Scenario of Inter-Vlan routing between PIX and L3 (SW 6509)
Under the core routers sub-interfaces, the voice vrf is directly going to LVI of 6509 switch. But NON-MPLS traffic is directly going to gateway of backbone zone of pix.
The details we have mentioned below
1) For Voice vrf traffic we have created the sub-interface fe0/0.50 in CR2 and the gateway for that network is in vlan 50 (LVI) in Core Sw 6509. Also we have created the sub-interface fe0/0.6 for the non-mpls ip traffic (ip routing). what ever the vlans (Different LVI for VLANs) are coming under the inside zone , those vlans are routed to the inside zone interface of PIX with the help of ospf process 1, area1, because the default-route for that vlans is in PIX.But the backbone interface of PIX is in Area0.
2) we are creating separate zone in the existing pix for placing of NMS,EMS servers and only one vlan will be created in the 6509 switch without ip address (Transparent) for placing the NMS/EMS servers. But the gateway of this vlan is pointing to the NMS/EMS zone of pix firewall. That means in switch this vlan is acting as a transparent only.If any packet is coming to the NMS/EMS zone, that will come via BACKBONE zone interface of PIX.
Please suggest how we can map the NMS/EMS vlan (under the NMS/EMS Zone) to core routers sub-interface ,that sitting under the backbone zone of same pix also how can it be possible to route the non-mpls packet to NMS/EMS vlan (part of the NMS/EMS vrf).
Our requirement is to make the communication in between vrf and non-vrf traffic in a same vlan. Is it actually possible for a single vlan to be the part of vrf traffic and non-mpls ip traffic at the same time? Please suggest us.
Some general remarks:
1) For a VLAN it is irrelevant, if there is IP or MPLS traffic as both are only payload. It also does not matter, if the interface of a device connected to a VLAN is part of a VRF or not.
2) enabling of MPLS on an interface does not stop IP forwarding, i.e. an MPLS enabled interface can have both, IP and MPLS neighbors at the same time.
So the answer to your question is: Yes, MPLS and non-MPLS traffic in one VLAN is possible at the same time.
Hope this helps!
But in our case one pix firewall device is coming between the core router and 6509 switch.our mpls packet ending up to core router's only.from this router one trunk link is going to backbone zone of pix.But my depatments servers are sitting under the inside of pix.this inside zone lot of different vlan servers are connected.we are routing this vlan networks with the help of ospf area1(full inside zone vlans).But backbone zone networks are in area0 of ospf.that means this pix acting as a ABR.
But i can map the department vrf in the sub interface of core router .but pix is coming between core router and 6509 L3.But i need to create the seperate VRF for servers,these servers are in different vlan,which is under the inside zone of pix firewall.
please wrote your suggestion
Kerala State wide area networks