Link to home
Start Free TrialLog in
Avatar of denver218
denver218Flag for United States of America

asked on

Creating a new VRF on Cisco Nexus 5596UP

Right now on my Cisco Nexus 5596UP, I'm only using the Management VRF, and there is a default route that routes all traffic to my ASA firewall and out to the internet.  I have a customer who is bringing their own internet circuit into our datacenter, and I need to route 4 vlans that are configured for them on this Nexus, to a separate ASA that is connected to the circuit they brought in.  So these VLAN's won't take the default route of the Management VRF, rather be routed towards the customer ASA and out their own circuit.  I've never created a VRF on the Nexus before, I would like to verify if the config below is correct?  

switch# configure terminal
switch(config)# vrf context CUSTOMER
switch(config-vrf)# ip route 0.0.0.0/0 10.199.240.17 (Route towards the ASA that is connected to customers internet circuit)
 
interface Vlan250
vrf member CUSTOMER
description CUSTOMER
no shutdown
ip address 10.199.16.2/20
hsrp 100
preempt
priority 105
ip 10.199.16.1
SOLUTION
Avatar of Garry Glendown
Garry Glendown
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of SIM50
SIM50
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of denver218
denver218
Flag of United States of America image

ASKER

Route leaking was actually my next question.   I added VLAN 250 to the "CUSTOMER VRF", now if I needed VLAN 250 to talk to a VLAN that resides in the Management VRF is this not possible?  I was hoping to accomplish this via route leaking.  Are there any work around's or anything i can do to allow this?  Thanks
Avatar of SIM50
SIM50
Flag of United States of America image
if I needed VLAN 250 to talk to a VLAN that resides in the Management VRF is this not possible?
It's not possible. Management VLAN is for the management traffic only and that's why it has a separate VRF from the global (if you mess up the routing by a mistake, you won't loose access to the switch). If you are using it for something else than it is probably a good idea to take another look at your network and best practices.
Avatar of denver218
denver218
Flag of United States of America image

ASKER

Ok, so maybe I didn't use best practices.  I do have customer vlans on the management VRF, which I guess is wrong.

So if i moved these VLANs to another VRF, would I then be able to leak routes from the "CUSTOMER VRF" to this other VRF?
Avatar of SIM50
SIM50
Flag of United States of America image
Yes, you would be able to if you would configure them in a new VRF beside Global like VRF Customer2.
Avatar of denver218
denver218
Flag of United States of America image

ASKER

Can I simply just move the dozen or so vlans I have in the management VRF to another VRF during a maintenance window?  Then I can just use the management VRF for just management traffic as its supposed to be.
Avatar of SIM50
SIM50
Flag of United States of America image
Yes, you would also need to configure routing the same way it was setup in the management vrf.