cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
931
Views
5
Helpful
5
Replies
Highlighted
Beginner

How to leak routes between vrf VLANs and global VLANs on same switch

I have a 3850 L3 core switch with VLANs in three different routing domains (global, vrf Inside and vrf DMZ). My DNS servers and other resources are in global VLANs. Hosts in each of the two vrf's need to be able to connect to DNS servers in a global VLAN.

 

Having difficulty finding a clear example of how leaking of routes can be accomplished with the above scenario.

 

Here's my basic configuration:

ip vrf DMZ
!
ip vrf Inside
!

interface Vlan6
description Inside VLAN
ip vrf forwarding Inside
ip address 10.6.1.1 255.255.255.0
end

!

interface Vlan7
description DMZ VLAN
ip vrf forwarding DMZ
ip address 10.7.1.1 255.255.255.0
end

!

interface Vlan10
description DNS Server VLAN
ip address 10.10.1.1 255.255.255.0
end

!

DNS server host in VLAN 10: 10.10.1.5

 

Using static routes, how can I allow all hosts in vrf VLANs 6 & 7 access to a DNS server in VLAN 10 with IP address 10.10.1.5 ?

 

Thank you!!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hello


@2ndcongress wrote:

 

 

Using static routes, how can I allow all hosts in vrf VLANs 6 & 7 access to a DNS server in VLAN 10 with IP address 10.10.1.5 ?

 


You need to tell the rtr/switch how to reach each vrf subnet which reside in their own route vrf route table and tell the vrf subnets how to reach vlan 10 which resides in the global route table.

so try adding:

ip route 10.6.1.0 255,255.255.0 vlan 6
ip route 10.7.1.0 255,255.255.0 vlan 7
ip route vrf inside 10.10.1.0 255.255.255.0 vlan 10 10.1.5 global
ip route vrf DMZ  10.10.1.0 255.255.255.0 vlan 10 10.1.5 global



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

5 REPLIES 5
Highlighted
VIP Mentor

Hello


@2ndcongress wrote:

 

 

Using static routes, how can I allow all hosts in vrf VLANs 6 & 7 access to a DNS server in VLAN 10 with IP address 10.10.1.5 ?

 


You need to tell the rtr/switch how to reach each vrf subnet which reside in their own route vrf route table and tell the vrf subnets how to reach vlan 10 which resides in the global route table.

so try adding:

ip route 10.6.1.0 255,255.255.0 vlan 6
ip route 10.7.1.0 255,255.255.0 vlan 7
ip route vrf inside 10.10.1.0 255.255.255.0 vlan 10 10.1.5 global
ip route vrf DMZ  10.10.1.0 255.255.255.0 vlan 10 10.1.5 global



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

Highlighted

That worked beautifully, thank you very much!

 

 

Highlighted

bgp is the right way to do route leaking between vrfs....
Highlighted
Rising star

if you need leaking why do you need vrfs?
Highlighted

The VRFs were needed for a complex migration of a vmware farm where the old and new environments have completely different ingress/egress but share the same core switch (until the old environment can be fully decommissioned). There were a few host servers that need to be accessible to both environments temporarily. Whereas for everything else, total separation is needed. Loving the vrfs... They have greatly simplified the routing and will prevent all kinds of potential disasters during the migration. The DMZ vrf makes for a terrific alternative to a separate switch stack for DMZ hosts.