Re: How to make command for using VRF

WangSteven02215 · ‎01-15-2022

I always appreciate the support of Cisco community.

There are 3 (or more) networks that need to access the server A and B (below picture). For your information, there are all standalone networks, not external network.

We've faced IP duplication problem. So, we have plan to use VRF and NAT on a single router to solve this problem. I think Inter VRF routing is necessary,

I've been studying how to configure the command to use VRF. However, it is not easy.

Could you tell me how to configure the command on the single router?

paul driver · ‎01-15-2022

Hello

@WangSteven02215 wrote:

Could you tell me how to configure the commannd on the single router?

Depending on what software you are using the vrf commands would differ slightly:

Example based on your topology :
conf t

ip vrf A
ip vrf B
ip vrf C

int gig0/1
ip vrf forwardng A
ip address 192.168.1.1 255.255.255.0

int gig0//2
ip vrf forwardng B
ip address 192.168.2.1 255.255.255.0

int gig0/3
ip vrf forwardng C
ip address 192.168.2.1 255.255.255.0

int gig0/4
ip address 192.168.100.1 255.255.255.0

int gig0/5
ip address 192.168..200.1 255.255.255.0

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/1 < required for return traffic into vrf
ip route 192.168.2.0 255.255.255.0 GigabitEthernet0/2
ip route 192.168.3.0 255.255.255.0 GigabitEthernet0/3
ip route vrf A 192.168.100.0 255.255.255.0 GigabitEthernet0/5 192.168.100.100 global < required for vrf traffic into global route table
ip route vrf A 192.168.200.0 255.255.255.0 GigabitEthernet0/5 192.168.200.200 global
ip route vrf B 192.168.100.0 255.255.255.0 GigabitEthernet0/4 192.168.100.100 global
ip route vrf B 192.168.200.0 255.255.255.0 GigabitEthernet0/5 192.168.200.200 global
ip route vrf C 192.168.100.0 255.255.255.0 GigabitEthernet0/4 192.168.100.100 global
ip route vrf C 192.168.200.0 255.255.255.0 GigabitEthernet0/5 192.168.200.200 global

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

WangSteven02215 · ‎01-15-2022

Hello Paul,

First of all, I appreciate your response. I think there are some errors in the command you created.

Please refer to the red letters below and my question.

*Note: "192.168.1.0" will be connected to port 2. Also, "192.168.2.0" will be connected to port 3.

int gig0//2
ip vrf forwardng B
ip address 192.168.2.1 255.255.255.0

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/1 < required for return traffic into vrf
ip route 192.168.2.0 255.255.255.0 GigabitEthernet0/2
ip route 192.168.3.0 255.255.255.0 GigabitEthernet0/3
ip route vrf A 192.168.100.0 255.255.255.0 GigabitEthernet0/5 192.168.100.100 global < required for vrf traffic into global route table
ip route vrf A 192.168.200.0 255.255.255.0 GigabitEthernet0/5 192.168.200.200 global

Question: I don't understand why you mentioned "192.168.3.0."

paul driver · ‎01-15-2022

Hello

That was just an example of 3 networks in separate vrfs just amend it to accommodate your network.

As explained those routes like ip route 192.168.2.0 255.255.255.0 GigabitEthernet0/2 are required for the return traffic can be routed into each vrf

@MHM Cisco World mage a good suggestion also using PBR to accomplish route-leaking is another psooble alternative in which you dont require multiple static routes:

no ip route vrf A 192.168.100.0 255.255.255.0 GigabitEthernet0/5 192.168.100.100 global
no ip route vrf A 192.168.200.0 255.255.255.0 GigabitEthernet0/6 192.168.200.200 global
no ip route vrf B 192.168.100.0 255.255.255.0 GigabitEthernet0/5 192.168.100.100 global
no ip route vrf B 192.168.200.0 255.255.255.0 GigabitEthernet0/6 192.168.200.200 global
no ip route vrf C 192.168.100.0 255.255.255.0 GigabitEthernet0/5 192.168.100.100 global
no ip route vrf C 192.168.200.0 255.255.255.0 GigabitEthernet0/6 192.168.200.200 global

access-list 10 permit 192.168.100.0 0.0.0.255
access-list 10 permit 192.168.200.0 0.0.0.255

route-map GRT-VRF permit 10
match ip address 50
set global

int gig0/1
ip policy route-map GRT-VRF
int gig0/2
ip policy route-map GRT-VRF
int gig0/3
ip policy route-map GRT-VRF

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

WangSteven02215 · ‎01-15-2022

At first, you said to me "the example based on my topology". But now I'm confused because you said just an example of 3 networks in separate vrfs.

"192.168.1.0" network will be connected to both port 1 and 2. So, referring to what you said, I can create the command as follows:

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/1 < required for return traffic into vrf
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/2

I think there is an error in this command, don't you?

If you mention exact example in consideration my topology, that would be very helpful.

kind regards

MHM Cisco World · ‎01-15-2022

Friend

I think you need policy-route with set global,
this make VRF when it need to send packet to global it will use policy-route.
this policy-route config under the VRF interface.

WangSteven02215 · ‎01-15-2022

Thank you very much for your response. Could you mention "policy-route config" command as example in consideration of the picture I uploaded? If so, that would be very helpful for me.

MHM Cisco World · ‎01-15-2022

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200158-Configure-Route-Leaking-between-Global-a.html