Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3617
Views
0
Helpful
6
Replies

Catalyst 6500, VSS, VRF and FWSM.

andrea.meconi
Level 2
Level 2

‎11-23-2009 05:43 AM - edited ‎03-06-2019 08:41 AM

I have a requirement for two, or more VRF instances with a bunch of vlans in each.
I wish the MSFC to do the intervlan routing (within the VRF) and the FWSM to be the path for inter VRF and global communications.
Can someone validate my solution and suggest a solution with a transparent context?
Where can I find more informations?
Many thanks for help.
Andrea

Labels:
36003-config.cfg.zip
32 KB
0 Helpful
6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-23-2009 08:20 AM

Hello Andrea,

I cannot open your attachment files that are marked as queued.

However, we have VRFs and FWSM with some routed and some transparent contexts.

We have only two interfaces in each transparent context.

The transparent context can be used to allow multicast traffic and to join in a controlled way two VRFs or one VRF and the global routing table

we have been able also to leave EIGRP messages between two VRFs to flow

Hope to help

Giuseppe

0 Helpful

andrea.meconi
Level 2
Level 2
In response to Giuseppe Larosa

‎11-23-2009 08:26 AM

Please, could you post an example with transparent context?

Thanks for help.

Andrea

PS. Sorry, files are always QUEUED! And I don't known why?

For attachment, please visit this post https://supportforums.cisco.com/message/1319530#1319530.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to andrea.meconi

‎11-23-2009 08:58 AM

Hello Andrea,

the key points are :

IRB is used to configure inter-vlan bridging

an ACL to permit BPDU is strictly needed it provides conversion of BDPU to avoid L2 supervisor to detect the two L2 domains are joined (rewrites vlan-id inside proprietary bpdu)

one MSFC SVI needs to have a modified source MAC address in order to exchange messages with SVI in other VRF.

see attachment I've removed object groups

Hope to help

Giuseppe

36024-cfg-fwsm-transparent-context.txt.zip
0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎11-23-2009 09:07 AM

Hello Andrea,

Please refer to this document for detail explanation of using firewalls in transparent mode or routed mode in multi-VRF configuration.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/ServEdge.html

HTH

Reza

0 Helpful

andrea.meconi
Level 2
Level 2
In response to Reza Sharifi

‎11-23-2009 09:42 AM

Hello Reza,

it's a very interesting document.

Many thanks.

Andrea

0 Helpful

andrea.meconi
Level 2
Level 2
In response to Giuseppe Larosa

‎11-23-2009 09:33 AM

Many thanks for your help Giuseppe.

Regards.

Andrea

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card