Re: OT - Campus Path Isolation - MPLS, VRF-lite, etc.

From: Jian Gu (guxiaojian@gmail.com)
Date: Thu May 31 2007 - 13:56:09 ART

• Next message: Scott Morris: "RE: Sorry I mistyped. It is 17901"
• Previous message: Narbik Kocharians: "Re: OT - Networkers"
• Maybe in reply to: Guyler, Rik: "OT - Campus Path Isolation - MPLS, VRF-lite, etc."
• Next in thread: Guyler, Rik: "RE: OT - Campus Path Isolation - MPLS, VRF-lite, etc."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

SPAN guest vlan across campus is not scalable, against the general
core-distribution-access rule, and will be a management nightmare. VRF lite
is not good solution either, because that means you need to configure VLANs
on each L3 links.

Not sure why you are considering running GRE with VRF (i.e vrf forwarding
configured on tunnel interface), you can configure p2mp GRE tunnels between
(L3) distribution switches and internet gateway, and put guest vlan
interfaces in the same VRF, no need to configure PBR.

On 5/31/07, Tarun Pahuja <pahujat@gmail.com> wrote:
>
> Rik,
> Any specific reason you do not want to tie guest-Vlan to guest
> SSID,
> SPAN that Vlan accross the Campus. Guest-Vlan can be configured to only
> have
> internet access. Ofcouse, you can go vrf-lite route as many organizations
> are doing it these days.
>
> Thanks,
> Tarun
>
>
> On 5/31/07, Guyler, Rik <rguyler@shp-dayton.org> wrote:
> >
> > I'm looking into turning on guest wireless access across our campuses
> and
> > looking into the various options for path isolation. We have a single
> > entry
> > point to the Internet in our network so some type of tunneling is what I
> > have in mind but I'm not sure which method is the way to go.
> >
> > I've considered plain GRE tunnels (no VRF) but that would mean turning
> on
> > PBR, which I really don't want to do. The switches performing the PBR
> are
> > 6500 w/Sup720 so plenty of horsepower but still, I don't think it's the
> > way
> > to go. I've looked into MPLS through the campus and believe it's a good
> > way
> > to go as is VRF-lite (non-BGP VRF) but I'm not sure if they fit. I
> would
> > only want to enable MPLS/VRF on the endpoints of the tunnels and not the
> > devices in between. I believe this will work but not sure. I would
> also
> > like to hear about any other possible path isolation options if they
> > exist.
> >
> > I would GREATLY appreciate it if somebody could enlighten me on this
> > subject. Any real-world experiences with campus guest access to share?
> >
> > Thanks,
> >
> > Rik
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: Sorry I mistyped. It is 17901"
• Previous message: Narbik Kocharians: "Re: OT - Networkers"
• Maybe in reply to: Guyler, Rik: "OT - Campus Path Isolation - MPLS, VRF-lite, etc."
• Next in thread: Guyler, Rik: "RE: OT - Campus Path Isolation - MPLS, VRF-lite, etc."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:23 ART