Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/clients/client0/web23/web/includes/pages/manual_inc.php on line 26
Allied Telesis C613-16164-00 REV E manuale d’uso - BKManuals

Allied Telesis C613-16164-00 REV E manuale d’uso

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

Vai alla pagina of

Un buon manuale d’uso

Le regole impongono al rivenditore l'obbligo di fornire all'acquirente, insieme alle merci, il manuale d’uso Allied Telesis C613-16164-00 REV E. La mancanza del manuale d’uso o le informazioni errate fornite al consumatore sono la base di una denuncia in caso di inosservanza del dispositivo con il contratto. Secondo la legge, l’inclusione del manuale d’uso in una forma diversa da quella cartacea è permessa, che viene spesso utilizzato recentemente, includendo una forma grafica o elettronica Allied Telesis C613-16164-00 REV E o video didattici per gli utenti. La condizione è il suo carattere leggibile e comprensibile.

Che cosa è il manuale d’uso?

La parola deriva dal latino "instructio", cioè organizzare. Così, il manuale d’uso Allied Telesis C613-16164-00 REV E descrive le fasi del procedimento. Lo scopo del manuale d’uso è istruire, facilitare lo avviamento, l'uso di attrezzature o l’esecuzione di determinate azioni. Il manuale è una raccolta di informazioni sull'oggetto/servizio, un suggerimento.

Purtroppo, pochi utenti prendono il tempo di leggere il manuale d’uso, e un buono manuale non solo permette di conoscere una serie di funzionalità aggiuntive del dispositivo acquistato, ma anche evitare la maggioranza dei guasti.

Quindi cosa dovrebbe contenere il manuale perfetto?

Innanzitutto, il manuale d’uso Allied Telesis C613-16164-00 REV E dovrebbe contenere:
- informazioni sui dati tecnici del dispositivo Allied Telesis C613-16164-00 REV E
- nome del fabbricante e anno di fabbricazione Allied Telesis C613-16164-00 REV E
- istruzioni per l'uso, la regolazione e la manutenzione delle attrezzature Allied Telesis C613-16164-00 REV E
- segnaletica di sicurezza e certificati che confermano la conformità con le norme pertinenti

Perché non leggiamo i manuali d’uso?

Generalmente questo è dovuto alla mancanza di tempo e certezza per quanto riguarda la funzionalità specifica delle attrezzature acquistate. Purtroppo, la connessione e l’avvio Allied Telesis C613-16164-00 REV E non sono sufficienti. Questo manuale contiene una serie di linee guida per funzionalità specifiche, la sicurezza, metodi di manutenzione (anche i mezzi che dovrebbero essere usati), eventuali difetti Allied Telesis C613-16164-00 REV E e modi per risolvere i problemi più comuni durante l'uso. Infine, il manuale contiene le coordinate del servizio Allied Telesis in assenza dell'efficacia delle soluzioni proposte. Attualmente, i manuali d’uso sotto forma di animazioni interessanti e video didattici che sono migliori che la brochure suscitano un interesse considerevole. Questo tipo di manuale permette all'utente di visualizzare tutto il video didattico senza saltare le specifiche e complicate descrizioni tecniche Allied Telesis C613-16164-00 REV E, come nel caso della versione cartacea.

Perché leggere il manuale d’uso?

Prima di tutto, contiene la risposta sulla struttura, le possibilità del dispositivo Allied Telesis C613-16164-00 REV E, l'uso di vari accessori ed una serie di informazioni per sfruttare totalmente tutte le caratteristiche e servizi.

Dopo l'acquisto di successo di attrezzature/dispositivo, prendere un momento per familiarizzare con tutte le parti del manuale d'uso Allied Telesis C613-16164-00 REV E. Attualmente, sono preparati con cura e tradotti per essere comprensibili non solo per gli utenti, ma per svolgere la loro funzione di base di informazioni e di aiuto.

Sommario del manuale d’uso

  • Pagina 1

    Te c h n i c a l G u i d e alliedtelesis .com x How T o | C613-16164-00 REV E Introduction In IP-based networ ks, VRF stands for Vir tual Ro uting and Forwarding. Th is technology allo ws multiple routing domains to co-exist within the same dev ice at the same time. As the routing domains are independent, ov er lapping IP addre sses can be used wit[...]

  • Pagina 2

    I n tr od u ctio n Page 2 | Co n fig u re VRF-lite Who sho u ld r ead this doc u me n t? This document is aimed at advanced networ k engineer s. Which pr od u cts a n d softwar e v ersio n does it a pply to? The information provided in this document applies to:  SwitchBlade A T -x908 and A T -x900 series sw itches r unning 5.4.1 and above.  x[...]

  • Pagina 3

    Co n fig u re VRF-lite | Page 3 I n trod u ctio n Co nt e nt s Introduction ....... ............... ................. ................. ............... ................. .............. ............... ............ ................. ............... ............ 1 What is VRF-lite? ............ ................. .............. ................. .....[...]

  • Pagina 4

    Glossar y Page 4 | Co n fig u re VRF-lite Glossar y ACRON YM DESCRIPTION AS Autonomous System AC L Access Control List BGP Border Gatewa y Protocol FIB Forwarding Information Base MPLS Multi-Protocol Label S witching OSPF Open Shor test P ath Fir st RIP Routing Information Protocol VPN Vir tual Pr ivate Network VR Vir tual Router VRF Vir tual Routi[...]

  • Pagina 5

    Co n fig u re VRF-lite | Page 5 U n dersta n di n g VRF-lite Under standing VRF-lite The pur pose of VRF is to enable separate IP net w or ks, possibly using o ver lapping IP addresses, to share the same links and router s. IP traffic is constr ained to a set of separ ate IP Vir tual Private Networ ks (VPNs). These VPNs provide a s ecure way f or a[...]

  • Pagina 6

    U n dersta n di n g VRF-lite Page 6 | Co n fig u re VRF-lite VRF-lite sec u rit y d o ma i n s VRF-lite provides networ k isolation on a single device at Lay er 3. Each VRF domain can use the same or ov er lapping networ k addresses, as they hav e independent routing tables. This separation of the routing tables pre vents communi cation to La yer 3[...]

  • Pagina 7

    awplus(config)#arp ? A.B.C.D IP address of the A RP entry log Arp log vrf VRF instance awplus(config)#arp vrf <name> ? A.B.C.D IP address of the A RP entry Co n fi g u re VRF-lite | Page 7 U n dersta n di n g VRF-lite When a Lay er 3 interface is mov ed to a VRF inst ance from the default global VRF domain, or when a Lay er 3 interface is mov[...]

  • Pagina 8

    U n dersta n di n g VRF-lite Page 8 | Co n fig u re VRF-lite I n ter -VRF comm un icatio n Whilst the pr ime purpose of VRF-lite is to ke ep routing domains separ ate from each other , there are cases where y ou do want some comm unication betw een VRFs. Internal Co m pany Network VRF red (Wi-Fi) VRF green (company) VRF shared Internet Wi-F i acces[...]

  • Pagina 9

    Co n fig u re VRF-lite | Page 9 U n dersta n di n g VRF-lite Static a n d dy n amic i n ter -VRF r o u ti n g As mentioned abo ve, "Inter -VRF commu nication" on page 8 , in some circumstances it is required to (selec tivel y ) allow traffic between two interfaces that are not in the same VRF . This will be useful if there is common ne tw[...]

  • Pagina 10

    U n dersta n di n g VRF-lite Page 10 | Co n fig u re VRF-lite VRF-lite feat u res i n AW + Here is a summar y of the features pro v ide d by the A W+ VRF-lite i mplementation:  Multiple independent routing table instances may co-exist within the same device . The same or ov er lapping IP addresses can be pres ent in diff erent route table instan[...]

  • Pagina 11

    Co n fig u re VRF-lite | Page 11 U n dersta n di n g VRF-lite Ro u te limiti n g per VRF i n sta n ce In a multi-VRF network environment, it may be problematic if one VRF injects too many routes and fills up the hardware f orwarding ta bl e (FIB) on the device, which can affect other VRFs as well as the global VRF . For more information see "R[...]

  • Pagina 12

    U n dersta n di n g VRF-lite Page 12 | Co n fig u re VRF-lite  T elnet client awplus#telnet ? WORD IPv4/IPv6 address or hostname of a remote system ip IP telnet ipv6 IPv6 telnet vrf VRF instance awplus#telnet vrf <name> ? WORD IPv4 address or ho stname of a remote system ip IP telnet awplus#telnet vrf <name> i p x.x.x.x  SSH clien[...]

  • Pagina 13

    Co n fig u re VRF-lite | Page 13 Co n fig u ri n g VRF-lite Configur ing VRF-lite The follo wing section describes the gener ic commands used to conf igure VRF-lite .  CONFIGURING A CLS PURPOSE Step 1 Enter Global Configuration mode . Step 2 Optional. This command configures a standard named access-control -list (A CL). Matching networ ks (route[...]

  • Pagina 14

    Co n fig u ri n g VRF-lite Page 14 | Co n fig u re VRF-lite CONFIGURING VLANS AND VLAN DATABASE PURPOSE Step 1 awplus(config)# vlan database VLANs are created in the VLAN database , and por ts are assigned to relevant VLANs. Step 2 awplus(config-vlan)# vlan x state enable Step 3 awplus(config-vlan)# exit Step 4 awplus(config)# interface portx.x.x S[...]

  • Pagina 15

    Co n fig u re VRF-lite | Page 15 Co n fig u ri n g VRF-lite DYNAMIC ROUTING PROTOCOL - RIP ADDR ESS-FAMILY PURPOSE Step 1 awplus(config)# router rip Optional. Enter rout er configur ation mode for RIP . Step 2 awplus(config-router)# address-family ipv4 vrf <vrf-name> Associate a RIP address-family with a specific VRF instance . Step 3 awplus([...]

  • Pagina 16

    Co n fig u ri n g VRF-lite Page 16 | Co n fig u re VRF-lite STATIC R OUTES PURPOSE Step 1 awplus(config)# ip route vrf <name> <network> {<gateway> <interface>| <interface>} Optional. T o add a static route into the Routing table for a VRF instan ce. This can be a route pointing exter nall y to a nexthop reachable via a[...]

  • Pagina 17

    Co n fig u re VRF-lite | Page 17 Co n fig u ri n g VRF-lite Static i n ter -VRF r o u ti n g Static inter -VRF routing involv es creating static routes in one VRF instance whose egress VLAN is in a different egress VLAN. These stat ic routes must specify both the egress VLAN and next hop IP address. 192.168. 1.0 /24 192.168. 20.0 /24 192.168. 20.0 [...]

  • Pagina 18

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 18 | Co n fig u re VRF-lite Dynamic inter -VRF comm unication explained The foll owin g section expl ains how VRF routing domain isolati on is maintained, and how routes that exist in one VRF instance are leaked to another VRF instance via BGP . Only B GP can be used to dynamically leak rout [...]

  • Pagina 19

    Co n fig u re VRF-lite | Page 19 Dy n amic i n ter -VRF comm un icatio n explai n ed The command re dis tr ib u te <pr otocol> can be configured in an OSPF instance, BGP address-family , or RIP address-fam ily . Via this command, routes are impor ted from the FIB associated with the VRF instance into the dynamic routing protocol table. Any ro[...]

  • Pagina 20

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 20 | Co n fig u re VRF-lite I n ter -VRF comm un icatio n via BGP Dynamic inter -VRF route leakage is achieved by making copies of BGP routes that exist in one BGP address-family associated with one VRF instance , to another BGP address-family associated with a different VRF instance. VRF Dev[...]

  • Pagina 21

    Co n fig u re VRF-lite | Page 21 Dy n amic i n ter -VRF comm un icatio n explai n ed Usi n g the r o u te-target comma n d When BGP is used for inter - VRF comm unication, dynamic route leakage of BGP routes from one VRF instance to anothe r is achieved via the VRF ro u te-target command. There are three var iations of the route-tar get command: 1.[...]

  • Pagina 22

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 22 | Co n fig u re VRF-lite The follo wing three examples demonstrate how the ro u te-target command facili tates inter - VRF commu nication: 1. If VRF red conf iguration includes: ip vrf red rd 100:1 route-target export 100:1 And if VRF red initially has routes to networ ks 10 .0.0.0/24, 20.[...]

  • Pagina 23

    Co n fig u re VRF-lite | Page 23 Dy n amic i n ter -VRF comm un icatio n explai n ed 3. If VRF red conf igur ation includes*: ip vrf red rd 100:1 route-target export 100:1 route-target export 100:2 route-target export 100:3 route-target export 100:4 route-target import 100:5 route-target import 100:6 And if VRF red initiall y has routes to netw or [...]

  • Pagina 24

    Dy n amic i n ter -VRF comm un icatio n explai n ed Page 24 | Co n fig u re VRF-lite How VRF-lite sec u rit y i s m ai n tai n ed Incidentally , only the or iginal routes can be co pied from one VRF to another . Copied routes cannot be subsequently copied to another VRF , to ensure VRF securi ty domains ar e enforced. For example: VRFred----VRFshar[...]

  • Pagina 25

    Co n fig u re VRF-lite | Page 25 Simple VRF-lite co n fig u ratio n examples Simple VRF-lite configur ation examples The follo wing section contains simple configuratio n examples to explain the basics of V RF-lite configur ation used in conjunction with a var iety of routing protocols. Fir stly , alwa ys create a clear VRF communicatio n plan. Thi[...]

  • Pagina 26

    Simple VRF-lite co n fig u ratio n examples Page 26 | Co n fig u re VRF-lite !  interface vlan12 ip vrf forwarding red ip address 10.2.2.1/24 ! interface vlan13 ip vrf forwarding green ip address 10.1.1.1/24 ! interface vlan14 ip vrf forwarding green ip address 10.2.2.1/16 ! router ospf 1 red network 10.1.1.0/24 area 0 network 10.2.2.0/24 area 0[...]

  • Pagina 27

    Co n fig u re VRF-lite | Page 27 Simple VRF-lite co n fig u ratio n examples VRFs accessi n g a shared n etw o rk. A n example of static i n ter -VRF ro u ti n g The par tial configuration example belo w shows the key compon ents required to suppor t static inter -VRF routing. 100.100.100.0/24 - Inter VRF (IVR) co mm unications via static IVR route[...]

  • Pagina 28

    Simple VRF-lite co n fig u ratio n examples Page 28 | Co n fig u re VRF-lite Dy n amic i n ter -VRF comm un icatio n with RIP r o u ti n g to exter n al peers The par tial configur ation example below sho ws the key components required to suppor t dynamic inter -VRF communication betw een tw o VR F instances using BGP , with RIP routing to exter na[...]

  • Pagina 29

    Co n fig u re VRF-lite | Page 29 Simple VRF-lite co n fig u ratio n examples Dy n amic i n ter -VRF comm un icatio n with BGP r o u ti n g to exter n al peers The par tial configuration example belo w shows the key compon ents required to suppor t dynamic inter -VRF communication using BGP , with BGP routing to exter nal peer s. ... ! ip vrf red rd[...]

  • Pagina 30

    Simple VRF-lite co n fig u ratio n examples Page 30 | Co n fig u re VRF-lite Dy n amic i n ter -VRF comm un icatio n with OSPF r o u ti n g to exter n al peers The complete configuration example below sho w s the key components required to suppor t dynamic inter -VRF commun ication using BGP , with OSPF routing to exter nal peer s. red router 192.1[...]

  • Pagina 31

    Co n fig u re VRF-lite | Page 31 Simple VRF-lite co n fig u ratio n examples ! access-list standard greenBlock3334 de ny 192.168.33.0/24 access-list standard greenBlock3334 de ny 192.168.34.0/24 access-list standard greenBlock3334 pe rmit any access-list standard redBlock3435 deny 192.168.34.0/24 access-list standard redBlock3435 deny 192.168.35.0/[...]

  • Pagina 32

    Simple VRF-lite co n fig u ratio n examples Page 32 | Co n fig u re VRF-lite interface vlan1 ip vrf forwarding red ip address 192.168.10.1/24 ! interface vlan2 ip vrf forwarding green ip address 192.168.20.1/24 ! interface vlan3 ip vrf forwarding shared ip address 192.168.30.1/24 ! router ospf 1 red network 192.168.10.0/24 area 0 redistribute bgp ![...]

  • Pagina 33

    Co n fig u re VRF-lite | Page 33 I n ter -VRF co n fig u ratio n examples with I n ter n et access Inter -VRF configur ation examples with Inter net access The follo wing three complete examples are usin g a similar topology , how ever , each example inv olves a diff erent communication plan and a var iety of routing protocols. All of the follo win[...]

  • Pagina 34

    I n ter -VRF co n fig u ratio n examples with I n ter n et acce ss Page 34 | Co n fig u re VRF-lite Co n fig u rati o n ! ip vrf remote1 1 ! ip vrf remote2 2 ! ip vrf shared3 3 ! ip vrf office4 4 ! vlan database vlan 10 name remote1_a vlan 11 name remote1_b vlan 12 name remote1_c vlan 13 name remote1_d vlan 20 name remote2_a vlan 90 name remote1_e [...]

  • Pagina 35

    Co n fig u re VRF-lite | Page 35 I n ter -VRF co n fig u ratio n examples with I n ter n et access ! interface vlan13 ip vrf forwarding remote1 ip address 13.0.0.1/8 ! interface vlan20 ip vrf forwarding remote2 ip address 10.0.0.1/8 ! interface vlan90 ip vrf forwarding remote1 ip address 14.0.0.1/8 ! interface vlan100 ip vrf forwarding shared3 ip a[...]

  • Pagina 36

    I n ter -VRF co n fi g u ratio n examples with I n ter n et acce ss Page 36 | Co n fig u re VRF-lite Example B Internet Intranet re m ote 1 VRF 1 Intranet 1 static route Intranet re m ote2 Internet de f ault route VRF2 RIP Intranet route VRF4 RIP route Internet Router Private to public NA T Router Private to public NA T Internet de f ault route VRF[...]

  • Pagina 37

    Co n fig u re VRF-lite | Page 37 I n ter -VRF co n fig u ratio n examples with I n ter n et access Co n fig u ratio n ! access-list standard deny_overlap deny 10.0.0.0/8 access-list standard deny_overlap perm it any ! ip vrf remote1 1 rd 100:1 route-target export 100:1 route-target import 100:3 export map block10 ! ip vrf remote2 2 rd 100:2 route-t[...]

  • Pagina 38

    I n ter -VRF co n fig u ratio n examples with I n ter n et acce ss Page 38 | Co n fig u re VRF-lite ! interface port1.0.6-1.0.26 switchport switchport mode access ! interface vlan10 ip vrf forwarding remote1 ip address 10.0.0.1/8 ! interface vlan11 ip vrf forwarding remote1 ip address 11.0.0.1/8 ! interface vlan12 ip vrf forwarding remote1 ip addre[...]

  • Pagina 39

    Co n fig u re VRF-lite | Page 39 I n ter -VRF co n fig u ratio n examples with I n ter n et access ! address-family ipv4 vrf remote2 redistribute connected exit-address-family ! address-family ipv4 vrf shared3 redistribute connected exit-address-family ! ip route vrf remote1 0.0.0.0/0 10.0.0. 2 ip route vrf shared3 0.0.0.0/0 30.0.0. 2 ip route vrf [...]

  • Pagina 40

    I n ter -VRF co n fi g u ratio n examples with I n ter n et acce ss Page 40 | Co n fig u re VRF-lite Example C Intranet re m ote 1 VRF 1 Intranet 1 static route Intranet re m ote2 Internet de f ault route VRF2 RIP Intranet route VRF4 RIP route Internet Router Private to public NA T VRF 1 re m ote 1 VLAN 1 0 re m ote 1 _a VLAN 11 re m ote 1 _b VLAN [...]

