Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: VRF Light

VRF Light 7 years 6 months ago #29794

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
Hi all,

Any of you any experience with VRF Light?

Currently I have the following challenge.

I would like to seperate a couple of VLAN's from other VLAN's and would route them to a seperates firewall. They are not allowed to communicate outsite these VLAN-group.

[Core-Switch]
VLAN1
VLAN2
VLAN3
VLAN4
VLAN5
VLAN6
VLAN7


VLAN 1-2-3-4 are able to communicate with eachother and the rest of the network (routed)

VLAN 5-6-7 may communicate with eachtother, but NOT with the rest of the network.
Now, i would like to attach an interface of the Firewall on the Core-switch in VLAN-8

Have VLAN 5-6-7 communicatie with 5-6-7-8.

For this I think VRF-Light is a nice way to distinguish these.
Thanks for the responses in advance :)

greetings Chojin
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.

Re: VRF Light 7 years 6 months ago #29855

  • Chojin
  • Chojin's Avatar
  • Offline
  • Senior Member
  • Posts: 251
  • Karma: 0
As always things will work :)..


Got VRF-Light working at the moment, see below the config of my 3750:

[code:1]
Current configuration : 3975 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch2
!
boot-start-marker
boot-end-marker
!
enable secret 5 show_me_the_money
!
username cisco password 0 cisco <-- this is a secret
no aaa new-model
switch 1 provision ws-c3750-24p
system mtu routing 1500
!
ip subnet-zero
ip routing
no ip domain-lookup
!
!
ip vrf test
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf test2
rd 2:2
route-target export 2:2
route-target import 2:2
!

!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface Loopback1
ip vrf forwarding test
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
no switchport
no ip address
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip vrf forwarding test
ip address 192.168.10.3 255.255.255.0
standby 1 ip 192.168.10.254
standby 1 priority 90
standby 1 preempt
standby 1 track GigabitEthernet1/0/1 25
!
interface Vlan20
ip vrf forwarding test2
ip address 192.168.10.2 255.255.255.0
!
interface Vlan999
ip address 192.168.99.2 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
!
!
control-plane
!
alias exec s show ip int brief | e unas
alias exec si show int status | e notcon
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password cisco <-- this is a secret, don't tell anyone plz
login
line vty 5 15
password cisco <-- this is a secret, don't tell anyone plz
login
!
end
[/code:1]
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
The administrator has disabled public write access.
Time to create page: 0.076 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup