Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1219
Views
0
Helpful
3
Replies

Missing "global" keyword in inter VRF routing when next-hop is DHCP

Go to solution
Rasmus Kiilerich
Level 1
Level 1

‎07-01-2018 12:59 AM - edited ‎03-05-2019 10:41 AM

Hi All

 

Anyone 

 

I´m trying to make a setup where guest are isolated into a dedicated guest VRF that breakouts traffic on the local ISP. I almost got the configuration it to a state where it is ready for implementation except for one small issue.

 

The current setup consist of a "run of the mill" xDSL from whatever local provider connected to an interface with DHCP (GE9). This interface is a member of the global routing table and are used to connect back to HQ with DMVPN.

Another VRF contains the internal traffic (vlan100) that are tunneled back to HQ.

 

 

The issue is with the static route that "leakes" traffic from the guest vrf to the global.

 

This is what I have now and it works. However at the internet connection used DHCP the next-hop might change between providers.

ip route vrf guest 0.0.0.0 0.0.0.0 192.168.1.1 global

 

Whenever I try to replace the static next-hop IP with a interface, DHCP or any combination thereof the "global" keyword is no longer avaliable. 

 

 

ip route vrf guest 0.0.0.0 0.0.0.0 <GigabitEthernet9> or <DHCP> global

 

 

Any ideas or workarounds?

 

 

 

 

--------------------------------------------

 

 

 

interface GigabitEthernet9
ip address dhcp
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface Vlan100
description Office
vrf forwarding office
ip address 10.199.237.254 255.255.255.0
!
interface Vlan444
description Guest
vrf forwarding guest
ip address 172.16.1.254 255.255.255.0
ip nat inside
!


ip nat inside source list guestSubnet interface GigabitEthernet9 vrf guest overload
ip route 172.16.1.0 255.255.255.0 Vlan444
ip route vrf guest 0.0.0.0 0.0.0.0 192.168.1.1 global

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎07-01-2018 03:17 AM

Hi,

you can use leaking in this case by 2 way:

1) only exit-interface

2) both exit-interface and DHCP keywork

 

What is problem in the way of 1) is your ISP must support proxy-arp, plus you will have arp entry for each entry which is not recommended on ethernet, hence my recommendation is using exit interface+DHCP.

Keep in mind that for either case you don't need to add "global" (even no way to add it). Just configure:

 

ip route vrf guest 0.0.0.0 0.0.0.0 GigabitEthernet9 DHCP and that's all.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kanan Huseynli
VIP
VIP

‎07-01-2018 03:17 AM

Hi,

you can use leaking in this case by 2 way:

1) only exit-interface

2) both exit-interface and DHCP keywork

 

What is problem in the way of 1) is your ISP must support proxy-arp, plus you will have arp entry for each entry which is not recommended on ethernet, hence my recommendation is using exit interface+DHCP.

Keep in mind that for either case you don't need to add "global" (even no way to add it). Just configure:

 

ip route vrf guest 0.0.0.0 0.0.0.0 GigabitEthernet9 DHCP and that's all.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
Rasmus Kiilerich
Level 1
Level 1
In response to Kanan Huseynli

‎07-01-2018 07:12 AM

Works!!!

 

Thanks

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎07-01-2018 05:07 AM

Hello,

 

on a side note, I tested this in GNS3, you don't need the 'global' keyword, the default route will be leaked and dynamically adjusted by just using 'ip route vrf guest 0.0.0.0 0.0.0.0 GigabitEthernet9 dhcp'...

0 Helpful
Customers Also Viewed These Support Documents