jueves, 18 de agosto de 2016

EVN Route Leaking

Easy Virtual Network-  Route Leaking 


Redes virtuales con replicación de rutas entre vrf 
En este caso el VRF servicio  sera replicado a otras VRFs


 ROUTER R2

vrf definition cliente1
 vnet tag 100
 !
 address-family ipv4
  route-replicate from vrf servicio unicast static
 exit-address-family
!
ip route vrf cliente1 192.168.40.0 255.255.255.0 10.10.10.2
ip route vrf servicio 192.168.50.0 255.255.255.0 10.10.10.2
!


ROUTER R3

 vrf definition servicio
 vnet tag 300
 !
 address-family ipv4
  route-replicate from vrf cliente1 unicast static
 exit-address-family
!
ip route vrf cliente1 192.168.30.0 255.255.255.0 10.10.10.1


R2#routing-context vrf servicio
R2%servicio#sh ip route

Routing Table: servicio
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.10.10.0/30 is directly connected, FastEthernet1/1.300
L        10.10.10.1/32 is directly connected, FastEthernet1/1.300
C        10.10.10.4/30 is directly connected, FastEthernet2/0.300
L        10.10.10.5/32 is directly connected, FastEthernet2/0.300
S     192.168.50.0/24 [1/0] via 10.10.10.2


R2#routing-context vrf cliente1
R2%cliente1#sh ip route

Routing Table: cliente1
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.10.10.0/30 is directly connected, FastEthernet1/1.100
L        10.10.10.1/32 is directly connected, FastEthernet1/1.100
C        10.10.10.4/30 is directly connected, FastEthernet2/0.100
L        10.10.10.5/32 is directly connected, FastEthernet2/0.100
      192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.30.0/24 is directly connected, FastEthernet0/0
L        192.168.30.1/32 is directly connected, FastEthernet0/0
S     192.168.40.0/24 [1/0] via 10.10.10.2
S   + 192.168.50.0/24 [1/0] via 10.10.10.2 (servicio)


PC1> ping 192.168.50.10
84 bytes from 192.168.50.10 icmp_seq=1 ttl=62 time=40.002 ms
84 bytes from 192.168.50.10 icmp_seq=2 ttl=62 time=31.001 ms
84 bytes from 192.168.50.10 icmp_seq=3 ttl=62 time=16.001 ms
84 bytes from 192.168.50.10 icmp_seq=4 ttl=62 time=21.001 ms
84 bytes from 192.168.50.10 icmp_seq=5 ttl=62 time=27.002 ms












Publicado por en No hay comentarios:

EVN AAA - Radius



EVN AAA Radius 


En esta topologia se tiene un servidor WinRadius (192.168.10.10) asociada al vrf cliente2
Se desea configurar autenticacion usando Win Radius en un entorno  de VRFs






ROUTER R2

 vrf definition cliente1
 vnet tag 100
 address-family ipv4
 exit-address-family

vrf definition cliente2
 vnet tag 200
 address-family ipv4
 exit-address-family

vrf definition servicio
 vnet tag 300
 address-family ipv4
 exit-address-family

username cisco password cisco
aaa new-model
radius server RADIUS1
   address ipv4 192.168.10.51 auth-port 1812 acct-port 1813
   key WinRadius

aaa group server radius RADIUSGROUP
   server name RADIUS1
   ip vrf forwarding cliente2

aaa authentication login default group RADIUSGROUP local

router ospf 1 vrf cliente2
   router-id 2.2.2.2
   network 10.10.10.0 0.0.0.3 area 0
   network 10.10.10.4 0.0.0.3 area 0
   network 192.168.10.0 0.0.0.255 area 0

interface FastEthernet1/0
   vrf forwarding cliente2
   ip address 192.168.10.1 255.255.255.0

interface FastEthernet1/1
   ip address 10.10.10.1 255.255.255.252
   vnet trunk

interface FastEthernet2/0
   ip address 10.10.10.5 255.255.255.252
   vnet trunk











Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)