Solved

Route traffic to vrf from interface not configured with vrf

Posted on 2010-09-09
10
1,557 Views
Last Modified: 2013-11-13
Hello-- I have a so-tel phone switch that is connected to a cisco 6500 running ios.  its connected to a vlan not configured with vrf, but it needs to send SOME of its traffic to routes that are in a vrf.

Help--

Thanks!!!  Hooker
0
Comment
Question by:ck10hh12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 332 total points
ID: 33640887
>its connected to a vlan not configured with vrf, but it needs to send SOME of its traffic to routes that are in a vrf.

Commonly known as Route Leakage or Inter-VRF routing

Check out section "Route Leaking Between Different VRFs"

http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml

Third party:

http://netnix.org/index.php?post_id=4

Billy

0
 

Author Comment

by:ck10hh12
ID: 33640928
Thanks for the quick response.  I forgot to mention vrf-lite, fyi.  And can i leak routes to the main routing table from a vrf?
0
 
LVL 10

Accepted Solution

by:
cstosgale earned 168 total points
ID: 33640969
You can use route leaking to to introduce a static route to the default vrf which routes to another VRF. Be careful with this however, as you are effectively compromising security by connecting the two vrfs. The correct way to do this would be to send the traffic from one vrf out a physical interface to a firewall, then back into the switch on another physical interface.

In order to configure route leaking, you can use a static route like this:-

ip route 10.0.0.0 255.0.0.0 vlan 2 192.168.1.1

This assumes that vlan 2 is an interface in a vrf.

You would also need to create a route in the vrf for the return traffic, e.g.:-

ip route vrf test 172.16.1.0 255.255.255.0 vlan 3 192.168.2.1

where vlan 3 is in the default vrf.

See this pdf, this is a pretty good guide: http://www.cisco.com/application/pdf/paws/47807/routeleaking.pdf
0
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 332 total points
ID: 33640979
yes you can, please check out the link:

http://netnix.org/index.php?post_id=4

Billy
0
 
LVL 10

Expert Comment

by:cstosgale
ID: 33640992
vrf-lite is no problem, the articles above apply to this as well. Also, see my example as to how to leake between the default vrf and another vrf.
0
 

Author Comment

by:ck10hh12
ID: 33641175
You all are so nice for responding so quickly.  I wish wasnt so thick on this stuff.  It seems complicated from what I have read.  I basically have a vlan configured for vrf and several t1's in this vrf.  There is a phone system that serves not only this customer (in the vrf) but others as well, not in the vrf.  The phone system is going to send a request to the 6500 (with the vrf) for 192.168.3.x and will not find it in the global routing table.  The simplest way to allow this route to be known is...
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33641231
Cisco does not support any type of static routing as the document outlines, I would personally go with the dynamic route. Configure a GRE between the Global and the VRF as http://netnix.org/index.php?post_id=4 outlines as it meets the needs in what you are trying to accomplish.

Billy
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34505971
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question