Solved: VRFs

Johnson_Mo · ‎12-08-2023

I have a cat 9300 and need to configure it for 5 different VRFs which simulates different L3 switches.

on R1, I have two GRE tunnels to ESW1. my question is: can I configure VRFs on ESW1 instead of using R2,ESW2 (has few vlans),ESW3 (has few vlans) as physical devices? topology is shown in the attached picture:

MHM Cisco World · ‎12-10-2023

I think you talking about below point

The VRF associated with the tunnel vrf command is the same as the VRF associated with the physical interface over which the tunnel sends packets (outer IP packet routing).

Router-c9300

Interface between Router and C9300 config with vrf RED

The C9300 have two tunnel each within one VRF and both use interface to Router as tunnel source

So

Interface tunnel 1

Tunnel vrf RED

Tunnel source interface (toward R)

Ip vrf forwarding BLUE

!

Interface tunnel 2

Tunnel vrf RED

Tunnel source interface (toward R)

Ip vrf forwarding Green

That meaning of this point' the tunnel source interface must config same as tunnel vrf.

View solution in original post

MHM Cisco World · ‎12-08-2023

if the SW support
vrf tunnel command
then you can use SW to config GRE tunnel.
MHM

Johnson_Mo · ‎12-08-2023

thanks for replying boss!

my main goal is to get rid of the SW2,SW3 and R2 and configure VRFS on the CAT 9300 switch. is this possible?

MHM Cisco World · ‎12-08-2023

these restriction for config GRE tunnel VRF aware in 9300 IOS XE

Both ends of the tunnel must reside within the same VRF. <<- only make sure both end use same VRF
The VRF associated with the tunnel vrf command is the same as the VRF associated with the physical interface over which the tunnel sends packets (outer IP packet routing).
The VRF associated with the tunnel by using the ip vrf forwarding command is the VRF that the packets are to be forwarded in as the packets exit the tunnel (inner IP packet routing).
The feature does not support the fragmentation of multicast packets passing through a multicast tunnel.
The feature does not support the ISIS (Intermediate System to intermediate system) protocol.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/b_166_rtng_9300_cg/b_166_rtng_9300_cg_chapter_011.html

MHM

Johnson_Mo · ‎12-09-2023

so, based one the doc, we can not associate multiple vrfs to one tunnel?

MHM Cisco World · ‎12-10-2023

I think you talking about below point

The VRF associated with the tunnel vrf command is the same as the VRF associated with the physical interface over which the tunnel sends packets (outer IP packet routing).

Router-c9300

Interface between Router and C9300 config with vrf RED

The C9300 have two tunnel each within one VRF and both use interface to Router as tunnel source

So

Interface tunnel 1

Tunnel vrf RED

Tunnel source interface (toward R)

Ip vrf forwarding BLUE

!

Interface tunnel 2

Tunnel vrf RED

Tunnel source interface (toward R)

Ip vrf forwarding Green

That meaning of this point' the tunnel source interface must config same as tunnel vrf.

MHM Cisco World · ‎12-10-2023

First point I make it in blue color'

The tunnel source as we see above can config with vrf under physical interface' tunnel destination as restrictions mention must be reachable via same VRF as tunnel source.

MHM