Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1144
Views
5
Helpful
4
Replies

Need to Allow a VLAN into a VRF

slad3s
Level 1
Level 1

‎02-23-2021 09:21 AM

Need to Allow a VLAN into a VRF

 

The vlan has a SVI and I would like to get only this vlan or network into our VRF 500 so that everyone on said vlan can reach everything that VRF 500 can reach. We have a core switch that the SVI and VRF 500 exist on so I am trying to do some magic on this switch.

 

I thought I could so something like this below but I think this would only allow everyone in the VRF to reach the global routing table which is not what we need.

 

 

interface Vlan10
 description TEST
 ip address 10.1.10.1 255.255.255.0


 access-list 50 permit ip 172.17.0.0 0.0.255.255 10.1.10.0 0.0.0.255
!
route-map VRF_TO_GLOBAL permit 10
 match ip address 50
set global
!


interface Vlan500
 description VRF500
 ip vrf forwarding 500
 ip address 172.17.65.65 255.255.255.192
ip policy route-map VRF_TO_GLOBAL

Apologies if I am missing something obvious here. VRFs and what I am trying to do is very new to me. Any help would be greatly appreciated. Thank you!

 

Labels:
0 Helpful
4 Replies 4

flamingbk
Level 1
Level 1

‎03-03-2021 03:06 PM

Hello!

 

Try do this:

 

ip vrf VRF500

rd 1:1
import ipv4 unicast map GLOBAL_TO_VRF
export ipv4 unicast map VRF_TO_GLOBAL
route-target export 1:1
route-target import 1:1

!

ip prefix-list vlan10 seq 5 permit 10.1.10.0/24
ip prefix-list vrf seq 5 permit 172.17.65.64/26

!

route-map GLOBAL_TO_VRF permit 10
match ip address prefix-list vlan10

!
route-map VRF_TO_GLOBAL permit 10
match ip address prefix-list vrf

!

router bgp 1
bgp log-neighbor-changes
!
address-family ipv4
redistribute connected

!
address-family ipv4 vrf VRF500
network 172.17.65.64 mask 255.255.255.192
!

 

At this point you can see the route 172.17.65.64 pointed to SVI 500 via BGP in Global routing table and in the VRF500 routing table you will see a route 10.1.10.0/24 pointed to SVI10 via BGP.

 

 

 

 

 

0 Helpful

paul driver
VIP
VIP

‎03-03-2021 03:09 PM

Hello

So why don't you put vlan 10 in the vrf 500 also?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

georgehewittuk1
Level 1
Level 1
In response to paul driver

‎03-03-2021 06:43 PM

This is what I'm wondering also. 

0 Helpful

MHM Cisco World
VIP
VIP

‎03-04-2021 04:50 PM

are this issue solve?

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card