10-05-2017 08:54 PM - edited 03-08-2019 12:16 PM
Hello Experts,
I have two L3 switches that are running VRF-Lite inside them to separate traffic.
also there are 2 switches between them using which they both can communicate . network between them is L2 as shown here.
L3 switch(6500)<--L2 network-->switchA<----L2 network---->switchB-------L3 switch(6500)
now if I have 3 VRF created on both L3 switches that need to communicate , what should be done here?
I understand we need to create VLANs on switchA and switchB and then may be sub-interfces on L3 switch and do vrf forwarding may be - but how it works ?
can someone help please ?
10-06-2017 12:45 AM
Hi there,
Assuming your 6500's are connected to the L2 switches on interface gi1/1/1, try the following config:
! hostname l3switch-1 ! ip vrf THIRD_VRF description 3rd VRF ! vlan 10 name first_vlan vlan 20 name second_vlan vlan 30 name third_vlan ! int gi1/1/1 switchport switchport trunk allowed vlan 10,20,30 switchport mode trunk ! int vlan 30 ip forwarding THIRD_VRF ip address 10.10.10.2 255.255.255.254 !
! hostname l3switch-2 ! ip vrf THIRD_VRF description 3rd VRF ! vlan 10 name first_vlan vlan 20 name second_vlan vlan 30 name third_vlan ! int gi1/1/1 switchport switchport trunk allowed vlan 10,20,30 switchport mode trunk ! int vlan 30 ip forwarding THIRD_VRF ip address 10.10.10.3 255.255.255.254 !
This will create a new VLAN, SVI and /31 link between them using a new VRF. Let us know if you have any more questions.
cheers,
Seb.
10-06-2017 04:38 AM
Thanks Seb for taking time and reply.
Won't I need VLANs on my L2-switch ? how they will understand what VLANs are carrying vrfs ?
10-06-2017 04:50 AM
Yes you will need to trunk VLAN30 between the two 6500 via your layer2 switches. I thought you were doing that already from your statement: "I understand we need to create VLANs on switchA and switchB"
Do you need the config for those switches too?
cheers,
Seb.
10-06-2017 08:17 AM - edited 10-06-2017 08:53 AM
Hi
The VLANs are important locally only, so on the layer 3 switches you need to create the VRF into the SVI and pass the VLANs over the Trunks, so you can create the VLANs on the layer 2 Switches to transport the VLANs to the other VRF End.
The VRF VLANs must be created on the Layer 2 switches and I suggest filter them over the trunks on the layer 2 switches, for example:
LAYER 3 SWITCH
ip vrf A
rd 1:1
route-target import 1:1
route-target export 1:1
vlan 10
name USERS
int vlan 10
ip vrf forwarding A
ip add 10.0.0.1 255.255.255.0
no shutdown
int g1/1/1
switchport
switchport trunk allowed vlan 10
switchport mode trunk
no shutdown
* You can include more VLANs over the trunks as usual.
LAYER 2 SWITCH
vlan 10
name USERS
int g1/1/1
switchport
switchport trunk allowed vlan 10
switchport mode trunk
no shutdown.
* You can include more VLANs over the trunks as usual.
Note: if you are executing ping to verify the connectivity you must wait few seconds to see the responses.
Hope it is useful
:-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide