Solved: VXLAN with multiple VRF

peter.matuska1 · ‎01-26-2025

Hi,

I have 4 VLANs - 10, 20, 30 and 40. VLANs 10 and 20 are VXLAN enabled with L3VNI. Communications works fine between them. VLANs 30 and 40 are for guest access and needs to be VXLAN enabled as well but need to be in different VRF since they cant have access to 10 and 20. What is the best way to configure it? I configured the vrf definition REGULAR (for 10 and 20) and vrf definition GUEST (for 30 and 40) and it didnt work. Is there any guide how to confiugre it? I tried different NVE interface but no luck.

I did it on Cat9300.

thank you

vishalbhandari · ‎01-26-2025

@peter.matuska1

To configure VLANs 30 and 40 as VXLAN-enabled in a separate VRF (GUEST) on a Catalyst 9300, ensure the following steps:

Create the VRFs: You've already created vrf definition REGULAR and vrf definition GUEST. Ensure they're configured properly with appropriate RD (Route Distinguisher) and RT (Route Target) values.
Map VLANs to VRFs: Use the interface vlan configuration to assign VLANs 30 and 40 to the GUEST VRF.
interface Vlan30 vrf forwarding GUEST ip address <IP> interface Vlan40 vrf forwarding GUEST ip address <IP>
Configure L3VNI for the GUEST VRF: Map the GUEST VRF to its own L3VNI and associate it with RT values. For example:
vrf definition GUEST rd 2:2 address-family ipv4 unicast route-target both 2:2
Set Up the NVE Interface: Ensure the nve1 interface has mappings for both VRFs with their respective VNIs.

interface nve1 member vni 30010 associate-vrf member vni 30020 associate-vrf
Configure VLAN-to-VNI Mapping: Map VLANs 30 and 40 to their VXLAN VNIs in the global configuration.
vlan configuration 30,40 vn-segment <VNI for VLAN 30/40>
Check Fabric and Routing: Ensure the underlay network supports routing for the new L3VNI. If issues persist, verify BGP EVPN configuration and the nve1 interface settings.

Refer to Cisco's VXLAN EVPN configuration guide for Catalyst 9300 switches for detailed steps. Make sure all necessary VXLAN and BGP configurations are aligned between devices.

View solution in original post

MHM Cisco World · ‎01-26-2025

you want vlan 10 an vlan 20 talk to each other

And vlan 30 and vlan 40 talk to each other

But these two group must separate?

MHM

vishalbhandari · ‎01-26-2025

@peter.matuska1

To configure VLANs 30 and 40 as VXLAN-enabled in a separate VRF (GUEST) on a Catalyst 9300, ensure the following steps:

Create the VRFs: You've already created vrf definition REGULAR and vrf definition GUEST. Ensure they're configured properly with appropriate RD (Route Distinguisher) and RT (Route Target) values.
Map VLANs to VRFs: Use the interface vlan configuration to assign VLANs 30 and 40 to the GUEST VRF.
interface Vlan30 vrf forwarding GUEST ip address <IP> interface Vlan40 vrf forwarding GUEST ip address <IP>
Configure L3VNI for the GUEST VRF: Map the GUEST VRF to its own L3VNI and associate it with RT values. For example:
vrf definition GUEST rd 2:2 address-family ipv4 unicast route-target both 2:2
Set Up the NVE Interface: Ensure the nve1 interface has mappings for both VRFs with their respective VNIs.

interface nve1 member vni 30010 associate-vrf member vni 30020 associate-vrf
Configure VLAN-to-VNI Mapping: Map VLANs 30 and 40 to their VXLAN VNIs in the global configuration.
vlan configuration 30,40 vn-segment <VNI for VLAN 30/40>
Check Fabric and Routing: Ensure the underlay network supports routing for the new L3VNI. If issues persist, verify BGP EVPN configuration and the nve1 interface settings.

Refer to Cisco's VXLAN EVPN configuration guide for Catalyst 9300 switches for detailed steps. Make sure all necessary VXLAN and BGP configurations are aligned between devices.

peter.matuska1 · ‎02-27-2025

thank you, this worked

peter.matuska1 · ‎01-26-2025

thank you, I will try this configuration.