Need help on VRF lite

Similar Messages

• Need help with flash lite 2.0 update for flash

  Hello
  I am having trouble with the flash lite 2.0 update. I
  installed the update sucessfully and restarted my system. When I
  open flash(pro), there are no templates, api's, or emulators of the
  flashlite 2.0 phones. Please let me know how I can fix this
  problem. Thanks

  Welcome to the forum.
  First thing that I would do would be to look at this Adobe KB Article to see if it helps.
  Next, I would try the tips in this ARTICLE.
  If that does not help, a Repair Install would definitely be in order.
  Good luck,
  Hunt

• Extending VRF-lite to 6500??

  Hello,
  I have a simple scenario, where there is a 6500 connected to a router (ISP end), which we have planned to implement vrf-lite on.... there are basically 2 VLANs on the LAN, one production and one guest... we need to isolate the routing table instances between the production and guest.. we have planned to configure trunk between the 6500 and PE router at the ISP end. 6500 acts as a CE here.
  Now, I want to extend the VRF information from the PE to the 6500 CE, since the layer 3 VLANs terminate on the 6500. i will define the same VRF information on the 6500 and isolate VRF routing tables for the guest/production vlan on the LAN also.. I know we will require to configure VRF, RD, BGP etc on the PE router and do a "ip vrf forwarding" on the subinterface of the router. What is the configuration required on the 6500 to extend the VRF-lite information to the end vlans ????? does anyone have any sample configs or links to which i can refer ?
  Raj

  Well,
  first a sample config (not from a 6500, but you should be able to get the idea):
  ip vrf Cust1
  rd 65000:1
  ip vrf Cust2
  rd 65000:2
  interface FastEthernet0/0.100
  encapsulation dot1Q 100
  ip vrf forwarding Cust1
  ip address 10.1.1.1 255.255.255.252
  interface FastEthernet0/0.200
  encapsulation dot1Q 200
  ip vrf forwarding Cust1
  ip address 10.1.2.1 255.255.255.252
  interface FastEthernet0/0.300
  encapsulation dot1Q 300
  ip vrf forwarding Cust2
  ip address 10.20.1.1 255.255.255.252
  interface FastEthernet0/0.333
  encapsulation dot1Q 333
  ip vrf forwarding Cust2
  ip address 10.1.1.1 255.255.255.252
  !On a 6500 you could also have:
  interface vlan 400
  ip vrf forwarding Cust2
  ip address 10.1.123.1 255.255.255.252
  router rip
  address-family ipv4 vrf Cust1
  version 2
  network 10.0.0.0
  no auto-summary
  exit-address-family
  address-family ipv4 vrf Cust2
  version 2
  network 10.0.0.0
  no auto-summary
  exit-address-family
  The separation in the control plane (routing etc.) is achieved through the normal VRF configuration. Overlapping IPs and such are supported by having separate IP routing tables per VRF and VRF aware routing protocols like RIP, OSPF, etc.
  In the data plane traffic is sorted by layer2 encapsulation. In the example above, the dot1Q VLAN tag will deliver the same functionality as the MPLS VPN labels. If f.e. an IP packet with destination 10.1.1.1 arrives, the VLAN tag 100 or 333 will allow the VRF-lite CE to determine, whether it belongs to Cust1 or Cust2. The same differentation will take place for traffic from the CE to the PE. So the PE config is practically the same, BUT in addition MP-BGP and route-targets and MPLS towards the core is used.
  So no MPLS is needed on the VRF-lite CE router, no labels will be used, hence VRF-lite.
  The PE will not be the PHP LSR in the MPLS sense, because it is the LAST router in the MPLS network.
  Instead of the FastEthernet also VLAN interfaces can be used. The number of interfaces per VRF or the number of VRFs are limited by memory.
  Hope this helps! Please use the rating system.
  Regards, Martin

• What is VRF-Lite

  Can anyone explain what is the difference between VRF and VRF Lite. What is the main purpose/application of VRF Lite?
  Thanks in advance
  AK

