Re: network virtualization-path isolation - Page 2

sameermunj · ‎02-03-2009

Hello

i have 3 tire n/w architecture for the datacenter with access=distribution-core.In the aggegation i want to separate the diffrent vlan traffic with VRF for path isolation purpose.same i want to extend to core and then to wan firewall (firewall is vrf aware)..can you share the sample scenario/configuration for the same.

ltd · ‎02-04-2009

http://www.cisco.com/en/US/partner/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html

sameermunj · ‎02-04-2009

Hello

i found this on one cisco document

Theoretically the same VLAN tag could be use for the same virtual networks on the different

physical links belonging to the same device; this is for example possible when defining

sub-interfaces on Cisco ISR routers. However, the current implementation on Catalyst 6500 does not

support that option. The output below shows the message received when trying to use the same

VLAN tag on two separate sub-interfaces:

Catalyst-1(config)#int g1/1.2001

Catalyst-1(config-subif)#encapsulation dot1Q 2001

Catalyst-1 (config-subif)#int g1/2.2001

Catalyst-1(config-subif)#encapsulation dot1Q 2001

Command rejected: VLAN 2001 not available

i think we are planning to use same 666 on diffrent physical links.will this be supported on my cat 6509(SV33AIK9-12233SXH CAT 6000-VSS720 IOS ADVANCED IP SERVICES SSH)

ltd · ‎02-04-2009

Sorry cannot help you whether its possible on that platform or not.

I know it most certainly is possible on Nexus 7000:

ltd-n7010-1# conf t

Enter configuration commands, one per line. End with CNTL/Z.

ltd-n7010-1(config)# int ethernet 2/25

ltd-n7010-1(config-if)# no switchport

ltd-n7010-1(config-if)# int eth2/25.10

ltd-n7010-1(config-subif)# encap dot1Q 100

td-n7010-1(config)# int ethernet 2/24

ltd-n7010-1(config-if)# no switchport

ltd-n7010-1(config-if)# int eth2/24.10

ltd-n7010-1(config-subif)# encap dot1Q 100