chikagoh
asked on
Cisco VRF
Greetings,
I have a Cisco router (c1921) that travels around the country and plugs into different networks (hotels, convention centers, etc..).
We of course have issues when the DHCP WAN IP address we receive from the venue conflicts with the LAN networks.
We are thinking of using VRF to fix this issue.
I am looking for a good sample configuration with the WAN interface on the router is getting an IP address via DHCP (mostly private 172.16.x.x, 192.168.x.x and 10.x.x.x networks), and the LAN has multiple subinterfaces for dot1q VLANs.
I do have a Cisco EZVPN that connects to our datacenter, so this would still need to work.
Thank you!
David
I have a Cisco router (c1921) that travels around the country and plugs into different networks (hotels, convention centers, etc..).
We of course have issues when the DHCP WAN IP address we receive from the venue conflicts with the LAN networks.
We are thinking of using VRF to fix this issue.
I am looking for a good sample configuration with the WAN interface on the router is getting an IP address via DHCP (mostly private 172.16.x.x, 192.168.x.x and 10.x.x.x networks), and the LAN has multiple subinterfaces for dot1q VLANs.
I do have a Cisco EZVPN that connects to our datacenter, so this would still need to work.
Thank you!
David
Craig Beck
How are you thinking of fixing this with VRF?
http://blog.ine.com/2008/06/15/easy-vpn-combined-with-vrf-lite-2/
The above is a good example of ezvpn with vrf.
The only other piece to the puzzle would be to configure the outside interface with dhcp in the global routing table (with no vrf specified) and to apply the ezvpn vrf to the inside interface.
The above is a good example of ezvpn with vrf.
The only other piece to the puzzle would be to configure the outside interface with dhcp in the global routing table (with no vrf specified) and to apply the ezvpn vrf to the inside interface.
ASKER
Craigbeck, With vrf you can have duplicate ip networks in different routing instances correct?
But if you've only got one WAN link, with one IP address, how will VRF help?
Can you expand on what exactly you want to achieve using VRF?
Can you expand on what exactly you want to achieve using VRF?
Yes you can have duplicate IP addresses in different VRFs, BUT if you only have one WAN address, what will VRF do for you?
ASKER
Craigbeck. I just don't want my wan(dhcp) to conflict with any of my LAN sub interfaces
What I'm getting at is (as an example):
You have a single WAN link with IP 192.168.0.1/24
You have a LAN using IP range 192.168.0.0/16
How will VRF help to overcome this??
Maybe there's something missing from the OP, but are you suggesting that the LAN needs to route to a central office via EZ-VPN (therefore effectively bypassing the WAN routing)?
If so, rauenpc's example is what you need. If not, VRF won't help.
You have a single WAN link with IP 192.168.0.1/24
You have a LAN using IP range 192.168.0.0/16
How will VRF help to overcome this??
Maybe there's something missing from the OP, but are you suggesting that the LAN needs to route to a central office via EZ-VPN (therefore effectively bypassing the WAN routing)?
If so, rauenpc's example is what you need. If not, VRF won't help.
ASKER
rauenpc: If the WAN interface (global routing table) gets a DHCP address that conflicts with a LAN VRF-lite interface, will there be a conflict?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.