  Vrf-lite is a leaner cut down version of MPLS-VRF.
  Where in MPLS-VRF you need labels for VPN traffic switching, you dont need labels in VRF-lite.
  VRF-lite mainly relies on routing using multiple virtual routing instances created for each vrf for switching traffic. There is no label switching for VRF-lite.
  Since there is no label switching, you need to populate VRF's on every hop on your network. For example |Lan--PE1---PE2---PE3--Lan|
  PE1 has 2 vrf's connected to a local lan, to route these VRF's to the other end(PE3), you will need to have dedicated interfaces(or subinterfaces on each hop and enable routing instances for each VRF on each hop.
  But with MPLS-VRF you need to just enable the VRF's on PE1 and PE3 with MPBGP and Label Switching enabled.
  So the advantage of VRF-Lite is to have virtualization of your sub-networks a smaller scale. If you have a big network, you may very well consider implementing MPLS (even though you may be an enterprise).
  HTH-Cheers,
  Swaroop

• Need Help!!! Oracle8i Lite

  Hi there,
  I defined a connection against an oracle8i lite (4.0.1.x). This connection works fine - I can see the tables within the table-browser.
  Try to create a new bc4j-package against this oracle8i lite with just 1 very small entity (table test with the column test_id). The business components package wizard "hangs" up when trying to load the keys at creating the entity object. This is the last action this wizard ever does:-(
  I need help!!!
  My environment is Win2k, Oracle8i Lite, Jdev 9.0.2.
  Any ideas???

  Hi guys,
  I downloaded 8iLite on my laptop just last week and had similar problems trying to log in to SQL Plus 8.0
  This is what worked:
  Upon install, Oracle provides us with a starter database called polite.odb - but to use this, you must do the following.
  1. Open the ODBC Data Source Adminstrator, click on Drivers tab to make sure that Oracle Lite 40 ODBC Driver is present.
  2. Click on the User DSN tab, click on Add, select Oracle Lite 40 ODBC Driver, and type the following:
  Data Source Name: POLITE
  Description: (whatever)
  Database Directory: (this should be your Oracle Home directory) for example: D:\orant\oldb40
  Database: polite.odb
  now you can log into SQL PLUS like so:
  Username: SYSTEM
  Password: (type anything here) for example: abc
  Host String: ODBC:POLITE
  for further info, look at: http://technet.oracle.com/products/8i_lite/
  documentation -- user's guide -- before you begin -- Installing Oracle Lite -- using the starter database
  Good Luck!
  null

• Need help in designing VLANS for 20 dept

  I have 1000 nodes for which i am planning a Campus wide network , with 1 Layer three switch, some 15 L2 switches . I have some 20 different departments and need different ip schemes for all of them. I need this with security enabled so that the departments resources are safe. Please do suggest me how can i go for it . . .
  Do suggest what IP scheme i can allot , if one dept is having 60 users and another is having 490 users .
  Thanks in Advance,
  Max

  Hello Sai Krishna,
  first of all you need a classless routing protocol like RIPV2, EIGRP or OSPF so that you can use different subnet masks as needed without wasting ip addresses.
  Then you need to create an address plan that fits all your needs and leave space to grow.
  Likely you will be using private ip addresses as described in RFC 1918.
  For example you can use:
  172.20.0.0/20
  first you divide this space in /23 subnets that are good to host 490 users
  172.20.0.0/23
  172.20.2.0/23
  172.20.14.0/23
  for vlans with 60 users it is wise to leave space for additional hosts if needed in the future so I would use a /25 for them
  let's take
  172.20.12.0/23 further subnetting this with a /25 means moving to the right of two bits and gives four subnets:
  172.20.12.0/25
  172.20.12.128/25
  172.20.13.0/25
  172.20.13.128/25
  this can accomodate 4 subnets/departments.
  I wouldn't use subnets bigger then a /23 because otherwise the broadcast overhead becomes very great.
  Having a multilayer switch you can also think to put the 490 users in two vlans/subnets.
  About the security this depends on the security levels you want to build:
  complete segregation of departments can be achieved with VRF lite (actullay different routing tables for each department).
  Some level of control can be achieved by using ACLs applied on the SVI logical vlans interfaces on the L3 switch.
  Hope to help
  Giuseppe

• AAA Authentication and VRF-Lite

  Hi!
  I've run into a strange problem, when using AAA Radius authentication and VRF-Lite.
  The setting is as follows. A /31 linknet is setup between PE and CE (7206/g1 and C1812), where PE sub-if is a part of an MPLS VPN, and CE uses VRF-Lite to keep the local services seperated (where more than one VPN is used..).
  Access to the CE, via telnet, console etc, will be authenticated by our RADIUS servers, based on the following setup:
  --> Config Begins <---
  aaa new-model
  aa group server radius radius-auth
  server x.x.4.23 auth-port 1645 acct-port 1646
  server x.x.7.139 auth-port 1645 acct-port 1646
  aaa authentication login default group radius-auth local
  aaa authentication enable default group radius-auth enable
  radius-server host x.x.4.23 auth-port 1645 acct-port 1646 key <key>
  radius-server host x.x.7.139 auth-port 1645 acct-port 1646 key <key>
  ip radius source-interface <outside-if> vrf 10
  ---> Config Ends <---
  The VRF-Lite instance is configured like this:
  ---> Config Begins <---
  ip vrf 10
  rd 65001:10
  ---> Config Ends <---
  Now - if I remove the VRF-Lite setup, and use global routing on the CE (which is okey for a single-vpn setup), the AAA/RADIUS authentication works just fine. When I enable "ip vrf forwarding 10" on the outside and inside interface, the AAA/RADIUS service is unable to reach the two defined servers.
  I compared the routing table when using VRF-Lite and global routing, and they are identical. All routes are imported via BGP correctly, and the service as a whole works without problems, in other words, the AAA/RADIUS part is the only service not working.

  Just wanted to help future people as some of the answers I found here were confusing.
  This is all you need from the AAA perspective:
  aaa new-model
  aaa group server radius RADIUS-VRF-X
  server-private 192.168.1.10 auth-port 1812 acct-port 1813 key 7 003632222D6E3839240475
  ip vrf forwarding X
  aaa authentication login default group RADIUS-VRF-X local
  aaa authorization exec default group X local if-authenticated
  Per VRF AAA reference:
  http://www.cisco.com/c/en/us/td/docs/ios/12_2/12_2b/12_2b4/feature/guide/12b_perv.html#wp1024168

• Native Multi-VRF-Lite Design with EIGRP Question

  Hello,
  we think about to implement a VRF-Lite design (no MPLS and MBGP) in our campus network (10,000 ports, 20x 6500Sup720, 400x L2-Switches). MPLS is from our point of view oversized for our requirements. We need only a segmentation from different departments. Our IGP is eigrp.
  In the latest IOS-Release for the cat6500 (12.2.18SXD) is finally a VRF-Lite support for EIGRP inside.
  We could test successful a design with different VRFs in our lab, the division workes fine. But we didn't found a way to implement shared service. These are in our case DHCP, DNS, InternerAccess and some others. We thought about a redistribution between our global EIGRP routing table and the EIGRP-vrf tables, but we didn't found a way to do this.
  How can we do this?
  Thanks

  Use a crossover cable to connect a port belonging to the global routing table to a port belonging to a VRF. This way you can leak EIGRP routes from the global routing table into the VRF (through that physical connection). The drawback is that you use 2 ports (that could instead be used for other things...).
  Another way to this, would be to use static routing; use ip route vrf VRF x.x.x.x m.m.m.m n.n.n.n global to allow traffic to go from the VRF into the global routing table.
  Hope that helps...

• VRF-Lite on one 6509; How to route traffic from global to VRF.

  To anyone that can lead me in the right direction:
  I have a 6509 switch with IOS " s3223-adventerprise_wan-mz.122-33.SXJ2.bin"  on it. I am running VRF-lite on it and would like to route some subnets from the global route table to the VRF route table. How can I do this and stay on the same physical switch.  I am using EIGRP for the global network and route table and static routing within the the VRF.  Any suggestions or recommendations?  Thanks in advance for your help in this matter...

  Hello,
  You need to use (Static route) in both directions, One Static in the VRF table points to the Global interface, and another one in the Global point to the VRF interface for the recieved traffic. After that, you Can Redistribute the Global Static route into Eigrp for end-to-end connectivity!
  Example:
  Consider you have 2 interfaces in your Core SW-6509: One is G0/1 and the other is G0/2
  G0/1 is placed into the Global table , and G0/2 is part of VRF (X)
  interface G0/1
  IP address 1.1.1.1 255.255.255.0
  inteface G0/2
  ip vrf forwarding X
  ip address 2.2.2.2 255.255.255.0
  Consider Subnet Y.Y.Y.Y in the Global and you want to have it accessible from the VRF!
  configure this:  (ip route vrf X  y.y.y.y y.y.y.y.y G0/1 Global)
  Configure also this for the return traffic from the Global table: (ip route 2.2.2.2 z.z.z.z G0/2)
  You Can then redistribute the Global static into the Eigrp as below:
  router Eigrp 1
  no auto summary
  redistribute static metric 1.1.1.1.1
  HTH
  Mohamed

• Running vrf-lite and dhcp server see 0.0.0.0 as giaddr

  Im running vrf-lite and our dhcp server see only 0.0.0.0.  Im able to ping vlan10, and see the dhcp request. Running on a 2811.  I have limited access to device.  Do I need to turn on Dhcp-relay?  Verifing ip forward-protocol.  Do i need to add " vrf WISP to my helper-address?  The interface it sends Dhcp request is also within the vrf.  The dhcp scope is part of Vlan10 subnet
  int vlan 10
  ip vrf forward WISP
  ip add x.x.x.x s.s.s.192
  ip helper-address x.x.x.x

  Yes and no.  It uses another interface thats within the same vrf Wisp.  On the other end of the vrf it is forwarded to our global dhcp server.  in bold is where the unicast packet are going using the defaultroute
  int fast0/0.1
  encap dot1q 1
  ip vrf forwarding WISP
  ip add 172.16.6.2 255.255.255.252
  int vlan 10
  ip vrf forward WISP
  ip add 66.223.195.129 255.255.255.192
  ip helper-address 208.138.129.49
  ip route vrf WISP 0.0.0.0 0.0.0.0 172.16.6.1

• Question to understand VRF and VRF-lite features

  Hi,
  when I look at METRO switches  Feature list I see that most of them support only "VRF-Lite".
  Does it mean that they can't work with MPLS lables and can't be placed as PE devices in cases  where we need VPN services or any kinf of "Lable-switching" services?
  Which role then does those METRO switches play in a network?

  Hello Konstantin,
  VRF lite is a subset of MPLS L3 VPN features missing MPLS forwarding plane capabilities.
  An end to end dedicated IP path is needed for each VRF, practically a VRF-lite capable device should be connected to a fully capable PE node by using a L2 trunk and dedicating at least two Vlan and two  SVI for each VRF: one towards customer and one towards PE.
  you get a multi VRF CE that can be shared by multiple customers
  a fully capable PE node uses N+1 links for N VRFs, a multiVRF CE requires 2*N logical interfaces for N VRFs
  only one MPLS enabled backbone link is needed for handling traffic of multiple VRFs in a fully capable PE node.
  in metro ethernet VRF lite multi VRF CE are used as feeders sort of satellite of PE nodes to provide an access layer to customers
  Hope to help
  Giuseppe

• VRF-Lite versus VLANs at access edge

  What would be the advantage in using VRF-Lite at the CE (e.g. a 3750 switch) and trunking a series of /30 pt-pt VLANs (one for each VRF) from the PE to the CE switch, and then defining customer VLANs on the 3750 versus defining the customer VLANs on the PE device and simply trunking the customer VLANs down to the 3750 switch. In the latter scenario, the IP Services feature set would not be required on the 3750 as VRF-Lite would not be necessary at the edge; just VLAN separation, with IP routing disabled.
  A couple of possible benefits for using routed /30 links to the CE:
  (i) if the routing is complex at the CE site and more subnets need to be advertised towards the PE (i.e. it's more than a single VLAN);
  (ii) SP does not need to get involved in customer routing, but in a small Enterprise MPLS scenario, the customer and the provider may be one and the same, so may be less of an issue;
  (iii) A dual-homed CE device may need routes advertised towards two separate PEs.

  Hello Matthew,
  a multi VRF CE also known as VRF lite is a shared device: it can be partitioned between different customers reducing cost of ownership for each of them.
  It is typically owned and managed by a service provider.
  It can fit to multi-tenant office facilities.
  If yours is an enterprise scenario and the device is not going to be shared you can save some money making the C3750 a simple L2 switch and terminating all L3 interfaces on the PE itself.
  On the other hand a VRF lite CE can reduce the number of L3 interfaces that need to be defined on the PE providing a scalability advantage (every platform has a maximum number of interfaces supported regardless they are in VRF or in global routing table)
  Hope to help
  Giuseppe

• Vrf-Lite with MPLS requires a PE at the customer side?

  Folks,
  Looking at a cisco doc, which gives a sample configuration of VRF lite with MPLS (multiple customers in the same building using same MPLS cloud). My question is that how is it done in the real world. Does the provider place a PE at the customer site? cause the connection between the CE and PE has to be a link that can carry dot1Q (ethernet or fast etheret) atleast the example shows that.
  Any real world experience would be highly appreciated.
  Thanks,

  Hi,
  the customer needs no PE router installed at his site.
  You can use vrf-lite (aka multi-vrf) even on a Cisco router, which does not support MPLS at all. On the CE each dot1Q subinterface can be placed in a vrf. All you need is a routing process started within the vrf being adjacent to the PE.
  Example CE:
  ip vrf CE-VRF1
  rd 65000:1
  interface FastEthernet0.100
  encapsualtion dot1Q 100
  ip vrf forwarding CE-VRF1
  ip address 10.1.1.1 255.255.255.0
  router ospf 100 vrf CE-VRF1
  network 10.1.1.1 0.0.0.0 area 1
  The PE would have MBGP and different RD and RTs defined, whatever is needed to setup VRFs in the provider network. Infact PE and CE each do not know about each others VRF configs at all.
  VRFs on the CE define a separate IP routing context (control plane). The separation on the data plane is done via dot1Q headers (frame-relay, ATM PVC etc. would do as well) on the link between CE and PE. In an MPLS network data plane separation is done via labels.
  Hope this helps
  Martin

• IP VRF-Lite

  Hi,
  we had a network with Cat4500 SupV as Core and Cat3750/Cat3750G (not metro!) as Distribution platform.
  I'm finding out if using VRF Lite is possible to separate two entities that use the same physical network and span the whole net to have one, max. two, contact point between these entities...to implement security policy
  Should this work with the platform we had or to implement a VRF network we should have had Cat6500 ???
  If this not work the only solution available is to use RACL at each Distribution node where there are both entitites to separate the traffic
  thanks for any help

  Hello,
  yes what you want to do is possible.
  You will need the "multi-VRF aka VRF lite" where IP routing is performed. So in case the Cat3750 are pure Layer2 switches the VRFs are not needed there.
  Think of a VRF as a sort of virtual router to which certain VLAN/ethernet interfaces are attached.
  To separate two entities you would create two VRFs in the Catalyst 4500 according to "Configuring VRF-lite"
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d03c.html#wp1062144
  and also in the Catalyst 3750 along the description in "Configuring Multi-VRF CE"
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00804764c7.html#wp1320198
  Note that there has being a name change from VRF-lite to Multy-VRF. This is however exactly the same feature - afaik marketing wanted the change because it sounds better.
  Did this help? Then please rate the post.
  Martin

• Need help with Math related operations...

  I'm learning JAVA for more than 3 weeks and I really need help...
  I'm using SDK1.4 with Elixir IDE Lite (+patch installed).
  In the following screenshot <http://www.geocities.com/jonny_fyy/pics/java1.png>, I've got this error (when I right-click -> Compile) . Do you know what it means & how can I solve it?
  Here's how it should look if correct (pic scan from lab worksheet)... <http://www.geocities.com/jonny_fyy/pics/lab.jpg>
  Here's my java file... <http://www.geocities.com/jonny_fyy/FahToCeltxt.java>
  Thanks for helping :>

  Hi jonny
  One step ahead:
  import java.awt.*;
  import java.applet.*;
  import java.awt.event.*;
  public class FahToCeltxt extends Applet implements ActionListener {
       TextField msgField ;
       String msg = null;
       int msgValue;
       Label title;
       Button b;
       public void init() {
            title = new Label("Enter degrees in Fahrenheit: ");
            add(title);
            msgField = new TextField (10);
            add(msgField);
  //          msgField.addTextListener(this);
            b = new Button("Convert");
            b.addActionListener(this);
            add(b);
  //     public void textValueChanged(TextEvent event) {
  //          msgValue = Integer.parseInt(msgField.getText());
  //          repaint();
       public void paint (Graphics g) {
            int result = (msgValue - 32) * 5/9 ;
            g.drawString("Degree Centigrade is " + result , 50, 50);
    public void actionPerformed(ActionEvent e) {
            msgValue = Integer.parseInt(msgField.getText());
            repaint();
  }Regards.