@shaps -Thanks for the reply. 

Rather than using sub-interfaces, as I have a requirements only for 2 vrf's and therefore scalability isnt a concern, can i create a 'transit' vlan, with an svi at the dist switch and an svi at the core switch, add the 'transit' vlan into the vrf (along with the relevant cust vrf's) and then use the trunkport between the dist and the core to carry the traffic?

Hello,

in addition to 'shaps' post, since your distribution layer switch is not a layer 3 switch, you don't really need to separate the VRFs there. You need to separate them at the first layer 3 device, which I assume is your core switch (?).

Either way, the config on the core switch would like soomething like below. Just trunk your VLANs to the core switch as you would normally do. For the sake of convencience and testing I have added DHCP pools for each VRF:

ip vrf CUST_A
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf CUST_B
rd 2:2
route-target export 2:2
route-target import 2:2
!
ip dhcp excluded-address 10.10.1.1
ip dhcp excluded-address 10.20.1.1
!
ip dhcp pool CUST_A
vrf CUST_A
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
!
ip dhcp pool CUST_B
vrf CUST_B
network 10.20.1.0 255.255.255.0
default-router 10.20.1.1
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip vrf forwarding CUST_A
ip address 10.10.1.1 255.255.255.0
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip vrf forwarding CUST_A
ip address 10.20.1.1 255.255.255.0
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip vrf forwarding CUST_B
ip address 10.30.1.1 255.255.255.0
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip vrf forwarding CUST_B
ip address 10.40.1.1 255.255.255.0

@ all who have kindly replied so far..

The dist switches are currently acting as L3 as the vlans terminate on these switches. Between the dist's and the cores are trunks, not routed interfaces. Cheers

Hi,

Then you must extend VRF till to the Distribution switches.

Regards,

Deepak Kumar

So you use a transit vlan for each VRF and route the other VRF vlans over the transit vlan ? 

If so then yes that is exactly the way I would do it and then you either run a dynamic routing protocol or use statics to exchange the routes. 

Jon

Thank you..

Deepak, Georg 

In the OPs initial post he says the customer vlans terminate at the distribution layer so he needs to route between the distribution and core switches but has to use a trunk to keep the VRF segregation all the way to the core. 

Just didn't want to confuse OP with talk of just using core for VRFs. 

Jon

@ all.. Thanks for all the responses, very helpful. 

@Jon Marshall. Jon, based On your response I intend to create 1 common subnet between the dist and core for each vrf and assign a single ip from that subnet at the core and also the dist. I will then add the cust clams into the vrf at the dist.. This leads me to another question, what exactly do you mean with your previous response when you suggested I need the L2 trunk as I need complete vrf segregation to the core? Why do I need the L2 trunk to achieve segregation, could I not achieve segregation by using a routed interface on both the dist and core for each vrf (or sun interfaces for multiple vrf’s) ? Thanks