VRF-Lite on one 6509; How to route traffic from global to VRF.
To anyone that can lead me in the right direction:
I have a 6509 switch with IOS " s3223-adventerprise_wan-mz.122-33.SXJ2.bin" on it. I am running VRF-lite on it and would like to route some subnets from the global route table to the VRF route table. How can I do this and stay on the same physical switch. I am using EIGRP for the global network and route table and static routing within the the VRF. Any suggestions or recommendations? Thanks in advance for your help in this matter...
Hello,
You need to use (Static route) in both directions, One Static in the VRF table points to the Global interface, and another one in the Global point to the VRF interface for the recieved traffic. After that, you Can Redistribute the Global Static route into Eigrp for end-to-end connectivity!
Example:
Consider you have 2 interfaces in your Core SW-6509: One is G0/1 and the other is G0/2
G0/1 is placed into the Global table , and G0/2 is part of VRF (X)
interface G0/1
IP address 1.1.1.1 255.255.255.0
inteface G0/2
ip vrf forwarding X
ip address 2.2.2.2 255.255.255.0
Consider Subnet Y.Y.Y.Y in the Global and you want to have it accessible from the VRF!
configure this: (ip route vrf X y.y.y.y y.y.y.y.y G0/1 Global)
Configure also this for the return traffic from the Global table: (ip route 2.2.2.2 z.z.z.z G0/2)
You Can then redistribute the Global static into the Eigrp as below:
router Eigrp 1
no auto summary
redistribute static metric 1.1.1.1.1
HTH
Mohamed
Similar Messages
-
2 Gateways Sharing One Subnet - How to route traffic in and see each other?
Hello,
First, thanks for your feedback in advance.
I am rolling over from CheckPoint Security Gateways to Fortinet Gateways so I have set up one of each within my datacenter subnet as I wanted to keep the same subnet 192.168.10.0/24 and just roll over from CheckPoint to Fortinet.
My current production datacenter gateway (checkpoint) resides on 192.168.10.1/24 with it's own External IP. 100+ ip-sec vpn tunnels communicate through this gateway and happily talk to several servers on the datacenter side (ex. 192.168.10.20, 192.168.10.22,
etc)
Since I am preparing to roll over from CheckPoint to Fortinet, I've placed the new gateway in the same datacenter at 192.168.10.2/24, with its own external IP. I've also dropped in a test server at 192.168.10.121 with the gateway pointing to the new Checkpoint.
It happily gets out to the internet via the new gateway, 192.168.10.2.
I can get out to the world via each gateway when I am behind my datacenter and I configure the gateways on each server. And, they can all see each other and communicate within the 192.168.10.X network.
However, I cannot go from the a Checkpoint tunnel network (ex: 192.168.50.X) go through the CheckPoint datacenter gateway, 192.168.10.1 (via its tunnel) and hit my Fortinet Test server at 192.168.10.121 (fortinet test server gateway set to 192.168.10.2).
I have the IP statically set in the CheckPoint's DNS server at 192.168.10.20 to 192.168.10.121, but from the 192.168.50.X or any CheckPoint subnet, I can't ping or connect to it.
Vice-versa, I can go from a fortinet subnet (192.168.195.X) and hit my test server 192.168.10.121. However, I cannot go from a Fortinet tunnel network 192.168.195.X, go through my new Fortinet datacenter gateway, 192.168.10.2 (via its tunnel), and
hit any of my CheckPoint-side servers, 192.168.10.20, 192.168.10.22, etc.
Specifically, all of my scanners at the 100+ sites scan and send via an smtp server within my datacenter (192.168.10.56). When I deploy the new gateway, the scanner at the office cannot access this IP address to send the email.
Is there a way to sync two AD/DNS servers within my Datacenter but with different gateways? In theory, I'd like the request to come in from the outside (whether a checkpoint network or the new fortinet) it will look into its respective AD/DNS and
point it to the 192.168.10.56 smtp server.
It does not have to be AD/DNS, but that was the first idea that popped in my head. I am definitely open to the most efficient and stable method as I have to roll over 100 sites.
Thank you again!Hi Strike First,
One issue is that we have over 100 remote sites that we are converting from CheckPoint to Fortinet. And, we do not have the man power to do a single night cutover as these are offices in remote locations.
I am a little confused on the layout you are proposing:
Set up fortinet as the backend firewall, point all internal gateways to this backend firewall, then have this firewall NAT through the current CheckPoint firewall?
Thank you very much for your guidance. -
How to route traffic across subnets when one NIC is a hyper-V virtual switch?
Having a bit of a problem with a hyper-V environment which does not seem to route network traffic on two different subnets between each other.
If it were a purely physical server with two NICs and a gateway set traffic would automatically be forwarded between the two different subnets.
However when one of those NICs is a hyper-V virtual switch this simple routing no-longer seems to work and no traffic gets forwarded between subnets?
Situation is:
Hyper-V server with two NICs
NIC 1 = 192.168.0/24 - main Internal company network.
NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router
Virtualized Domain Controller.
One or two virtualiszed NICs as necessary
How then does traffic get routed between these two subnets? If RRAS has to be configured to do this where is the best place to do it, on the hyper-V host or on the virtualized domain controller?
Thanks,Hi ,
You can create an internal virtual switch and configure an IP for it (I assume it is 192.168.1.2/24) .
After you enable RRAS in hyper-v host there will be two gateways for different subnets .
" NIC 2 (hyper-V virtual switch.) = 192.168.1/24 - connects to ADSL internet router "
The problem is here ,if these VMs need to access internet .
So , these VMs can not configure their gateway same as the IP of internal virtual switch , you may set VM's gateway as the ADSL internet router's IP meanwhile add a static route entry for every VM .
Please refer to the Syntax :
route add -p 192.168.0.0 mask 255.255.255.0 192.168.1.2
Hope this helps
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
GRC CUP how to pull manager from Global directory or Active directory
Hi,
how can i pull manager from global directory or active directory as approver.We are designing dual control approval process.First manager from global directory can approve then role owner.In workflow stages i can only see approvers information has to be entered manaually in CAD.Also i am looking when requestor requesting request,it should automatically fetch manager information on the request page,once user id selected.
Thanks
MushuDear Mushu,
Two things you need to do
1.) Maintain the Manager's Field in Active Directory and do mapping in CUP>Configuration>Field Mapping-->LDAP Mapping
2.) Keep LDAP as authentication system so that whenever a User has to log into the CUP he will do using his network id and his manager is automatically pulled from Active Directory.
Then in the workflow you can keep the approver determinator as Manager by which the request will routed to the appropriate manager. Hope that helps.
Edited by: celestemay17 on Dec 8, 2010 12:05 PM -
Migrating Interface from Global to VRF
Hi All,
We are trying to move interfaces from global routing table to VRF interface and during that process we are trying to move eigrp belonging to that interface from Global configuration to Address-family ipv4 instance of the eigrp under the VRF .
We are trying to figure out to populate passive-interface command under the address-family ipv4 vrf .But couldn't find the command supported in 12.2(18)SXF15 for Cisco 7600 router. Do we have to configure the passive-interface command alone in the global eigrp instead of address-family ?. Any help would be really appreciated.
Thanks
Regards
Anantha Subramanian NatarajanAnantha,
"passive-interface" under the "address-family" is only available starting with 12.2(33)SRB.
In the version you are currently running, configuring "passive-interface" globally will take effect even for specific VRF interfaces though.
Regards -
Nexus 7000 route leak from GRT (default VRF) to other VRF's
Hello
We have a Nexus 7000 infrastructure whereby we have had multiple VDC's and VRF's deployed. A requirement has now come about whereby one of these VRF's needs to be able to see our GRT (default VRF) so we need to leak the GRT routes into the VRF and vice versa.
I have been doing a lot of reading and I am happy with the how this works with inter-VRF route leaking but I seem to missing a few things in respect of how this works with the GRT.
I have also read on another forum that this is not supported. See link below.
https://supportforums.cisco.com/document/133711/vrf-configuration-and-verification-nexus-7000
Does anyone have experience of this? I can also see how this works in IOS and I have GNS3 and got this working.
We use BGP currently so we are able to use MP-BGP if required.
Any help would be very useful.Hi,
In Table 14 of the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide the verified limit is specified as 1000 per system i.e., across all VDCs for NX-OS release 5.2, 6.0 and 6.1.
There is a footnote associated with this number which states:
With each new VDC configured, the number of configurable VRFs per system is reduced by two as each VDC has a default VRF and management VRFs that are not removable. For example, with 8 configured VDCs on Cisco NX-OS Release 5.2, you can configure up to 984 VRFs per system (either all in one VDC or across VDCs).
Regards -
1 server, 2 networks how to route traffic to both
Hi i have NW65SP7
what i'm trying to do is
1. to have users come in thru the data network (192.168.0.0) and the traffic
go back out thru the default gateway (192.168.0.1) and
2. i want LDAP traffic to go in thru the other network (10.1.0.0) and
backout thru the same networks gateway (10.1.0.1).
1. works fine and all seems to go up and down the right network, however 2.
comes down 10.1.0.0 and backout thru the default gateway on 192.168.0.1. I
don't\can't have this as the firewall rejects the packet as the source and
destination networks are different ie. the fw sees the packet come in thru
10.1.0.0 but when the server sends it back out thru 192.168.0.0 the firewall
rightly drops it
How do i get 2. to work as i want, can this even be done on NW.
What i've done so far is
a. enabled Static Routing
b. created a default route (192.168.0.1) with a metric of 2
c. created a network route for 10.1.0.0 (10.1.0.1) with a metric of 1"Thorsten Kampe" <[email protected]> wrote in message
news:[email protected]...
>* Steven Lim (Mon, 08 Dec 2008 01:57:27 GMT)>
>> ok i'll try again but i thought that i did expalin it so i'm not sure how
>> my
>> second attempt will go ;)
>
> Is the NetWare server the router? Which addresses do the server's
> interfaces have? Which default gateway do the hosts in the network have?
> Any static routes?
No the netware server is not the router
The server has 1 interface but two vlans trunked to the one interface, each
vlan has a separate IP. I can ping each IP on each of the trunked vlans
fine. I'm using Broadcom Q57 NICS and the QASP\BASP advanced driver to
support the trunked vlans. Don't let that confuse the issue though..it's
basically the same as having two nic interfaces connected to two seperate
networks in this case lets say 192.168.0.10 and 10.0.0.10
Just so we're on the same page, we have a very large routed network with
over 250 subnetworks with 4 10G interconnected core routers each with a 10G
distribution routers, buildings\user\server networks hang of the
distribution routers . Client machines are distributed accross the network
and are not on the same vlan\subnet as the servers.
A server on 192.168.0.0 will have a default gateway of 192.168.0.1 and
servers on 10.0.0.0 will have a default gateway of 10.0.0.1 there are no
clients machines on these subnets....btw we don't really have a 192.168.0.0
network..i'm just using this as an example.
The NW server has 1 static route configured as the default gateway on
192.168.0.1...and i've been trying to work out how to configure another
static route to make sure that all incoming and outgoing traffic for
10.0.0.0 stays on 10.0.0.0 or whatever else i need to do to get it working
>> i have two networks 192.168.0.0 and 10.0.0.0
>>
>> 1. I want all traffic that originates from 192.168.0.0 to go back thru
>> the
>> 192.168.0.0 gateway on 192.168.0.1 (currently the default gateway
>> configured
>> in inetcfg static routing table).
>
> In case the NetWare server is the router you only have to enable routing
> - the server's default gateway is completely irrelevant for that. Of
> course the hosts in the networks have to have the router as the default
> gateway (or a static route).
Clients are fine, lets say that they are on 192.168.1.0 to 192.168.255.0 and
they have default gateways on their subnets the go thru x.x.x.1 (eg.a
192.168.1.0 machine will have a default gateway of 192.168.1.1 and a
192.168.2.0 machine will have a default gateway of 192.168.2.1 etc)
>> 2. I want all ldap traffic, in my case this will be ldap port 389 and
>> 636,
>> that originates from network 10.0.0.0 to go back thru the gateway
>> 10.0.0.1.
>
> Routing is not (application) protocol specific. You can either route all
> IP packets or none a certain route. Please have a look at the routing
> table of your computer to see what I mean.
Yes i understand that routing is not application\protocol specific
When you say "have a look at the routing table" i assume you mean the
netware server....i've done that using TCPCON..i can see the issue..just not
sure how to get it to do what i want
> Also what you might want is called source routing[1] and this is mostly
> blocked because it opens a huuuuge security hole.
>
>> This is required because the firewall requires that if a response is
> to go
>> out to a client then then it must go out over the same network that it
>> originated from. This is the part that's not currently working. At the
>> moment the query comes in from 10.0.0.0 and the response tries to goes
>> out
>> via the deafult gateway on 192.168.0.1 the firewall blocks the outgoing
>> traffic....basic stuff!!!
>
> I wonder where and how you put that firewall if you have only two
> subnets and one router. Is this Bordermanager on the NetWare server?
See above re. the network...the firewall\s are blades within the core
routers and support virtual firewalls that can be applied to any part of the
distribution\access layer of the network.
Does that make any more sense???
> Thorsten
> [1] http://en.wikipedia.org/wiki/Source_routing -
HT1751 do any one know how to take music from my iphone to my new computer
family i had a laptop with my itune library. it crash but my music is on my iphone and now i have a new desk top how do i trasfer my music here for back up if anything happen to my phone
Have you failed to maintain a bacup copy of your computer?
The iphone is not a storage/backup device. The sync is one way - computer to iphone. The excpetion is itunes purchases: File>Devices>Transfer Purchases -
How to route traffic to a static public IP address on my private network
Here is my topology:
ISP Modem ---------------- (gig0/0) Cisco Router (gig0/1) -----------------Cisco Switch--------------------Server
60.70.80.90 172.16.0.1 172.16.0.2 60.70.80.91
Gateway: 60.70.80.89
Netmask: 255.255.255.240
Scenario:
My ISP has given me 5 static IP addresses in which I want to assign one of them to one of my servers that lies within my private network. I am wondering what kind of configurations I would need to be able to access my server from outside my private network using one of the static IP addresses that was given from my ISP. Does this need some sort of static NAT on top of the inside/outside NAT I have done on my router? Thanks
Best Regards,
SeanDuplicate post.
Go HERE. -
How to route traffic between two different interfaces
Hi,
I need to setup a routing between two different interfaces on a host.
Inferface ce1 : 192.168.120.12
Inteface ce2 : 192.168.110.50
Is it possible to add a route which enables the ce2 interface to catch packets from the ce1 interface ?
Regards,
ArminThe problem is a application which is only able to listen on one interface.
To fix this, I have to make all packages visible on one interface. -
Multiple devices, one email - how can I see from iPad if I've replied from iPhone.
Hi, I use both my iPhone and iPad to access my email. When I reply to a message on a device, I get an icon on the email on that device showing that I've replied. However, when I access the same email account from the other device, I don't see a replied icon. Any way I can get the replies synching so that I van see if I've replied across multiple devices?
(Particularly useful since my wife and I share one of the emails we access so useful to see if the other one of us has replied)
Thanks
EdDumpyCorp wrote:
Any and all help will be appreciated.
Then go back to your first post and the response in there. There really is a viable solution for your issues in that discussion.
https://discussions.apple.com/message/22927224#22927224 -
I was syncing my iphone with itune and there was a update which system started downloading then something happened and i had to restart my computer. when i restarted my computer, itune started backing up my iphone eventhought there was nothing left on it. now this second back up overtook my first back up
and in that process i can not back up to my first back up (as its from same date i guess) I have lost all my contacts. I did not have any icloud back up or my contacts are not being backed up locally on my computer either. if anyone knows how to find back up other than listed on back up lists, please help. ThanksCan I add my existing, licensed apps to my list of 'Purchases' on the Mac App Store so I don't have to buy them twice?
No. Only apps purchased from the App Store can be re downloaded for free including updates. -
I have a new macbook pro, but didn't transfer data of my old mac to this one. I cannot find a transfer assistent or other tool to get this done. What is the best way to do this?
You may find this link very useful:
http://pondini.org/OSX/Setup.html
Ciao. -
What is business one ? how is it different from sap R/3,?
Does B1 needs special expertise in SAP ?can an R/3 consultant run the transactions and customisations in B1 with ease ?please answer my queries.
REGARDS
Sunkarihi vinod,
Some of difference between SAP B1 vs SAP R/3,
1.SAP Business One is SAP's offering for small and mid size companies, while R/3 is SAP's offering for large companies.
2.SAP Business One is a software that was bought over by SAP and it has been greatly enhanced over time,
SAP R/3 is indigenous to SAP and it has also undergone various re-engineering over time.Example: SAP ECC.
3. SAP Business One and SAP R/3 are built on the concept of client/server architecture,.SAP Business One(2-tier) client/server architecture,SAP R/3 is based on a three tier/n-tier client/server architecture.
Jeyakanthan -
Does any one know how to unlock phone from landscape mode
my iphone 4 for some reason locked its rotation from landscape to normal how can i fix this
iPhone User Guide (For iOS 4.2 and 4.3 Software)
Maybe you are looking for
-
I have run into an interesting problem. I have made several imovies and shared them through IDVD into one big movie. When they play back, one of the imovies will not stop. I have gone back to the original imovie movie and when played, it just keeps g
-
How to enhance F4 help for the field KUNNR
Hi All, I have a requirement to create custom table with the fields kunnr auart prodh among these fields for the field KUNNR I want to enhance the F4 functionality when user entering the data into this custom table means i should restrict only kunnr
-
Reg.Business area configuration
Dear All Please find the below link where I have showed my problem. Help me. http://www.4shared.com/dir/7442981/adadb941/sharing.html Thanks Rajakumar
-
I have read about this issue before, and I know it is a major problem with this model iBook. When I turn on my iBook nothing shows on the display, just sound, and when it does work, there is just a fuzzy picture. Pressing on the area where the video
-
Hi together, I have the following problem: If I create a BP as customer prospect in SAP GUI, it's automatically only the classification customer prospect in register classification checked. If I create a BP in PC-UI as customer prospect, there are au