How to stop routing between subinterfaces without using firewall feature?

irakli_n · ‎10-08-2018

Hello everybody,

I have 1000V (or similar) router which has legs using subinterfaces in 10 or more VLANs. The intended deployment is LISP mobility by stretching subnets to multiple locations and IPSEC/SSL VPN accessing these VLANs from Internet.

However, there is a requirement that this router should not allow communication between subinterfaces do to the fact that each project/network/VLAN is separate project belonging/operated by different customers.

Is there a way to accomplish this without using firewall or access lists? Also, the router is not the default gateway for these networks/VLANs.

Thanks

paul driver · ‎10-08-2018

Hello

@irakli_n wrote:

Hello everybody,

I have 1000V (or similar) router which has legs using subinterfaces in 10 or more VLANs. The intended deployment is LISP mobility by stretching subnets to multiple locations and IPSEC/SSL VPN accessing these VLANs from Internet.

However, there is a requirement that this router should not allow communication between subinterfaces do to the fact that each project/network/VLAN is separate project belonging/operated by different customers.

Is there a way to accomplish this without using firewall or access lists? Also, the router is not the default gateway for these networks/VLANs.

Thanks

Yes using vrf lite have a look at example I shared in a previous post: - here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul