VRF configuration problem
Hi, I want to setup VRF between two sites. Please see diagram below.
VPN1 -----router1--------WAN---
| |
VPN2 -------| |------VPN2
And I have the configuration on router 1,
My question is,
1. for VRF sharing the same WAN, Do I need to add this to VRF like my configuration or do I need to removed the WAN in VRF?
2. Is there something wrong with my configuration since this is not working.
router 1
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
route-target import 300:3
ip vrf vpn2
rd 200:2
route-target export 200:2
route-target import 200:2
route-target import 300:3
ip vrf shared
rd 300:3
route-target export 300:3
route-target import 300:3
route-target import 200:2
route-target import 100:1
int g0/0
description telco
ip vrf forwarding shared
ip address 10.1.1.1 255.255.255.252
int g0/1.37
ip vrf forwarding vpn1
ip address 172.16.37.254 255.255.255.0
int g0/1.441
ip vrf forwarding vpn1
ip address 172.16.44.254 255.255.255.128
int g0/1.341
ip vrf forwarding vpn1
ip address 172.16.34.254 255.255.255.128
int g0/1.48
ip vrf forwarding vpn2
ip address 172.15.48.254 255.255.255.0
router eigrp 99
address-family ipv4 vpn1
network 172.16.37.0 0.0.0.255
network 172.16.44.0 0.0.0.128
network 172.16.34.0 0.0.0.128
autonomous system 10
no auto-summary
exit-address-family
address-family ipv4 vpn2
network 172.15.48.0 0.0.0.255
no auto-summary
autonomous system 20
exit-address-family
address-family ipv4 shared
network 10.1.1.0 0.0.0.3
no auto-summary
autonomous system 30
exit-address-family
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 65001
no auto-summary
address-family ipv4 vrf vpn1
redistribute eigrp 10
no synchronization
exit-address-family
address-family ipv4 vrf spis
redistribute eigrp 20
no synchronization
exit-address-family
address-family ipv4 vrf shared
redistribute eigrp 30
no synchronization
exit-address-family
router 2
int g0/0
description telco
ip vrf forwarding shared
ip address 10.1.1.2 255.255.255.252
int g0/1.36
ip vrf forwarding vpn1
ip address 172.16.36.254 255.255.255.0
int g0/1.47
ip vrf forwarding vpn2
ip address 172.15.47.254 255.255.255.0
router eigrp 99
address-family ipv4 vpn1
network 172.16.36.0 0.0.0.255
autonomous system 10
no auto-summary
exit-address-family
address-family ipv4 vpn2
network 172.15.47.0 0.0.0.255
no auto-summary
autonomous system 20
exit-address-family
address-family ipv4 shared
network 10.1.1.0 0.0.0.3
no auto-summary
autonomous system 30
exit-address-family
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 65001
no auto-summary
address-family ipv4 vrf vpn1
redistribute eigrp 10
no synchronization
exit-address-family
address-family ipv4 vrf spis
redistribute eigrp 20
no synchronization
exit-address-family
address-family ipv4 vrf shared
redistribute eigrp 30
no synchronization
exit-address-family
VPN1 -----router1--------WAN---
| |
VPN2 -------| |------VPN2
And I have the configuration on router 1,
My question is,
1. for VRF sharing the same WAN, Do I need to add this to VRF like my configuration or do I need to removed the WAN in VRF?
