Solved

Route traffic to vrf from interface not configured with vrf

Posted on 2010-09-09
10
1,536 Views
Last Modified: 2013-11-13
Hello-- I have a so-tel phone switch that is connected to a cisco 6500 running ios.  its connected to a vlan not configured with vrf, but it needs to send SOME of its traffic to routes that are in a vrf.

Help--

Thanks!!!  Hooker
0
Comment
Question by:ck10hh12
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 332 total points
ID: 33640887
>its connected to a vlan not configured with vrf, but it needs to send SOME of its traffic to routes that are in a vrf.

Commonly known as Route Leakage or Inter-VRF routing

Check out section "Route Leaking Between Different VRFs"

http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml

Third party:

http://netnix.org/index.php?post_id=4

Billy

0
 

Author Comment

by:ck10hh12
ID: 33640928
Thanks for the quick response.  I forgot to mention vrf-lite, fyi.  And can i leak routes to the main routing table from a vrf?
0
 
LVL 10

Accepted Solution

by:
cstosgale earned 168 total points
ID: 33640969
You can use route leaking to to introduce a static route to the default vrf which routes to another VRF. Be careful with this however, as you are effectively compromising security by connecting the two vrfs. The correct way to do this would be to send the traffic from one vrf out a physical interface to a firewall, then back into the switch on another physical interface.

In order to configure route leaking, you can use a static route like this:-

ip route 10.0.0.0 255.0.0.0 vlan 2 192.168.1.1

This assumes that vlan 2 is an interface in a vrf.

You would also need to create a route in the vrf for the return traffic, e.g.:-

ip route vrf test 172.16.1.0 255.255.255.0 vlan 3 192.168.2.1

where vlan 3 is in the default vrf.

See this pdf, this is a pretty good guide: http://www.cisco.com/application/pdf/paws/47807/routeleaking.pdf
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 332 total points
ID: 33640979
yes you can, please check out the link:

http://netnix.org/index.php?post_id=4

Billy
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 10

Expert Comment

by:cstosgale
ID: 33640992
vrf-lite is no problem, the articles above apply to this as well. Also, see my example as to how to leake between the default vrf and another vrf.
0
 

Author Comment

by:ck10hh12
ID: 33641175
You all are so nice for responding so quickly.  I wish wasnt so thick on this stuff.  It seems complicated from what I have read.  I basically have a vlan configured for vrf and several t1's in this vrf.  There is a phone system that serves not only this customer (in the vrf) but others as well, not in the vrf.  The phone system is going to send a request to the 6500 (with the vrf) for 192.168.3.x and will not find it in the global routing table.  The simplest way to allow this route to be known is...
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33641231
Cisco does not support any type of static routing as the document outlines, I would personally go with the dynamic route. Configure a GRE between the Global and the VRF as http://netnix.org/index.php?post_id=4 outlines as it meets the needs in what you are trying to accomplish.

Billy
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34505971
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now