Re: VRF Routing in VLAN

Arjun Dabol · ‎10-05-2017

Hello Experts,

I have two L3 switches that are running VRF-Lite inside them to separate traffic.

also there are 2 switches between them using which they both can communicate . network between them is L2 as shown here.

L3 switch(6500)<--L2 network-->switchA<----L2 network---->switchB-------L3 switch(6500)

now if I have 3 VRF created on both L3 switches that need to communicate , what should be done here?

I understand we need to create VLANs on switchA and switchB and then may be sub-interfces on L3 switch and do vrf forwarding may be - but how it works ?

can someone help please ?

Seb Rupik · ‎10-06-2017

Hi there,

Assuming your 6500's are connected to the L2 switches on interface gi1/1/1, try the following config:

!
hostname l3switch-1
!
ip vrf THIRD_VRF
  description 3rd VRF
!
vlan 10
  name first_vlan
vlan 20
  name second_vlan
vlan 30
  name third_vlan
!
int gi1/1/1
  switchport
  switchport trunk allowed vlan 10,20,30
  switchport mode trunk
!
int vlan 30
  ip forwarding THIRD_VRF
  ip address 10.10.10.2 255.255.255.254
!

!
hostname l3switch-2
!
ip vrf THIRD_VRF
  description 3rd VRF
!
vlan 10
  name first_vlan
vlan 20
  name second_vlan
vlan 30
  name third_vlan
!
int gi1/1/1
  switchport
  switchport trunk allowed vlan 10,20,30
  switchport mode trunk
!
int vlan 30
  ip forwarding THIRD_VRF
  ip address 10.10.10.3 255.255.255.254
!

This will create a new VLAN, SVI and /31 link between them using a new VRF. Let us know if you have any more questions.

cheers,

Seb.

Arjun Dabol · ‎10-06-2017

Thanks Seb for taking time and reply.

Won't I need VLANs on my L2-switch ? how they will understand what VLANs are carrying vrfs ?

Seb Rupik · ‎10-06-2017

Yes you will need to trunk VLAN30 between the two 6500 via your layer2 switches. I thought you were doing that already from your statement: "I understand we need to create VLANs on switchA and switchB"

Do you need the config for those switches too?

cheers,

Seb.

Julio E. Moisa · ‎10-06-2017

Hi

The VLANs are important locally only, so on the layer 3 switches you need to create the VRF into the SVI and pass the VLANs over the Trunks, so you can create the VLANs on the layer 2 Switches to transport the VLANs to the other VRF End.

The VRF VLANs must be created on the Layer 2 switches and I suggest filter them over the trunks on the layer 2 switches, for example:

LAYER 3 SWITCH

ip vrf A

rd 1:1

route-target import 1:1

route-target export 1:1

vlan 10

name USERS

int vlan 10

ip vrf forwarding A

ip add 10.0.0.1 255.255.255.0

no shutdown

int g1/1/1

switchport

switchport trunk allowed vlan 10

switchport mode trunk

no shutdown

* You can include more VLANs over the trunks as usual.

LAYER 2 SWITCH

vlan 10

name USERS

int g1/1/1

switchport

switchport trunk allowed vlan 10

switchport mode trunk

no shutdown.

* You can include more VLANs over the trunks as usual.

Note: if you are executing ping to verify the connectivity you must wait few seconds to see the responses.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<