<div>
<div class="content wysiwyg-content">
Scenario - &nbsp;Users from remote sites must gain access to specific VRF's within a Core Switch. &nbsp;The fronting Router or Layer 3 Switch must direct traffic to the appropriate interface on the core Switch to ensure traffic enters the correct VRF. <br />
<br />
I could use source IP addressing and create a route map --this is one solution.<br />
<br />
I am also looking for a solution that would involve radius authentication. &nbsp;Effectively can a Radius Server somehow or someway influence the port or interface that the traffic will exit depending on the authentication. &nbsp; &nbsp;<br />
<br />
example) User from Remote Site A must be directed to VRF 100. &nbsp;Entry to VRF 100 on the Core Switch is through interface Gig 1/1. &nbsp; This interface (Gig 1/1) is conncected directly to interface gig 2/1 on the fronting Router Cisco 3900. &nbsp; &nbsp;How do I force the user from Site A to exit interface Gig 2/1 on the Cisco Router based on how he authenticated with the Radius Server.<br />
<br />
<br />
I am open to employing any device including firewalls, layer 3 switches, routers etc.
</div>
</div>


Scenario -  Users from remote sites must gain access to specific VRF's within a Core Switch.  The fronting Router or Layer 3 Switch must direct traffic to the appropriate interface on the core Switch to ensure traffic enters the correct VRF. 

I could use source IP addressing and create a route map --this is one solution.

I am also looking for a solution that would involve radius authentication.  Effectively can a Radius Server somehow or someway influence the port or interface that the traffic will exit depending on the authentication.    

example) User from Remote Site A must be directed to VRF 100.  Entry to VRF 100 on the Core Switch is through interface Gig 1/1.   This interface (Gig 1/1) is conncected directly to interface gig 2/1 on the fronting Router Cisco 3900.    How do I force the user from Site A to exit interface Gig 2/1 on the Cisco Router based on how he authenticated with the Radius Server.


I am open to employing any device including firewalls, layer 3 switches, routers etc.

CISCO RADIUS AUTHENTICATION

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Routers

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.