03-20-2013 07:18 AM - edited 03-07-2019 12:22 PM
Good morning gentlemen,
I have peculiar challenge ahead of me and would like to get new perspectives.
The objective is to route specific VLAN traffic and the caveat is that I have multiple VLANs with the same network address.
For example:
VLAN100 10.10.10.0/28
VLAN101 10.10.11.0/28
VLAN102 10.10.12.0/28
VLAN103 10.10.12.0/28
VLAN104 10.10.11.0/28
I need traffic going from VLAN100 with a destination of 10.10.11.0 forwarded to VLAN101 and NOT VLAN104.
This task is currently being completed by a multi context firewall and we're trying to decommission the asset.
Thanks,
Solved! Go to Solution.
03-20-2013 08:54 AM
Hi Vahid,
You can use VRF lite. You can put vlan 100 and 110 in the same VRF and vlan 104 in a different vrf.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/vrf.pdf
HTH
03-20-2013 08:25 AM
If these networks reuse the same private IP space and have no connection to each other, the only way I can think to have them route correctly to each other is to configure a NAT to translate them out to distinct subnets, then route between the NATed networks.
03-20-2013 08:30 AM
It'll be very cumbersome with 400+ vlans. If we proceed with NATing... how will it affect the performance of this particular switch (4948-10G).
Is there anyway of grouping VLANs for interVLAN routing?
Thanks,
03-20-2013 08:54 AM
Hi Vahid,
You can use VRF lite. You can put vlan 100 and 110 in the same VRF and vlan 104 in a different vrf.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/vrf.pdf
HTH
03-20-2013 09:27 AM
Thank you Reza,
Is it possible to policy route (or NAT) specific traffic across the VLAN domains with VRF-lite implementation?
The majority of the routing is done in a VLAN group and occasionally I need to communication with a single node on the other VLAN domain/group.
03-20-2013 09:42 AM
Hi Vahid,
With VRF lite, you don't have to worry about duplicate ip subnets. That is actually one of the benefit of VRFs. You can use the same subnet in multiple VRFs. If you need one vlan group (one vrf) to talk to another vlan group (another vrf), you would need to leak the vrfs by using import/export.
Here is good document on route leaking between vrfs with examples:
http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml
HTH
Reza
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: