is not a great idea as it goes against the main idea of MPLS VPNs.

Riccardo

Hi Riccardo,

thank you for your replay but if i understand you correct, in this scenario, I will need a VRF for each branch.

BR,

talm

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: