Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
896
Views
4
Helpful
2
Replies

Split Router using VRF

inlandprinting
Level 1
Level 1

‎10-12-2015 08:02 AM - edited ‎03-05-2019 06:57 AM

hey,

 

I've got a router with four interfaces.  two of these interfaces are used for the wan connection, i.e. our external ip address, and the Telco's ip address.  the other two interfaces are used for site to site communication and so one points to our core switch, and the other to a vlan used for inter site communication.  I've been told I should be using VRF to keep these two sets of interfaces separate since they should never talk between each other.  i'm replacing our 2901 with a 4431 and this would be an ideal time to implement.  any recommendations?  is this necessary or is it an over complication?

 

Thanks,

Labels:
0 Helpful
2 Replies 2

nsateam01
Level 1
Level 1

‎10-21-2015 01:29 PM

I agree if you want to keep the networks separate, a VRF would be the best solution. Not sure how your topology is, but if you have multiple VLANs and and trunking to the router then you are routing between them. The only way to avoid is maybe do ACL's or set up separate routing tables using a VRF's.

 

How is this setup now on the WAN part? Are those 2  WAN Connections in separate VRF's today? I assume they are not as you would need to configure a LAN port in the VRF.

 

Our provider today has our MPLS and Internet on separate VRF's. We put one of the LAN ports in the internet VRF and that plugs into our firewall.

 

Hope this helps.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nsateam01

‎10-21-2015 01:45 PM

I do not understand the relationship of the interfaces and vlans and without understanding that it is difficult to give good advice. If there are two interfaces for WAN then how do they relate to each other? What traffic should use the first WAN and what traffic should use the second WAN? What does the core communicate with? And what does the inter site communicate with?

 

I would agree that in general using VRF is an excellent way to separate traffic. But whether this is an appropriate solution for this situation is difficult to determine based on how little we know.

 

HTH

 

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card