Allied Telesis C613-16164-00 REV E manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Allied Telesis C613-16164-00 REV E. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Allied Telesis C613-16164-00 REV E o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Allied Telesis C613-16164-00 REV E se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Allied Telesis C613-16164-00 REV E, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Allied Telesis C613-16164-00 REV E debe contener:
- información acerca de las especificaciones técnicas del dispositivo Allied Telesis C613-16164-00 REV E
- nombre de fabricante y año de fabricación del dispositivo Allied Telesis C613-16164-00 REV E
- condiciones de uso, configuración y mantenimiento del dispositivo Allied Telesis C613-16164-00 REV E
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Allied Telesis C613-16164-00 REV E no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Allied Telesis C613-16164-00 REV E y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Allied Telesis en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Allied Telesis C613-16164-00 REV E, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Allied Telesis C613-16164-00 REV E, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Allied Telesis C613-16164-00 REV E. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    Te c h n i c a l G u i d e alliedtelesis .com x How T o | C613-16164-00 REV E Introduction In IP-based networ ks, VRF stands for Vir tual Ro uting and Forwarding. Th is technology allo ws multiple routing domains to co-exist within the same dev ice at the same time. As the routing domains are independent, ov er lapping IP addre sses can be used wit[...]

  • Página 2

    I n tr od u ctio n Page 2 | Co n fig u re VRF-lite Who sho u ld r ead this doc u me n t? This document is aimed at advanced networ k engineer s. Which pr od u cts a n d softwar e v ersio n does it a pply to? The information provided in this document applies to:  SwitchBlade A T -x908 and A T -x900 series sw itches r unning 5.4.1 and above.  x[...]

  • Página 3

    Co n fig u re VRF-lite | Page 3 I n trod u ctio n Co nt e nt s Introduction ....... ............... ................. ................. ............... ................. .............. ............... ............ ................. ............... ............ 1 What is VRF-lite? ............ ................. .............. ................. .....[...]

  • Página 4

    Glossar y Page 4 | Co n fig u re VRF-lite Glossar y ACRON YM DESCRIPTION AS Autonomous System AC L Access Control List BGP Border Gatewa y Protocol FIB Forwarding Information Base MPLS Multi-Protocol Label S witching OSPF Open Shor test P ath Fir st RIP Routing Information Protocol VPN Vir tual Pr ivate Network VR Vir tual Router VRF Vir tual Routi[...]

  • Página 5

    Co n fig u re VRF-lite | Page 5 U n dersta n di n g VRF-lite Under standing VRF-lite The pur pose of VRF is to enable separate IP net w or ks, possibly using o ver lapping IP addresses, to share the same links and router s. IP traffic is constr ained to a set of separ ate IP Vir tual Private Networ ks (VPNs). These VPNs provide a s ecure way f or a[...]

  • Página 6

    U n dersta n di n g VRF-lite Page 6 | Co n fig u re VRF-lite VRF-lite sec u rit y d o ma i n s VRF-lite provides networ k isolation on a single device at Lay er 3. Each VRF domain can use the same or ov er lapping networ k addresses, as they hav e independent routing tables. This separation of the routing tables pre vents communi cation to La yer 3[...]

  • Página 7

    awplus(config)#arp ? A.B.C.D IP address of the A RP entry log Arp log vrf VRF instance awplus(config)#arp vrf <name> ? A.B.C.D IP address of the A RP entry Co n fi g u re VRF-lite | Page 7 U n dersta n di n g VRF-lite When a Lay er 3 interface is mov ed to a VRF inst ance from the default global VRF domain, or when a Lay er 3 interface is mov[...]

  • Página 8

    U n dersta n di n g VRF-lite Page 8 | Co n fig u re VRF-lite I n ter -VRF comm un icatio n Whilst the pr ime purpose of VRF-lite is to ke ep routing domains separ ate from each other , there are cases where y ou do want some comm unication betw een VRFs. Internal Co m pany Network VRF red (Wi-Fi) VRF green (company) VRF shared Internet Wi-F i acces[...]

  • Página 9

    Co n fig u re VRF-lite | Page 9 U n dersta n di n g VRF-lite Static a n d dy n amic i n ter -VRF r o u ti n g As mentioned abo ve, "Inter -VRF commu nication" on page 8 , in some circumstances it is required to (selec tivel y ) allow traffic between two interfaces that are not in the same VRF . This will be useful if there is common ne tw[...]

  • Página 10

    U n dersta n di n g VRF-lite Page 10 | Co n fig u re VRF-lite VRF-lite feat u res i n AW + Here is a summar y of the features pro v ide d by the A W+ VRF-lite i mplementation:  Multiple independent routing table instances may co-exist within the same device . The same or ov er lapping IP addresses can be pres ent in diff erent route table instan[...]

  • Página 11

    Co n fig u re VRF-lite | Page 11 U n dersta n di n g VRF-lite Ro u te limiti n g per VRF i n sta n ce In a multi-VRF network environment, it may be problematic if one VRF injects too many routes and fills up the hardware f orwarding ta bl e (FIB) on the device, which can affect other VRFs as well as the global VRF . For more information see "R[...]

  • Página 12

    U n dersta n di n g VRF-lite Page 12 | Co n fig u re VRF-lite  T elnet client awplus#telnet ? WORD IPv4/IPv6 address or hostname of a remote system ip IP telnet ipv6 IPv6 telnet vrf VRF instance awplus#telnet vrf <name> ? WORD IPv4 address or ho stname of a remote system ip IP telnet awplus#telnet vrf <name> i p x.x.x.x  SSH clien[...]

  • Página 13

    Co n fig u re VRF-lite | Page 13 Co n fig u ri n g VRF-lite Configur ing VRF-lite The follo wing section describes the gener ic commands used to conf igure VRF-lite .  CONFIGURING A CLS PURPOSE Step 1 Enter Global Configuration mode . Step 2 Optional. This command configures a standard named access-control -list (A CL). Matching networ ks (route[...]

  • Página 14

    Co n fig u ri n g VRF-lite Page 14 | Co n fig u re VRF-lite CONFIGURING VLANS AND VLAN DATABASE PURPOSE Step 1 awplus(config)# vlan database VLANs are created in the VLAN database , and por ts are assigned to relevant VLANs. Step 2 awplus(config-vlan)# vlan x state enable Step 3 awplus(config-vlan)# exit Step 4 awplus(config)# interface portx.x.x S[...]

  • Página 15

    Co n fig u re VRF-lite | Page 15 Co n fig u ri n g VRF-lite DYNAMIC ROUTING PROTOCOL - RIP ADDR ESS-FAMILY PURPOSE Step 1 awplus(config)# router rip Optional. Enter rout er configur ation mode for RIP . Step 2 awplus(config-router)# address-family ipv4 vrf <vrf-name> Associate a RIP address-family with a specific VRF instance . Step 3 awplus([...]

  • Página 16

    Co n fig u ri n g VRF-lite Page 16 | Co n fig u re VRF-lite STATIC R OUTES PURPOSE Step 1 awplus(config)# ip route vrf <name> <network> {<gateway> <interface>| <interface>} Optional. T o add a static route into the Routing table for a VRF instan ce. This can be a route pointing exter nall y to a nexthop reachable via a[...]

  • Página 17

    Co n fig u re VRF-lite | Page 17 Co n fig u ri n g VRF-lite Static i n ter -VRF r o u ti n g Static inter -VRF routing involv es creating static routes in one VRF instance whose egress VLAN is in a different egress VLAN. These stat ic routes must specify both the egress VLAN and next hop IP address. 192.168. 1.0 /24 192.168. 20.0 /24 192.168. 20.0 [...]

  • Página 18

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 18 | Co n fig u re VRF-lite Dynamic inter -VRF comm unication explained The foll owin g section expl ains how VRF routing domain isolati on is maintained, and how routes that exist in one VRF instance are leaked to another VRF instance via BGP . Only B GP can be used to dynamically leak rout [...]

  • Página 19

    Co n fig u re VRF-lite | Page 19 Dy n amic i n ter -VRF comm un icatio n explai n ed The command re dis tr ib u te <pr otocol> can be configured in an OSPF instance, BGP address-family , or RIP address-fam ily . Via this command, routes are impor ted from the FIB associated with the VRF instance into the dynamic routing protocol table. Any ro[...]

  • Página 20

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 20 | Co n fig u re VRF-lite I n ter -VRF comm un icatio n via BGP Dynamic inter -VRF route leakage is achieved by making copies of BGP routes that exist in one BGP address-family associated with one VRF instance , to another BGP address-family associated with a different VRF instance. VRF Dev[...]

  • Página 21

    Co n fig u re VRF-lite | Page 21 Dy n amic i n ter -VRF comm un icatio n explai n ed Usi n g the r o u te-target comma n d When BGP is used for inter - VRF comm unication, dynamic route leakage of BGP routes from one VRF instance to anothe r is achieved via the VRF ro u te-target command. There are three var iations of the route-tar get command: 1.[...]

  • Página 22

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 22 | Co n fig u re VRF-lite The follo wing three examples demonstrate how the ro u te-target command facili tates inter - VRF commu nication: 1. If VRF red conf iguration includes: ip vrf red rd 100:1 route-target export 100:1 And if VRF red initially has routes to networ ks 10 .0.0.0/24, 20.[...]

  • Página 23

    Co n fig u re VRF-lite | Page 23 Dy n amic i n ter -VRF comm un icatio n explai n ed 3. If VRF red conf igur ation includes*: ip vrf red rd 100:1 route-target export 100:1 route-target export 100:2 route-target export 100:3 route-target export 100:4 route-target import 100:5 route-target import 100:6 And if VRF red initiall y has routes to netw or [...]

  • Página 24

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 24 | Co n fig u re VRF-lite How VRF-lite sec u rit y i s m ai n tai n ed Incidentally , only the or iginal routes can be co pied from one VRF to another . Copied routes cannot be subsequently copied to another VRF , to ensure VRF securi ty domains ar e enforced. For example: VRFred----VRFshar[...]

  • Página 25

    Co n fig u re VRF-lite | Page 25 Simple VRF-lite co n fig u ratio n examples Simple VRF-lite configur ation examples The follo wing section contains simple configuratio n examples to explain the basics of V RF-lite configur ation used in conjunction with a var iety of routing protocols. Fir stly , alwa ys create a clear VRF communicatio n plan. Thi[...]

  • Página 26

    Simple VRF-lite co n fig u ratio n examples Page 26 | Co n fig u re VRF-lite !  interface vlan12 ip vrf forwarding red ip address 10.2.2.1/24 ! interface vlan13 ip vrf forwarding green ip address 10.1.1.1/24 ! interface vlan14 ip vrf forwarding green ip address 10.2.2.1/16 ! router ospf 1 red network 10.1.1.0/24 area 0 network 10.2.2.0/24 area 0[...]

  • Página 27

    Co n fig u re VRF-lite | Page 27 Simple VRF-lite co n fig u ratio n examples VRFs accessi n g a shared n etw o rk. A n example of static i n ter -VRF ro u ti n g The par tial configuration example belo w shows the key compon ents required to suppor t static inter -VRF routing. 100.100.100.0/24 - Inter VRF (IVR) co mm unications via static IVR route[...]

  • Página 28

    Simple VRF-lite co n fig u ratio n examples Page 28 | Co n fig u re VRF-lite Dy n amic i n ter -VRF comm un icatio n with RIP r o u ti n g to exter n al peers The par tial configur ation example below sho ws the key components required to suppor t dynamic inter -VRF communication betw een tw o VR F instances using BGP , with RIP routing to exter na[...]

  • Página 29

    Co n fig u re VRF-lite | Page 29 Simple VRF-lite co n fig u ratio n examples Dy n amic i n ter -VRF comm un icatio n with BGP r o u ti n g to exter n al peers The par tial configuration example belo w shows the key compon ents required to suppor t dynamic inter -VRF communication using BGP , with BGP routing to exter nal peer s. ... ! ip vrf red rd[...]

  • Página 30

    Simple VRF-lite co n fig u ratio n examples Page 30 | Co n fig u re VRF-lite Dy n amic i n ter -VRF comm un icatio n with OSPF r o u ti n g to exter n al peers The complete configuration example below sho w s the key components required to suppor t dynamic inter -VRF commun ication using BGP , with OSPF routing to exter nal peer s. red router 192.1[...]

  • Página 31

    Co n fig u re VRF-lite | Page 31 Simple VRF-lite co n fig u ratio n examples ! access-list standard greenBlock3334 de ny 192.168.33.0/24 access-list standard greenBlock3334 de ny 192.168.34.0/24 access-list standard greenBlock3334 pe rmit any access-list standard redBlock3435 deny 192.168.34.0/24 access-list standard redBlock3435 deny 192.168.35.0/[...]

  • Página 32

    Simple VRF-lite co n fig u ratio n examples Page 32 | Co n fig u re VRF-lite interface vlan1 ip vrf forwarding red ip address 192.168.10.1/24 ! interface vlan2 ip vrf forwarding green ip address 192.168.20.1/24 ! interface vlan3 ip vrf forwarding shared ip address 192.168.30.1/24 ! router ospf 1 red network 192.168.10.0/24 area 0 redistribute bgp ![...]

  • Página 33

    Co n fig u re VRF-lite | Page 33 I n ter -VRF co n fig u ratio n examples with I n ter n et access Inter -VRF configur ation examples with Inter net access The follo wing three complete examples are usin g a similar topology , how ever , each example inv olves a diff erent communication plan and a var iety of routing protocols. All of the follo win[...]

  • Página 34

    I n ter -VRF co n fig u ratio n examples with I n ter n et acce ss Page 34 | Co n fig u re VRF-lite Co n fig u rati o n ! ip vrf remote1 1 ! ip vrf remote2 2 ! ip vrf shared3 3 ! ip vrf office4 4 ! vlan database vlan 10 name remote1_a vlan 11 name remote1_b vlan 12 name remote1_c vlan 13 name remote1_d vlan 20 name remote2_a vlan 90 name remote1_e [...]

  • Página 35

    Co n fig u re VRF-lite | Page 35 I n ter -VRF co n fig u ratio n examples with I n ter n et access ! interface vlan13 ip vrf forwarding remote1 ip address 13.0.0.1/8 ! interface vlan20 ip vrf forwarding remote2 ip address 10.0.0.1/8 ! interface vlan90 ip vrf forwarding remote1 ip address 14.0.0.1/8 ! interface vlan100 ip vrf forwarding shared3 ip a[...]

  • Página 36

    I n ter -VRF co n fi g u ratio n examples with I n ter n et acce ss Page 36 | Co n fig u re VRF-lite Example B Internet Intranet re m ote 1 VRF 1 Intranet 1 static route Intranet re m ote2 Internet de f ault route VRF2 RIP Intranet route VRF4 RIP route Internet Router Private to public NA T Router Private to public NA T Internet de f ault route VRF[...]

  • Página 37

    Co n fig u re VRF-lite | Page 37 I n ter -VRF co n fig u ratio n examples with I n ter n et access Co n fig u ratio n ! access-list standard deny_overlap deny 10.0.0.0/8 access-list standard deny_overlap perm it any ! ip vrf remote1 1 rd 100:1 route-target export 100:1 route-target import 100:3 export map block10 ! ip vrf remote2 2 rd 100:2 route-t[...]

  • Página 38

    I n ter -VRF co n fig u ratio n examples with I n ter n et acce ss Page 38 | Co n fig u re VRF-lite ! interface port1.0.6-1.0.26 switchport switchport mode access ! interface vlan10 ip vrf forwarding remote1 ip address 10.0.0.1/8 ! interface vlan11 ip vrf forwarding remote1 ip address 11.0.0.1/8 ! interface vlan12 ip vrf forwarding remote1 ip addre[...]

  • Página 39

    Co n fig u re VRF-lite | Page 39 I n ter -VRF co n fig u ratio n examples with I n ter n et access ! address-family ipv4 vrf remote2 redistribute connected exit-address-family ! address-family ipv4 vrf shared3 redistribute connected exit-address-family ! ip route vrf remote1 0.0.0.0/0 10.0.0. 2 ip route vrf shared3 0.0.0.0/0 30.0.0. 2 ip route vrf [...]

  • Página 40

    I n ter -VRF co n fi g u ratio n examples with I n ter n et acce ss Page 40 | Co n fig u re VRF-lite Example C Intranet re m ote 1 VRF 1 Intranet 1 static route Intranet re m ote2 Internet de f ault route VRF2 RIP Intranet route VRF4 RIP route Internet Router Private to public NA T VRF 1 re m ote 1 VLAN 1 0 re m ote 1 _a VLAN 11 re m ote 1 _b VLAN [...]

  • Página 41

    Co n fig u re VRF-lite | Page 41 I n ter -VRF co n fig u ratio n examples with I n ter n et access Co n fig u ratio n ! access-list standard deny_overlap deny 10.0.0.0/8 access-list standard deny_overlap perm it any ! ip vrf remote1 1 rd 100:1 route-target export 100:1 route-target import 100:3 export map block10 ! ip vrf remote2 2 rd 100:2 route-t[...]

  • Página 42

    I n ter -VRF co n fig u ratio n examples with I n ter n et acce ss Page 42 | Co n fig u re VRF-lite ! interface port1.0.4 switchport switchport mode trunk switchport trunk allowed vlan add 200 ! interface port1.0.5 switchport switchport mode access switchport access vlan 100 ! interface port1.0.6-1.0.26 switchport switchport mode access ! interface[...]

  • Página 43

    Co n fig u re VRF-lite | Page 43 I n ter -VRF co n fig u ratio n examples with I n ter n et access exit-address-family ! address-family ipv4 vrf office4 network vlan200 exit-address-family ! router bgp 100 address-family ipv4 vrf remote1 redistribute connected exit-address-family ! address-family ipv4 vrf remote2 redistribute connected exit-address[...]

  • Página 44

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 44 | Co n fig u re VRF-lite Configur ing a complex inter -VRF solution A networ k compr ising of mu ltiple devices that demonstrates inter -VRF routing. A variety of routing protocols are used in this example . Netw ork descr iptio n VRF ov erlap L06=6.6.6.6 VRF red L01=1.1.1.1 OSPF-1 VRF gr[...]

  • Página 45

    Co n fig u re VRF-lite | Page 45 Co n fig u ri n g a complex i n ter -VRF s ol u tio n VRF comm un icatio n pla n  VRF shared can a ccess all VRF s red, green, b lue and orange (excluding VRF ov er lap).  VRFs red, green, blue , and orange are only ab le to access VRF shared. They cannot access each other in this example.  VRF ov er lap re[...]

  • Página 46

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 46 | Co n fig u re VRF-lite Co n fig u ratio n br eakdow n When configuring a c omplex inter -VFR awar e device, such as in our example , the configuration order is impor tant. W e ha ve pro vided a breakdown before each step to explain the key points y ou will need to consider . CONFIGURE S[...]

  • Página 47

    Co n fig u re VRF-lite | Page 47 Co n fig u ri n g a complex i n ter -VRF s ol u tio n Local interfaces can be utili sed b y a number of protocols for various pur poses. They can be used as a reliable address via wh ich to access a device - an address that is alwa ys accessib le , irrespective of th e link status of an y individual exte r nal in te[...]

  • Página 48

    CONFIGURE VRFS Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 48 | Co n fig u re VRF-lite awplus(config)#ip vrf red 1 awplus(config-vrf)#rd 100:1 awplus(config-vrf)#route-target export 100:1 awplus(config-vrf)#route-target import 100:5 awplus(config-vrf)#import map red43 awplus(config-vrf)#exit awplus(config)#ip vrf green 2 awplus(config[...]

  • Página 49

    Co n fig u re VRF-lite | Page 49 Co n fig u ri n g a complex i n ter -VRF s ol u tio n Configure the hardware A CLs The command access-list hardware < n ame> creates the hardware access list. The access list is associated with individual switch por ts as an access-group . Each a ccess group contains one or more filter s, which filter source t[...]

  • Página 50

    CONFIGURE HARD WARE A CLS Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 50 | Co n fig u re VRF-lite Configure the VLANs VLANs are created i n the VLAN database, an d por ts are assigned to relevant VLANs. The access lists are assigned in order to the individual switch por ts as access groups. The order in which the access groups are att[...]

  • Página 51

    Co n fig u re VRF-lite | Page 51 Co n fig u ri n g a complex i n ter -VRF s ol u tio n The third access group allow100_den y_pr ivat e per mits VRF red to access shared VRF network 192.168.100.0/24. Subsequently traffi c to all netw or ks within the 192.168 .0.0/16 address ranges is denied. The order of f ilter ing is: 1. Allow access to the subnet[...]

  • Página 52

    CONFIGURE IP ADDR ESSES awplus(config-if)#exit [cont...] Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 52 | Co n fig u re VRF-lite Configure the IP addresses An IP address is allocated t o each Local interface . Also, VLANs are as sociated with each VRF inst ance. Each VRF instance can contain m ultiple VL A Ns . A V LA N ca nn o t b e [...]

  • Página 53

    Co n fig u re VRF-lite | Page 53 Co n fig u ri n g a complex i n ter -VRF s ol u tio n awplus(config)#interface vlan1 awplus(config-if)#ip vrf forwarding red awplus(config-if)#ip address 192.168.10.1/24 awplus(config)#interface vlan2 awplus(config-if)#ip vrf forwarding green awplus(config-if)#ip address 192.168.20.1/24 awplus(config-if)#exit awplus[...]

  • Página 54

    CONFIGURE DYNAMIC R OUTING Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 54 | Co n fig u re VRF-lite Configure routing Dynamic routing protocols are conf igured as required and associated with each VRF . OSPF instance 1 is associated with VRF red. OS PF instance 2 is associated with VRF orange . RIP and BGP use address-families as the e[...]

  • Página 55

    Co n fig u re VRF-lite | Page 55 Co n fig u ri n g a complex i n ter -VRF s ol u tio n Connected routes associated with VRF green are redistributed into BGP , and also adver tised to the external BGP neighbor router . VRF gree n has an i-BGP peering relationship to its neighbor as the neighb or ASN is the same (ASN 100). BGP routes lear ned from th[...]

  • Página 56

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 56 | Co n fig u re VRF-lite Static routes are conf igured. Each VRF instance is also conf igured with its own s tatic default route (via VRF shared) to allow each of them to access the intern et. Default routes are not able to be leaked dynamically via BGP betw een VRF instances as the BGP d[...]

  • Página 57

    CONFIGURE STATIC ROUTING CONFIGURE R OUTE MAPS Co n fi g u re VRF-lite | Page 57 Co n fig u ri n g a complex i n ter -VRF s ol u tio n denotes a static route to de stination network 192.168.45.0/24 which has a next hop of 192.168.100.2, which originates from VRF shared, which egresses VLAN5 in VRF shared. In this example each VRF instan ce red, gre[...]

  • Página 58

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 58 | Co n fig u re VRF-lite Complete show r un o u tp u t fr om VRF device is below awplus>ena awplus#sh run ! service password-encryption ! no banner motd ! username manager privilege 15 pas sword 8 $1$bJoVec4D$JwOJGPr7YqoE xA0GVasdE0 ! access-list standard blueBlock4344 deny 192.168.43.[...]

  • Página 59

    Co n fig u re VRF-lite | Page 59 Co n fig u ri n g a complex i n ter -VRF s ol u tio n ! ip vrf shared 5 rd 100:5 route-target import 100:1 route-target import 100:2 route-target import 100:3 route-target import 100:4 route-target export 100:5 ! ip vrf overlap 6 ! no ip multicast-routing ! spanning-tree mode rstp ! access-list hardware access43 per[...]

  • Página 60

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 60 | Co n fig u re VRF-lite switchport access vlan 4 access-group allow_to_self_40 access-group access43 access-group access44 access-group access45 access-group allow100_deny_private ! interface port1.0.6-1.0.7 switchport switchport mode access switchport access vlan 5 ! interface port1.0.8[...]

  • Página 61

    Co n fig u re VRF-lite | Page 61 Co n fig u ri n g a complex i n ter -VRF s ol u tio n interface vlan6 ip vrf forwarding overlap ip address 192.168.10.1/24 ! interface vlan7 ip vrf forwarding overlap ip address 192.168.50.1/24 ! router ospf 1 red network 192.168.10.0/24 area 0 redistribute bgp default-information originate ! router ospf 2 orange ne[...]

  • Página 62

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 62 | Co n fig u re VRF-lite ip route vrf orange 192.168.20.0/2 4 192.168.40.2 ip route vrf orange 192.168.140.0/ 24 192.168.40.2 ip route vrf shared 0.0.0.0/0 192. 168.100.254 ip route vrf shared 192.168.43.0/2 4 192.168.100.2 ip route vrf shared 192.168.44.0/2 4 192.168.100.2 ip route vrf s[...]

  • Página 63

    Co n fig u re VRF-lite | Page 63 Co n fig u ri n g a complex i n ter -VRF s ol u tio n [VRF: blue] S* 0.0.0.0/0 [1/0] via 192.168.10 0.254, vlan5 C 3.3.3.3/32 is directly connect ed, lo3 B 5.5.5.5/32 [20/0] is directly connected, lo5, 00:07:21 R 192.168.17.0/24 [120/2] via 19 2.168.30.2, vlan3, 00:06:48 R 192.168.18.0/24 [120/2] via 19 2.168.30.2, [...]

  • Página 64

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 64 | Co n fig u re VRF-lite Co n fig u rati o n file s for eac h ext er n al ro u ter u sed i n the topology a n d its associated ro u te table is belo w . No n e of the exte r n al r o u ters are VRF a ware. hostname Internet_router ! vlan database vlan 2 state enable ! interface port1.0.2 [...]

  • Página 65

    Co n fig u re VRF-lite | Page 65 Co n fig u ri n g a complex i n ter -VRF s ol u tio n hostname shared_router ! vlan database vlan 2-4 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface port1.0.4 switchport access vlan 4 ! interface vlan1 ip address 192.168.100.2/24 ! interface vla[...]

  • Página 66

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 66 | Co n fig u re VRF-lite hostname red_ospf_peer ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.10.2/24 ! interface vlan2 ip address 192.168.13.1/24 ! interface vlan3 i[...]

  • Página 67

    Co n fig u re VRF-lite | Page 67 Co n fig u ri n g a complex i n ter -VRF s ol u tio n hostname green_i_BGP_peer ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.20.2/24 ! interface vlan2 ip address 192.168.15.1/24 ! interface vla[...]

  • Página 68

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 68 | Co n fig u re VRF-lite hostname blue_rip_peer ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.30.2/24 ! interface vlan2 ip address 192.168.17.1/24 ! interface vlan3 i[...]

  • Página 69

    Co n fig u re VRF-lite | Page 69 Co n fig u ri n g a complex i n ter -VRF s ol u tio n hostname orange_router ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.40.2/24 ! interface vlan2 ip address 192.168.20.1/24 ! interface vlan3 [...]

  • Página 70

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 70 | Co n fig u re VRF-lite hostname orange_ospf_peer ! vlan database vlan 2 state enable ! interface port1.0.2 switchport access vlan 2 ! interface vlan1 ip address 192.168.40.3/24 ! interface vlan2 ip address 192.168.19.1/24 ! router ospf 1 ospf router-id 192.168.40.3 network 192.168.40.0/[...]

  • Página 71

    Co n fig u re VRF-lite | Page 71 VCStack a n d VRF-lite VCStack and VRF-lite The following example illustr ates how to conf igure VRF-lite in a VCStacked environment. x900 x610 DUT A stack member 1 Port1.0.1 1 VLAN 1 1 grey e-BGP peering VRF grey from x900 lo8 80.80.80.2 to DUT A lo8 8.8.8.1 via VLAN 15 Port2.0.10 VLAN 10 violet Port2.0.15 VLAN 15 [...]

  • Página 72

    VCStack a n d VRF-lite Page 72 | Co n fig u re VRF-lite Virt u al Chassis ID Also, the optional command stack vir t u al-chassis-id <val u e> specif ies the VCS vir tual chassis ID . If not configured, the stack will automaticall y sele ct a vir tual-chassis-id from a number within the assigned r ange 0-4095. The ID selected will determine wh[...]

  • Página 73

    Co n fig u re VRF-lite | Page 73 VCStack a n d VRF-lite ip address 11.11.11.1/24 ! interface vlan14 ip vrf forwarding violet ip address 192.168.14.1/24 ! interface vlan15 ip vrf forwarding grey ip address 192.168.15.1/24 ! router bgp 100 ! address-family ipv4 vrf violet redistribute connected neighbor 70.70.70.2 remote-as 300 neighbor 70.70.70.2 eb[...]

  • Página 74

    VCStack a n d VRF-lite Page 74 | Co n fig u re VRF-lite ! interface vlan14 ip vrf forwarding violet ip address 192.168.14.2/24 ! interface vlan15 ip vrf forwarding grey ip address 192.168.15.2/24 ! router bgp 300 ! address-family ipv4 vrf grey network 80.80.80.2/32 redistribute connected neighbor 8.8.8.1 remote-as 100 neighbor 8.8.8.1 ebgp-multihop[...]

  • Página 75

    Co n fig u re VRF-lite | Page 75 VCStack a n d VRF-lite Shari n g VRF r o u ti n g a n d do u ble taggi n g o n the same port In this scenario, both VRF-lite tr affic and doub le vlan tagged tr affic is transpor ted between the two x610 switches via a si ngle shared por t. The double tagging f eature (nested vlans) makes use of the ta g-in-tag tech[...]

  • Página 76

    VCStack a n d VRF-lite Page 76 | Co n fig u re VRF-lite Co n fig u rati o n s x610 A ip vrf red 1 ip vrf green 2  vlan database vlan 20 name nested vlan 11-12,20,111-112 state enabl e interface port1.0.5 switchport access vlan 111 interface port1.0.6 switchport access vlan 112 interface port1.0.12 switchport access vlan 20 switchport vlan-stacki[...]

  • Página 77

    Co n fig u re VRF-lite | Page 77 VCStack a n d VRF-lite interface port1.0.20 switchport mode trunk switchport trunk allowed vlan add 11- 12,20 switchport trunk native vlan none switchport vlan-stacking provider-por t interface vlan11 ip vrf forwarding red ip address 192.168.11.2/24 interface vlan12 ip vrf forwarding green ip address 192.168.12.2/24[...]

  • Página 78

    Dy n amic i n ter -VRF r o u ti n g betwe e n the global VRF domai n a n d a VRF i n sta n ce Page 78 | Co n fig u re VRF-lite Dynamic inter -VRF routing betw een the global VRF domain and a VRF instance This section contains tw o configuration examp les. Both examples show ho w to configure dynamic inter -VRF routing via BGP between th e default g[...]

  • Página 79

    Co n fig u re VRF-lite | Page 79 Dy n amic i n ter -VRF ro u ti n g bet wee n the global VRF domai n a n d a VRF i n sta n ce For both these examples all BGP neighbor rela tionships in volv e peer ing between IP local addresses, not to VLAN interface IP addresses within the same subnet. BGP co n fig u ratio n tips The following BGP configuratio n t[...]

  • Página 80

    Dy n amic i n ter -VRF r o u ti n g betwe e n the global VRF domai n a n d a VRF i n sta n ce Page 80 | Co n fig u re VRF-lite The global par ameter in the command n eighbor x.x.x.x r emote-as <64515> global is required to facilitate an e-BGP peer ing to the global VRF domain from VRF red. Conv er sely , the target vrf- n ame in the command n[...]

  • Página 81

    Co n fig u re VRF-lite | Page 81 Dy n amic i n ter -VRF ro u ti n g bet wee n the global VRF domai n a n d a VRF i n sta n ce Dy n amic i n ter -VRF comm un icatio n with i-BGP r o u ti n g to exter n al peer VRF device access-list standard redblock4445 deny 192.168.44.0/24 access-list standard redblock4445 deny 192.168.45.0/24 access-list standard[...]

  • Página 82

    Dy n amic i n ter -VRF r o u ti n g betwe e n the global VRF domai n a n d a VRF i n sta n ce Page 82 | Co n fig u re VRF-lite red router vlan database vlan 2-3 state enable ! interface port1.0.13 switchport access vlan 2 ! interface port1.0.14 switchport access vlan 3 ! interface lo ip address 7.7.7.7/32 ! interface vlan1 ip address 192.168.10.2/2[...]

  • Página 83

    Co n fig u re VRF-lite | Page 83 Dy n amic i n ter -VRF ro u ti n g bet wee n the global VRF domai n a n d a VRF i n sta n ce redistribute connected redistribute static neighbor 2.2.2.2 remote-as 64512 vrf r ed neighbor 2.2.2.2 local-as 64515 neighbor 2.2.2.2 update-source 1.1.1.1 neighbor 2.2.2.2 route-map 43 out ! address-family ipv4 vrf red redi[...]

  • Página 84

    Ro u te Limits Page 84 | Co n fig u re VRF-lite Route Limits In multi-VRF netw or k environment, it may be di sastrous if one VRF injects too man y routes and fills up the hardware f orwarding table (FIB ) on a device which can aff ect other VRFs (as well as the global VRF). In software v er sion 5.4.2 and later , it is possible to mitigate this ri[...]

  • Página 85

    Co n fig u re VRF-lite | Page 85 Ro u te Limits Co n fig u ri n g Dy n amic ro u te limits A W+ suppor ts the ability to limit dyna mic ro utes via the max-fib-r o u tes command in the global VRF domain, which is unlimited by defaul t. This same A W+ command is no w also able to be applied on a per VRF basis. max-fi b-routes Descr iption Use the co[...]

  • Página 86

    Ro u te Limits Page 86 | Co n fig u re VRF-lite awplus(config)# ip vrf red awplus(config-vrf)# max-fib-routes 2000 75 Alter nativ ely , to ensure a war ning message is genera ted when the n umber of routes exceeds the limit (whilst ensuring routes exceeding the limit can still b e added), conf igure the following: awplus(config)# ip vrf red awplus([...]

  • Página 87

    Co n fig u re VRF-lite | Page 87 VRF-lite u sage g u ideli n es VRF-lite usage guidelines The gener al guideline is that all cur rent ser vic es remain a vailable in the default global VRF domain only , unless the ser vice is either explic itly VRF aware, or the ser vice r uns completely independently of VRF and th erefore has no requirement to be [...]

  • Página 88

    Usef u l VRF-r elated diag n ostics comma n d list Page 88 | Co n fig u re VRF-lite Useful VRF-related diagnostics command list Below is a summar y list of diagnostics comman ds that y ou may find helpful when troubleshooting VRF-related issues . Many exi sting commands ha ve been made VRF aw are and some are included below . Please refer to the so[...]

  • Página 89

    Co n fig u re VRF-lite | Page 89 Usef u l VRF-r elated diag n osti cs comma n d list connected Connected database IP routing table database global Global Routing/Forwarding table ospf Open Shortest Path First (OSPF) rip Routing Information Proto col (RIP) static Static routes summary Summary of all routes vrf Display routes from a VRF instance | Ou[...]

  • Página 90

    Usef u l VRF-r elated diag n ostics comma n d list Page 90 | Co n fig u re VRF-lite awplus#sh ip ospf interface  awplus#sh ip ospf ? <0-65535> Process ID numbe r border-routers Border and Bound ary Router Information database Database summary interface Interface inform ation neighbor Neighbor list route OSPF routing tab le virtual-links Vi[...]

  • Página 91

    C613-16164-00 REV E awplus#show ip bgp vrf <name> ? A.B.C.D IP prefix <netw ork>, e.g., 35.0.0.0 A.B.C.D/M IP prefix <netw ork>/<length>, e.g., 35.0.0.0/8 cidr-only Display only ro utes with non-natural netmasks community Display routes matching the communities community-list Display routes matching the community-list dampen[...]