Solved: VRF configuration on layer 2

sameetha.maheshwaram · ‎12-15-2016

Hello All,

I wanted to know if we can create a VRF on layer 2 port-channel or on a vlan. Someone please help me out

Thank you,

Sameetha

Mark Malone · ‎12-15-2016

Hi

not at layer 2 as a vrf is for logically sperating routing tables at layer 3 , if these ports have no ip on them the vrf is pointless , routing must be enabled on the device and the port must have an ip on it for vrf to work

View solution in original post

Mark Malone · ‎12-15-2016

Hi

not at layer 2 as a vrf is for logically sperating routing tables at layer 3 , if these ports have no ip on them the vrf is pointless , routing must be enabled on the device and the port must have an ip on it for vrf to work

mustafaali786110 · ‎03-23-2022

Here is the scenario in working one:

we have created vrf instance in core with dhcp configured and then extended from core to layer 2 sw via access port core and l2 switch connected with access vlan 19 for example and from lay 2 to wlc there is a trunk my confusion is will vrf pass the traffic to wlc

sameetha.maheshwaram · ‎12-15-2016

Thanks a lot Mark!!

I actually got this question, since I am trying to send the syslog messages from Nexus switch to be sent to the syslog server

switch# configure terminal

switch(config)# logging server 172.28.254.254 5 local3

Please let me know if this configuration is right

Regards,

Sameetha

Mark Malone · ‎12-15-2016

Yes that will work , here is mine of one of my 7ks Nexus , you wouldn't need the vrf unless your doing out of band mgmt. so what you have should work fine , I would also source it off an up/up interface like a loopback , mine is just set to notification facility 5 rather than yours critical 3 reporting

logging server x.x.xx 5 use-vrf management
logging source-interface loopback 3
logging monitor 6

sameetha.maheshwaram · ‎12-15-2016

Thanks Mark . Though it's not working , Please confirm the following configuration for me

on the Nexus 5545 switch

!

monitor session 1

logging server 172.28.254.254 7

logging source-interface loopback

logging monitor 1

!

on the server side I have to just add the loopback IP address

Please correct me, If I went wrong.

Thank you,

Sameetha

Mark Malone · ‎12-15-2016

the server ip should be 172.28.254.254

can you post the command ....show logging server ... from the nexus

You may have to use a vrf , do you have any management ip on the device at all ?

the nexus comes with 2 vrfs enabled by default , default & management , you could try add the vrf under the management vlan ip if not a physical interface

example

interface vlan 1
description MGMT
vrf member management
ip address x.x.x.x/x

logging server x.x.x.x use-vrf management

or if that does not work try the default vrf

You can see these vrfs with.......show vrf

sameetha.maheshwaram · ‎12-15-2016

Thanks a ton Mark !! Finally it started working, first I tried using management vrf and it did not work and later I used default vrf

Here is the snapshot of my configuration on nexus 5548 switch

!
logging server x.x.x.x 7 use-vrf default
logging source-interface loopback 0
logging monitor 7
!

Once again thanks a lot, I really appreciate your time and patience

Regards,

Sameetha

Mark Malone · ‎12-15-2016

Ah very good glad you got it ;)

Mark Malone · ‎12-15-2016

looks fine , can you ping that ip from the Nexus ? that may be your issue if its not working , thats all thats required to setup syslog same as IOS as below

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/system_management/502_n1_1/b_Cisco_n5k_system_mgmt_cg_rel_502_n1_1/Cisco_n5k_system_mgmt_cg_rel_502_n1_1_chapter9.html#task_5793349949823830091

Configuring syslog Servers

You can configure up to three syslog servers that reference remote systems where you want to log system messages.

SUMMARY STEPS

1. switch# configure terminal

2. switch(config)# logging server host [severity-level [use-vrf vrf-name [facility facility]]]

3. (Optional) switch(config)# no logging server host

4. (Optional) switch# show logging server

5. (Optional) switch# copy running-config startup-config

DETAILED STEPS

Command or Action

Purpose

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# logging server host [severity-level [use-vrf vrf-name [facility facility]]]

Configures a host to receive syslog messages.

The host argument identifies the host name or the IPv4 or IPv6 address of the syslog server host.
The severity-level argument limits the logging of messages to the syslog server to a specified level. Severity levels range from 0 to 7. Refer to Table 1
The use vrf vrf-name keyword argument identifies the default or management values for the VRF name. If a specific VRF is not identified, management is the default. However, if management is configured, it will not be listed in the output of the show-running command because it is the default. If a specific VRF is configured, the show-running command output will list the VRF for each server.

Note The current CFS distribution does not support VRF. If CFS distribution is enabled, then the logging server configured with the default VRF will be distributed as the management VRF.
The facility argument names the syslog facility type. The facilities are listed in the Cisco Nexus 5000 Series Command Reference. The default outgoing facility is local7.

Step 3

switch(config)# no logging server host

(Optional)

Removes the logging server for the specified host.

Step 4

switch# show logging server

(Optional)

Displays the syslog server configuration.

Step 5

switch# copy running-config startup-config

(Optional)

Copies the running configuration to the startup configuration.

sameetha.maheshwaram · ‎12-15-2016

Thanks Mark . I am able to ping from switch to the server and vice versa, though the server is not having the logs from the switch

Regards,

Sameetha