12-12-2012 01:07 PM - edited 03-04-2019 06:23 PM
Hi,
I almost have it all working but.. not quite.
I have set up a guest vlan in our office.. we are routing it out to the internet through our data center. I think that is actuall working.
Here is the topology
Guest-->access switch --> core stack --> VRF over the fibre lan extension --> core stack (datacenter) --> Checkpoint FW --> GOOGLE (for example)
All that actually works. If I were sniffing google I would see the requests and respond. That is where it doesnt work
Google--> Checkpoint FW -->Core Stack datacenter -->POOF .. timeout.
A traceroute to the guest from the firewall itself shows the first hop is the non-vrf address of the datacenter stack.
So now I am stuck. How should the firewall be routing packets back to the VRF?
12-12-2012 04:59 PM
Hi,
What protocol (if any) are you running inside the vrf?
Have you defined the vrf with rd and rt in all your devices?
ip vrf guest
rd:100:100
route-target both 10:10
HTH
12-13-2012 07:10 AM
I have not set rd or rt.
I will try and let you know
12-13-2012 12:11 PM
I added those lines to both VRFs but no joy.
I read up on route dist /and route -targeing and it didnt seem to apply to my example.
any other thoughts?
12-13-2012 05:39 PM
what devices are layer-2 and what devices are layer-3?
can you post your configs?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide