05-20-2009 07:26 AM - edited 03-06-2019 05:50 AM
Hi all, I have a Catalyst 6513 switch with supervisot 720-10G.
I need to connect my ISP cable there, and route all the internal network with aproximated 100 VLANS.
What i want to do is to create 2 routing instances (all of them with static routing). One routing instance to route the external networks and other instance to route the internal networks.
How can I do it?
I thought to create a VRF to route the external networks, and route the internal networks with the global routing table instance. For that I've created a vrf and assigned a phisical interface with an IP (where i connect muy ISP cable) to it. I alsa created a loopback interface with it's associated ip into the vrf. Then i create other loopback interface into the Cat6500 in the same network segment, to communicate with the vrf, bot i cannot ping the 2 loopback interfaces.
What i'm doing i correct? Should I use VRF for my problem or is there another solution so solve this?.
Thanks a lot!
05-20-2009 11:37 AM
Hello Nicolas,
a VRF is completely isolated from the global routing table.
To build a communication path between the VRF and the GRT you should use two Vlans, two SVI L3 Vlans.
the first Vlan is associated to the VRF.
the second vlan is associated to the GRT.
Both use the same ip subnet.
then you connect with a cable two switch ports.
port 1 is associated to vlanX
port 2 to vlan y
cross-over cable between gx/y and gx1/y1
int gix/y
switchport
switchport mode access
switchport access vlan X
int gix1/y1
switchport
switchport mode access
switchport access vlan X
int vlan X
ip vrf forwarding VRF-name
ip address 10.10.10.1 255.255.255.0
no shut
int vlan X1
mac-address another-mac
ip address 10.10.10.1 255.255.255.0
no shut
the problem with loopbacks is they cannot communicate with external world.
SVI are the right tool here, but it is better to change the MAC address used as a source by one of them (actually by default all SVIs use the same MAC address in a chassis)
to complete the solution you need the correct static routes in VRF and in GRT.
Final note:
if you don't put a transparent firewall or other device between VRF and GRT you can also consider to not use the VRF at all.
Hope to help
Giuseppe
05-21-2009 10:23 AM
Thanks a lot Giuseppe, but the only way to interconnect a VRF with the GRT is patching 2 ports? If i do this y spent 2 ports on muy switch. What i want to do is to create a virtual interface. Doeas virtual interface exists here? (i mean virtual interface, not subinterfaces).
Thanks a lot again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide