Configuring a complex inter-VRF solution

Configuration breakdown

Configure the standard ACLs

When configuring a complex inter-VFR aware device, such as in our example, the configuration order is important. We have provided a breakdown before each step to explain the key points you will need to consider.

These standard ACL's are associated with routes maps. The route maps are referenced by VRF import and export maps. VRF export maps filter routes exported to BGP. VRF import maps filter routes imported into the VRF domain from BGP. BGP is used to leak routes between VRFs.

These ACLs should be configured before any inter-VRF communication is configured, to prevent unnecessary routes from being leaked from one VRF to another.

CONFIGURE STANDARD ACLS

awplus#conf t

Enter configuration commands, one per line. End with CNTL/Z. awplus(config)#access-list standard blueBlock4344 deny 192.168.43.0/24 awplus(config)#access-list standard blueBlock4344 deny 192.168.44.0/24 awplus(config)#access-list standard blueBlock4344 permit any awplus(config)#access-list standard greenBlock4345 deny 192.168.43.0/24 awplus(config)#access-list standard greenBlock4345 deny 192.168.45.0/24 awplus(config)#access-list standard greenBlock4345 permit any awplus(config)#access-list standard orangeBlock20Export140 deny 192.168.20.0/24 awplus(config)#access-list standard orangeBlock20Export140 permit any awplus(config)#access-list standard orangeNoBlock permit any awplus(config)#access-list standard redBlock4445 deny 192.168.44.0/24 awplus(config)#access-list standard redBlock4445 deny 192.168.45.0/24 awplus(config)#access-list standard redBlock4445 permit any

Configure the VRFs

Next we configure the six numbered VRFs named red, green, blue, orange, shared and overlap, via the command ip vrf-name number

The optional number parameter creates and assigns a local interface (LO) to the VRF instance. This number parameter allows the user to manually control which local interface is associated with each VRF. If not specified, a local interface is automatically created and assigned to the VRF instance in the order of VRF creation. Once an LO is created, it remains assigned to the VRF (including over a reboot), unless manually changed by the user.

Only a single local interface per VRF is supported, and each local interface can be configured with its own local ip address.

A local interface (also referred to as an internal loopback interface) is an internal interface that is always available for higher layer protocols to use and advertise to the network. Although a local interface is assigned an IP address, it does not have the usual requirement of connecting to a lower layer physical entity.

Page 46 Configure VRF-lite

Page 45 Page 47
Page 46
Image 46
Allied Telesis C613-16164-00 REV E manual Configuration breakdown
Page 45 Page 47

C613-16164-00 REV E specifications

The Allied Telesis C613-16164-00 REV E is a robust networking device designed to enhance connectivity and communication within enterprise environments. Renowned for its reliability and efficiency, this device serves as an ideal choice for organizations seeking to improve their network infrastructure.

At its core, the C613-16164-00 REV E is a part of Allied Telesis' suite of products that adhere to high-performance standards. One of the main features is its support for both Layer 2 and Layer 3 networking, making it versatile enough to handle a variety of network configurations. This capability allows for seamless integration into different network architectures, whether for simple local area networks (LANs) or more advanced setups with routing capabilities.

Another significant characteristic of the C613-16164-00 REV E is its high-speed data transfer capabilities. With support for Gigabit Ethernet, the device ensures that data can be transmitted quickly and efficiently across the network. This is particularly important for businesses that rely on heavy data usage and need to maintain performance standards even during peak hours.

Additionally, the C613-16164-00 REV E features advanced security measures, including VLAN support and port security configurations, which help protect sensitive information and prevent unauthorized access. This is essential for businesses that handle confidential data and must comply with industry regulations.

In terms of manageability, the device supports SNMP (Simple Network Management Protocol), allowing for easy monitoring and management of network resources. Network administrators can efficiently manage the device and optimize performance with minimal effort, improving overall productivity.

The design of the C613-16164-00 REV E is also noteworthy; it is built for durability, often featuring a compact form factor that makes installation straightforward without compromising on performance. Its compatibility with various Allied Telesis products ensures that organizations can build a cohesive network ecosystem.

In conclusion, the Allied Telesis C613-16164-00 REV E stands out as an excellent networking solution characterized by its support for multiple networking layers, high-speed data transfer, and robust security features. Ideal for both small to medium enterprises and larger organizations, it helps ensure that businesses can maintain efficient and secure operations in a constantly evolving digital landscape.
Top Page Image Contents