Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1040
Views
5
Helpful
5
Replies

Question about VRF and NAT

WangSteven02215
Level 1
Level 1

‎02-23-2021 10:03 AM - edited ‎02-23-2021 10:47 AM

Hi, everyone

 

I always appreciate for your support.

 

Now, each independent system will be connected through Catalyst 9300-48S-A, and Windows event log and Syslog will be transmitted to the cyber security operation center.

(In the figure below, the black line means an independent system, and devices in independent system were connected through an L2 switch. Also, there are about 20 independent systems.)


When connecting an independent system, there is a problem of duplicated IP address between several devices.

And there is a requirement to prevent communication between independent systems.


Thus, I think that to use VRF (Virtual Routing and Forwarding) would be solution to prevent communication between independent systems. Also, NAT (Network Address Translation) may be solution to resolve duplicated IP address.

(It's very likely that I'm wrong because i'm not a network expert.) 

 

There are my questions.

Question 1. If I use Catalyst 9300 like the picture below to use VRF and NAT, can the problem I mentioned be solved? 

(If the problem is not resolved, please recommend new solution. That would be very helpful.)

 

Question 2. Since there are 20 independent systems, it seems that 20 VRF should be used. If I use 20 VRF in the Catalyst 9300, is there any problems in performance?

 

Network Diagram.JPG

 

Labels:
5 Replies 5

Georg Pauwen
VIP
VIP

‎02-23-2021 01:41 PM

Hello,

 

looking at your topology diagram, and since you have only two switches, end-to-end VRFs for each customer look like the best option, and the simplest one to configure. I don't really see how NAT can help.

 

20 VRFs...hard to say what the impact is. You should be ok, since the real limit is the TCAM size, and you only have one or two routes per VRF anyway...

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎02-23-2021 02:12 PM

 

Georg

 

If you use end to end VRFs what VRF is the syslog server going to be in ? 

 

Are you assuming it will have a trunk connection and a member of all VRFs ? 

 

Or am I misunderstanding ? 

 

Jon

0 Helpful

paul driver
VIP
VIP

‎02-23-2021 02:06 PM

Hello

Can you confirm if the cyberops server requires to iniciate any traffic flow or will it be just be a responce to an establish connection from the client?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

WangSteven02215
Level 1
Level 1
In response to paul driver

‎02-23-2021 02:17 PM

Thank you for your reply

 

The Server (installed in cyber security operation center) operates only for receiving logs.

0 Helpful

paul driver
VIP
VIP
In response to WangSteven02215

‎02-24-2021 12:32 AM - edited ‎02-24-2021 12:32 AM

Hello
I’ve got to ask the question why you wish to have 20 areas running duplicate addressing I assume this is not a production set up presently but if it is how is it being segregated now?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card