2. Is there something wrong with my configuration since this is not working.
router 1
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
route-target import 300:3
ip vrf vpn2
rd 200:2
route-target export 200:2
route-target import 200:2
route-target import 300:3
ip vrf shared
rd 300:3
route-target export 300:3
route-target import 300:3
route-target import 200:2
route-target import 100:1
int g0/0
description telco
ip vrf forwarding shared
ip address 10.1.1.1 255.255.255.252
int g0/1.37
ip vrf forwarding vpn1
ip address 172.16.37.254 255.255.255.0
int g0/1.441
ip vrf forwarding vpn1
ip address 172.16.44.254 255.255.255.128
int g0/1.341
ip vrf forwarding vpn1
ip address 172.16.34.254 255.255.255.128
int g0/1.48
ip vrf forwarding vpn2
ip address 172.15.48.254 255.255.255.0
router eigrp 99
address-family ipv4 vpn1
network 172.16.37.0 0.0.0.255
network 172.16.44.0 0.0.0.128
network 172.16.34.0 0.0.0.128
autonomous system 10
no auto-summary
exit-address-family
address-family ipv4 vpn2
network 172.15.48.0 0.0.0.255
no auto-summary
autonomous system 20
exit-address-family
address-family ipv4 shared
network 10.1.1.0 0.0.0.3
no auto-summary
autonomous system 30
exit-address-family
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 65001
no auto-summary
address-family ipv4 vrf vpn1
redistribute eigrp 10
no synchronization
exit-address-family
address-family ipv4 vrf spis
redistribute eigrp 20
no synchronization
exit-address-family
address-family ipv4 vrf shared
redistribute eigrp 30
no synchronization
exit-address-family
router 2
int g0/0
description telco
ip vrf forwarding shared
ip address 10.1.1.2 255.255.255.252
int g0/1.36
ip vrf forwarding vpn1
ip address 172.16.36.254 255.255.255.0
int g0/1.47
ip vrf forwarding vpn2
ip address 172.15.47.254 255.255.255.0
router eigrp 99
address-family ipv4 vpn1
network 172.16.36.0 0.0.0.255
autonomous system 10
no auto-summary
exit-address-family
address-family ipv4 vpn2
network 172.15.47.0 0.0.0.255
no auto-summary
autonomous system 20
exit-address-family
address-family ipv4 shared
network 10.1.1.0 0.0.0.3
no auto-summary
autonomous system 30
exit-address-family
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 65001
no auto-summary
address-family ipv4 vrf vpn1
redistribute eigrp 10
no synchronization
exit-address-family
address-family ipv4 vrf spis
redistribute eigrp 20
no synchronization
exit-address-family
address-family ipv4 vrf shared
redistribute eigrp 30
no synchronization
exit-address-family
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi all,
This will soon be a live network. We are now setting up connection to our new bldg. We have two customers that must shared one Metro-E line going to our main site. Based on security policies, their traffic must not reach other, hence, I used VRF. I'm new to VRF and we're waiting for the TELCO to finish it's job so we can interconnect the two sites.
Do you guys have configuration example relating this concern?
Basically, VPN1 must only reach VPN1 and VPN2 must only reach VPN2. But they share the same Metro-E line. So how do I go about it? Will I need to have the interface for the shared line be part of a VRF or not?
VPN1 -----router1--------WAN---
| |
VPN2 -------| |------VPN2
This will soon be a live network. We are now setting up connection to our new bldg. We have two customers that must shared one Metro-E line going to our main site. Based on security policies, their traffic must not reach other, hence, I used VRF. I'm new to VRF and we're waiting for the TELCO to finish it's job so we can interconnect the two sites.
Do you guys have configuration example relating this concern?
Basically, VPN1 must only reach VPN1 and VPN2 must only reach VPN2. But they share the same Metro-E line. So how do I go about it? Will I need to have the interface for the shared line be part of a VRF or not?
VPN1 -----router1--------WAN---
| |
VPN2 -------| |------VPN2
Can you give any information about the link/line? Is it a L2 link (i.e., could you do VLAN tagging?) or is it an L3 link? Check my earlier questions and recommendations ...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The link solve my problem.
ASKER
router eigrp 99
address-family ipv4 vpn1
redistribute bgp 65510 metric 100000 100 255 1 1500
address-family ipv4 vpn2
redistribute bgp 65510 metric 100000 100 255 1 1500
address-family ipv4 shared
redistribute bgp 65510 metric 100000 100 255 1 1500