08-17-2013 01:00 PM
Hello,
i'd like to configure a dedicated vrf for Internet access only. On my CE router i configured three vrf (Internet, red and blue) in the vrf internet i import the route target from blue and red, and the vrf blue and red i import only the default route. Everything is working fine, only one thing bothers me, i can ping from the vrf red destinations in the vrf blue and vice versa. How can i prevent this routing?
thanks in advanced.
Alex
here the config of my router.
ip prefix-list internet seq 5 permit 0.0.0.0/0
!
route-map internet permit 10
match ip address prefix-list internet
set extcommunity rt 100:200
!
ip vrf internet
rd 100:100
route-target both 100:100
route-target import 100:110
route-tarbet import 100:120
export map internet
!
ip vrf red
rd 100:110
route-target both 100:110
route-target import 100:200
!
ip vrf blue
rd 100:120
route-target both 100:120
route-target import 100:200
Solved! Go to Solution.
08-17-2013 06:07 PM
Hi Alex,
Given the FW is the next hop for the default route, the traffic from one vrf to the other goes through the FW and get routed back to the CE and then to the respective vrf router. You could add the rules on the FW to prevent
traffic being routed between FW.
Regards
08-17-2013 06:07 PM
Hi Alex,
Given the FW is the next hop for the default route, the traffic from one vrf to the other goes through the FW and get routed back to the CE and then to the respective vrf router. You could add the rules on the FW to prevent
traffic being routed between FW.
Regards
08-18-2013 04:18 AM
Hi Harold,
it was not the Firewall which returned the the traffic. There was a L3 Switch involved which returned the traffic. I bypassed the L3 Switch and the Firewall is blocking the traffic correctly.
thanks a lot
Alex
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide