Go Premium for a chance to win a PS4. Enter to Win


VRF on 7206

Posted on 2011-09-30
Medium Priority
Last Modified: 2012-06-27
Good Morning!

I'm in the process of re-doing our network at our headquarters, and have a question that is a bit above me in terms of my Cisco studies (Third of my way through CCNP). The 7200 is doing some VRF stuff that I'm not sure how/why/whats happening with it. I'll provide the setup and some config. The 7200 was set up before I was employed here.

Time Warner Fiber. They gave us 2 subnets of IPs.
1st - 24.3*.**.56/30
2nd - 24.3*.**.48/29

ASA IP is 24.3*.**.50 using a GW of .49

(Time Warner Media Box) -> (7200) --> (ASA 5510) -local net

The 7200 is using the first range, the ASA is using the 2nd range. I want to remove the 7200 once these last few T1 offices convert over to faster connections. Here is the 7200 config.
Partial config: (Try to edit everything out that wasn't necessary).
 rd 65535:100
 route-target export 65535:100
 route-target import 65535:100
interface FastEthernet0/0
 ip vrf forwarding TWTELECOM
 ip address 24.3*.**.58
 load-interval 30
 duplex full

interface Ethernet4/1
 ip vrf forwarding TWTELECOM
 ip address 24.3*.**.49
 ip nat outside
 duplex full

ip route vrf TWTELECOM 24.3*.**.57
ip route vrf TWTELECOM 24.3*.**.50

Open in new window

I guess my main question is.. what is this really doing? If I removed this box, what would/should I replace it with?
Question by:prlit
  • 2
  • 2
LVL 18

Accepted Solution

jmeggers earned 2000 total points
ID: 36892857
It doesn't seem to make a lot of sense that you would have a single VRF configured, unless there's a reason to separate VRF traffic from global traffic.  But it appears to me that you're just routing through the 7200 and the VRF isn't really providing you any benefit, unless there's some reason I can't think of why the ISP wants it set up that way.  Is the 7200 your router or managed by the ISP?

Author Comment

ID: 36893059
The 7200 is our router, however when Time Warner came through they requested to make those changes apparently for which ever reason. I'm not sure why they'd want or need to make the changes.. The only thing I can think of is if they can only give out a max /29?? Implemented the vrf and used the /30 to handle the gateway or something?

We literally use the 7200 for nothing except T1 offices entry/endpoint. Everything else is handled through the ASA. I want the 7200 out of there ASAP since it only has half duplex cards in it and it's a waste of our fibre speeds. I was just going to put in an L3 switch (I'm actually going to test that tonight when theres downtime).. I guess in the long run I'll probably have to call them and see if we actually need that setup as it is now..

My other question is, what exactly are the benefits of VRF in general. I've read some stuff about it, but haven't dived to much into it.
LVL 18

Expert Comment

ID: 36894029
The ASA won't handle a T1 interface, but likely neither would the L3 switch you're referring to.  Is T1 capability a requirement?

I see no need for the VRFs, the 7200 would route between the two subnets without any problem anyway.  But if it's there and working I certainly wouldn't mess with it just to get rid of the VRF.  If you don't need to support a T1 interface and can accept an Ethernet handoff, then just go straight to the ASA.

Author Comment

ID: 36894198
The T1s are scheduled to expire in November, and Time Warner is supposedly doing construction next week to bring these remote sites cable broadband (they're in no mans land, haha). So once they are set and good, thats when I was planning on moving the new equipment in and taking the 7200 out.


Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
In this article, we’ll look at how to deploy ProxySQL.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question