  • Pagina 41

    Co n fig u re VRF-lite | Page 41 I n ter -VRF co n fig u ratio n examples with I n ter n et access Co n fig u ratio n ! access-list standard deny_overlap deny 10.0.0.0/8 access-list standard deny_overlap perm it any ! ip vrf remote1 1 rd 100:1 route-target export 100:1 route-target import 100:3 export map block10 ! ip vrf remote2 2 rd 100:2 route-t[...]

  • Pagina 42

    I n ter -VRF co n fig u ratio n examples with I n ter n et acce ss Page 42 | Co n fig u re VRF-lite ! interface port1.0.4 switchport switchport mode trunk switchport trunk allowed vlan add 200 ! interface port1.0.5 switchport switchport mode access switchport access vlan 100 ! interface port1.0.6-1.0.26 switchport switchport mode access ! interface[...]

  • Pagina 43

    Co n fig u re VRF-lite | Page 43 I n ter -VRF co n fig u ratio n examples with I n ter n et access exit-address-family ! address-family ipv4 vrf office4 network vlan200 exit-address-family ! router bgp 100 address-family ipv4 vrf remote1 redistribute connected exit-address-family ! address-family ipv4 vrf remote2 redistribute connected exit-address[...]

  • Pagina 44

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 44 | Co n fig u re VRF-lite Configur ing a complex inter -VRF solution A networ k compr ising of mu ltiple devices that demonstrates inter -VRF routing. A variety of routing protocols are used in this example . Netw ork descr iptio n VRF ov erlap L06=6.6.6.6 VRF red L01=1.1.1.1 OSPF-1 VRF gr[...]

  • Pagina 45

    Co n fig u re VRF-lite | Page 45 Co n fig u ri n g a complex i n ter -VRF s ol u tio n VRF comm un icatio n pla n  VRF shared can a ccess all VRF s red, green, b lue and orange (excluding VRF ov er lap).  VRFs red, green, blue , and orange are only ab le to access VRF shared. They cannot access each other in this example.  VRF ov er lap re[...]

  • Pagina 46

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 46 | Co n fig u re VRF-lite Co n fig u ratio n br eakdow n When configuring a c omplex inter -VFR awar e device, such as in our example , the configuration order is impor tant. W e ha ve pro vided a breakdown before each step to explain the key points y ou will need to consider . CONFIGURE S[...]

  • Pagina 47

    Co n fig u re VRF-lite | Page 47 Co n fig u ri n g a complex i n ter -VRF s ol u tio n Local interfaces can be utili sed b y a number of protocols for various pur poses. They can be used as a reliable address via wh ich to access a device - an address that is alwa ys accessib le , irrespective of th e link status of an y individual exte r nal in te[...]

  • Pagina 48

    CONFIGURE VRFS Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 48 | Co n fig u re VRF-lite awplus(config)#ip vrf red 1 awplus(config-vrf)#rd 100:1 awplus(config-vrf)#route-target export 100:1 awplus(config-vrf)#route-target import 100:5 awplus(config-vrf)#import map red43 awplus(config-vrf)#exit awplus(config)#ip vrf green 2 awplus(config[...]

  • Pagina 49

    Co n fig u re VRF-lite | Page 49 Co n fig u ri n g a complex i n ter -VRF s ol u tio n Configure the hardware A CLs The command access-list hardware < n ame> creates the hardware access list. The access list is associated with individual switch por ts as an access-group . Each a ccess group contains one or more filter s, which filter source t[...]

  • Pagina 50

    CONFIGURE HARD WARE A CLS Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 50 | Co n fig u re VRF-lite Configure the VLANs VLANs are created i n the VLAN database, an d por ts are assigned to relevant VLANs. The access lists are assigned in order to the individual switch por ts as access groups. The order in which the access groups are att[...]

  • Pagina 51

    Co n fig u re VRF-lite | Page 51 Co n fig u ri n g a complex i n ter -VRF s ol u tio n The third access group allow100_den y_pr ivat e per mits VRF red to access shared VRF network 192.168.100.0/24. Subsequently traffi c to all netw or ks within the 192.168 .0.0/16 address ranges is denied. The order of f ilter ing is: 1. Allow access to the subnet[...]

  • Pagina 52

    CONFIGURE IP ADDR ESSES awplus(config-if)#exit [cont...] Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 52 | Co n fig u re VRF-lite Configure the IP addresses An IP address is allocated t o each Local interface . Also, VLANs are as sociated with each VRF inst ance. Each VRF instance can contain m ultiple VL A Ns . A V LA N ca nn o t b e [...]

  • Pagina 53

    Co n fig u re VRF-lite | Page 53 Co n fig u ri n g a complex i n ter -VRF s ol u tio n awplus(config)#interface vlan1 awplus(config-if)#ip vrf forwarding red awplus(config-if)#ip address 192.168.10.1/24 awplus(config)#interface vlan2 awplus(config-if)#ip vrf forwarding green awplus(config-if)#ip address 192.168.20.1/24 awplus(config-if)#exit awplus[...]

  • Pagina 54

    CONFIGURE DYNAMIC R OUTING Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 54 | Co n fig u re VRF-lite Configure routing Dynamic routing protocols are conf igured as required and associated with each VRF . OSPF instance 1 is associated with VRF red. OS PF instance 2 is associated with VRF orange . RIP and BGP use address-families as the e[...]

  • Pagina 55

    Co n fig u re VRF-lite | Page 55 Co n fig u ri n g a complex i n ter -VRF s ol u tio n Connected routes associated with VRF green are redistributed into BGP , and also adver tised to the external BGP neighbor router . VRF gree n has an i-BGP peering relationship to its neighbor as the neighb or ASN is the same (ASN 100). BGP routes lear ned from th[...]

  • Pagina 56

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 56 | Co n fig u re VRF-lite Static routes are conf igured. Each VRF instance is also conf igured with its own s tatic default route (via VRF shared) to allow each of them to access the intern et. Default routes are not able to be leaked dynamically via BGP betw een VRF instances as the BGP d[...]

  • Pagina 57

    CONFIGURE STATIC ROUTING CONFIGURE R OUTE MAPS Co n fi g u re VRF-lite | Page 57 Co n fig u ri n g a complex i n ter -VRF s ol u tio n denotes a static route to de stination network 192.168.45.0/24 which has a next hop of 192.168.100.2, which originates from VRF shared, which egresses VLAN5 in VRF shared. In this example each VRF instan ce red, gre[...]

  • Pagina 58

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 58 | Co n fig u re VRF-lite Complete show r un o u tp u t fr om VRF device is below awplus>ena awplus#sh run ! service password-encryption ! no banner motd ! username manager privilege 15 pas sword 8 $1$bJoVec4D$JwOJGPr7YqoE xA0GVasdE0 ! access-list standard blueBlock4344 deny 192.168.43.[...]

  • Pagina 59

    Co n fig u re VRF-lite | Page 59 Co n fig u ri n g a complex i n ter -VRF s ol u tio n ! ip vrf shared 5 rd 100:5 route-target import 100:1 route-target import 100:2 route-target import 100:3 route-target import 100:4 route-target export 100:5 ! ip vrf overlap 6 ! no ip multicast-routing ! spanning-tree mode rstp ! access-list hardware access43 per[...]

  • Pagina 60

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 60 | Co n fig u re VRF-lite switchport access vlan 4 access-group allow_to_self_40 access-group access43 access-group access44 access-group access45 access-group allow100_deny_private ! interface port1.0.6-1.0.7 switchport switchport mode access switchport access vlan 5 ! interface port1.0.8[...]

  • Pagina 61

    Co n fig u re VRF-lite | Page 61 Co n fig u ri n g a complex i n ter -VRF s ol u tio n interface vlan6 ip vrf forwarding overlap ip address 192.168.10.1/24 ! interface vlan7 ip vrf forwarding overlap ip address 192.168.50.1/24 ! router ospf 1 red network 192.168.10.0/24 area 0 redistribute bgp default-information originate ! router ospf 2 orange ne[...]

  • Pagina 62

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 62 | Co n fig u re VRF-lite ip route vrf orange 192.168.20.0/2 4 192.168.40.2 ip route vrf orange 192.168.140.0/ 24 192.168.40.2 ip route vrf shared 0.0.0.0/0 192. 168.100.254 ip route vrf shared 192.168.43.0/2 4 192.168.100.2 ip route vrf shared 192.168.44.0/2 4 192.168.100.2 ip route vrf s[...]

  • Pagina 63

    Co n fig u re VRF-lite | Page 63 Co n fig u ri n g a complex i n ter -VRF s ol u tio n [VRF: blue] S* 0.0.0.0/0 [1/0] via 192.168.10 0.254, vlan5 C 3.3.3.3/32 is directly connect ed, lo3 B 5.5.5.5/32 [20/0] is directly connected, lo5, 00:07:21 R 192.168.17.0/24 [120/2] via 19 2.168.30.2, vlan3, 00:06:48 R 192.168.18.0/24 [120/2] via 19 2.168.30.2, [...]

  • Pagina 64

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 64 | Co n fig u re VRF-lite Co n fig u rati o n file s for eac h ext er n al ro u ter u sed i n the topology a n d its associated ro u te table is belo w . No n e of the exte r n al r o u ters are VRF a ware. hostname Internet_router ! vlan database vlan 2 state enable ! interface port1.0.2 [...]

  • Pagina 65

    Co n fig u re VRF-lite | Page 65 Co n fig u ri n g a complex i n ter -VRF s ol u tio n hostname shared_router ! vlan database vlan 2-4 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface port1.0.4 switchport access vlan 4 ! interface vlan1 ip address 192.168.100.2/24 ! interface vla[...]

  • Pagina 66

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 66 | Co n fig u re VRF-lite hostname red_ospf_peer ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.10.2/24 ! interface vlan2 ip address 192.168.13.1/24 ! interface vlan3 i[...]

  • Pagina 67

    Co n fig u re VRF-lite | Page 67 Co n fig u ri n g a complex i n ter -VRF s ol u tio n hostname green_i_BGP_peer ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.20.2/24 ! interface vlan2 ip address 192.168.15.1/24 ! interface vla[...]

  • Pagina 68

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 68 | Co n fig u re VRF-lite hostname blue_rip_peer ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.30.2/24 ! interface vlan2 ip address 192.168.17.1/24 ! interface vlan3 i[...]

  • Pagina 69

    Co n fig u re VRF-lite | Page 69 Co n fig u ri n g a complex i n ter -VRF s ol u tio n hostname orange_router ! vlan database vlan 2-3 state enable ! interface port1.0.2 switchport access vlan 2 ! interface port1.0.3 switchport access vlan 3 ! interface vlan1 ip address 192.168.40.2/24 ! interface vlan2 ip address 192.168.20.1/24 ! interface vlan3 [...]

  • Pagina 70

    Co n fig u ri n g a complex i n ter -VRF sol u tio n Page 70 | Co n fig u re VRF-lite hostname orange_ospf_peer ! vlan database vlan 2 state enable ! interface port1.0.2 switchport access vlan 2 ! interface vlan1 ip address 192.168.40.3/24 ! interface vlan2 ip address 192.168.19.1/24 ! router ospf 1 ospf router-id 192.168.40.3 network 192.168.40.0/[...]

  • Pagina 71

    Co n fig u re VRF-lite | Page 71 VCStack a n d VRF-lite VCStack and VRF-lite The following example illustr ates how to conf igure VRF-lite in a VCStacked environment. x900 x610 DUT A stack member 1 Port1.0.1 1 VLAN 1 1 grey e-BGP peering VRF grey from x900 lo8 80.80.80.2 to DUT A lo8 8.8.8.1 via VLAN 15 Port2.0.10 VLAN 10 violet Port2.0.15 VLAN 15 [...]

  • Pagina 72

    VCStack a n d VRF-lite Page 72 | Co n fig u re VRF-lite Virt u al Chassis ID Also, the optional command stack vir t u al-chassis-id <val u e> specif ies the VCS vir tual chassis ID . If not configured, the stack will automaticall y sele ct a vir tual-chassis-id from a number within the assigned r ange 0-4095. The ID selected will determine wh[...]

  • Pagina 73

    Co n fig u re VRF-lite | Page 73 VCStack a n d VRF-lite ip address 11.11.11.1/24 ! interface vlan14 ip vrf forwarding violet ip address 192.168.14.1/24 ! interface vlan15 ip vrf forwarding grey ip address 192.168.15.1/24 ! router bgp 100 ! address-family ipv4 vrf violet redistribute connected neighbor 70.70.70.2 remote-as 300 neighbor 70.70.70.2 eb[...]

  • Pagina 74

    VCStack a n d VRF-lite Page 74 | Co n fig u re VRF-lite ! interface vlan14 ip vrf forwarding violet ip address 192.168.14.2/24 ! interface vlan15 ip vrf forwarding grey ip address 192.168.15.2/24 ! router bgp 300 ! address-family ipv4 vrf grey network 80.80.80.2/32 redistribute connected neighbor 8.8.8.1 remote-as 100 neighbor 8.8.8.1 ebgp-multihop[...]

  • Pagina 75

    Co n fig u re VRF-lite | Page 75 VCStack a n d VRF-lite Shari n g VRF r o u ti n g a n d do u ble taggi n g o n the same port In this scenario, both VRF-lite tr affic and doub le vlan tagged tr affic is transpor ted between the two x610 switches via a si ngle shared por t. The double tagging f eature (nested vlans) makes use of the ta g-in-tag tech[...]

  • Pagina 76

    VCStack a n d VRF-lite Page 76 | Co n fig u re VRF-lite Co n fig u rati o n s x610 A ip vrf red 1 ip vrf green 2  vlan database vlan 20 name nested vlan 11-12,20,111-112 state enabl e interface port1.0.5 switchport access vlan 111 interface port1.0.6 switchport access vlan 112 interface port1.0.12 switchport access vlan 20 switchport vlan-stacki[...]

  • Pagina 77

    Co n fig u re VRF-lite | Page 77 VCStack a n d VRF-lite interface port1.0.20 switchport mode trunk switchport trunk allowed vlan add 11- 12,20 switchport trunk native vlan none switchport vlan-stacking provider-por t interface vlan11 ip vrf forwarding red ip address 192.168.11.2/24 interface vlan12 ip vrf forwarding green ip address 192.168.12.2/24[...]

  • Pagina 78

    Dy n amic i n ter -VRF r o u ti n g betwe e n the global VRF domai n a n d a VRF i n sta n ce Page 78 | Co n fig u re VRF-lite Dynamic inter -VRF routing betw een the global VRF domain and a VRF instance This section contains tw o configuration examp les. Both examples show ho w to configure dynamic inter -VRF routing via BGP between th e default g[...]

  • Pagina 79

    Co n fig u re VRF-lite | Page 79 Dy n amic i n ter -VRF ro u ti n g bet wee n the global VRF domai n a n d a VRF i n sta n ce For both these examples all BGP neighbor rela tionships in volv e peer ing between IP local addresses, not to VLAN interface IP addresses within the same subnet. BGP co n fig u ratio n tips The following BGP configuratio n t[...]

  • Pagina 80

    Dy n amic i n ter -VRF r o u ti n g betwe e n the global VRF domai n a n d a VRF i n sta n ce Page 80 | Co n fig u re VRF-lite The global par ameter in the command n eighbor x.x.x.x r emote-as <64515> global is required to facilitate an e-BGP peer ing to the global VRF domain from VRF red. Conv er sely , the target vrf- n ame in the command n[...]

  • Pagina 81

    Co n fig u re VRF-lite | Page 81 Dy n amic i n ter -VRF ro u ti n g bet wee n the global VRF domai n a n d a VRF i n sta n ce Dy n amic i n ter -VRF comm un icatio n with i-BGP r o u ti n g to exter n al peer VRF device access-list standard redblock4445 deny 192.168.44.0/24 access-list standard redblock4445 deny 192.168.45.0/24 access-list standard[...]

  • Pagina 82

    Dy n amic i n ter -VRF r o u ti n g betwe e n the global VRF domai n a n d a VRF i n sta n ce Page 82 | Co n fig u re VRF-lite red router vlan database vlan 2-3 state enable ! interface port1.0.13 switchport access vlan 2 ! interface port1.0.14 switchport access vlan 3 ! interface lo ip address 7.7.7.7/32 ! interface vlan1 ip address 192.168.10.2/2[...]

  • Pagina 83

    Co n fig u re VRF-lite | Page 83 Dy n amic i n ter -VRF ro u ti n g bet wee n the global VRF domai n a n d a VRF i n sta n ce redistribute connected redistribute static neighbor 2.2.2.2 remote-as 64512 vrf r ed neighbor 2.2.2.2 local-as 64515 neighbor 2.2.2.2 update-source 1.1.1.1 neighbor 2.2.2.2 route-map 43 out ! address-family ipv4 vrf red redi[...]

  • Pagina 84

    Ro u te Limits Page 84 | Co n fig u re VRF-lite Route Limits In multi-VRF netw or k environment, it may be di sastrous if one VRF injects too man y routes and fills up the hardware f orwarding table (FIB ) on a device which can aff ect other VRFs (as well as the global VRF). In software v er sion 5.4.2 and later , it is possible to mitigate this ri[...]

  • Pagina 85

    Co n fig u re VRF-lite | Page 85 Ro u te Limits Co n fig u ri n g Dy n amic ro u te limits A W+ suppor ts the ability to limit dyna mic ro utes via the max-fib-r o u tes command in the global VRF domain, which is unlimited by defaul t. This same A W+ command is no w also able to be applied on a per VRF basis. max-fi b-routes Descr iption Use the co[...]

  • Pagina 86

    Ro u te Limits Page 86 | Co n fig u re VRF-lite awplus(config)# ip vrf red awplus(config-vrf)# max-fib-routes 2000 75 Alter nativ ely , to ensure a war ning message is genera ted when the n umber of routes exceeds the limit (whilst ensuring routes exceeding the limit can still b e added), conf igure the following: awplus(config)# ip vrf red awplus([...]

  • Pagina 87

    Co n fig u re VRF-lite | Page 87 VRF-lite u sage g u ideli n es VRF-lite usage guidelines The gener al guideline is that all cur rent ser vic es remain a vailable in the default global VRF domain only , unless the ser vice is either explic itly VRF aware, or the ser vice r uns completely independently of VRF and th erefore has no requirement to be [...]

  • Pagina 88

    Usef u l VRF-r elated diag n ostics comma n d list Page 88 | Co n fig u re VRF-lite Useful VRF-related diagnostics command list Below is a summar y list of diagnostics comman ds that y ou may find helpful when troubleshooting VRF-related issues . Many exi sting commands ha ve been made VRF aw are and some are included below . Please refer to the so[...]

  • Pagina 89

    Co n fig u re VRF-lite | Page 89 Usef u l VRF-r elated diag n osti cs comma n d list connected Connected database IP routing table database global Global Routing/Forwarding table ospf Open Shortest Path First (OSPF) rip Routing Information Proto col (RIP) static Static routes summary Summary of all routes vrf Display routes from a VRF instance | Ou[...]

  • Pagina 90

    Usef u l VRF-r elated diag n ostics comma n d list Page 90 | Co n fig u re VRF-lite awplus#sh ip ospf interface  awplus#sh ip ospf ? <0-65535> Process ID numbe r border-routers Border and Bound ary Router Information database Database summary interface Interface inform ation neighbor Neighbor list route OSPF routing tab le virtual-links Vi[...]

  • Pagina 91

    C613-16164-00 REV E awplus#show ip bgp vrf <name> ? A.B.C.D IP prefix <netw ork>, e.g., 35.0.0.0 A.B.C.D/M IP prefix <netw ork>/<length>, e.g., 35.0.0.0/8 cidr-only Display only ro utes with non-natural netmasks community Display routes matching the communities community-list Display routes matching the community-list dampen[...]