vrf-lite and "global" keyword in ip route

Unanswered Question


I have a 1841 with 12.4(16) IOS.

In my configuration I have to interfaces for internet access, without vrf:

interface ATM0/0/0

dsl operating-mode auto

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1


interface Dialer0

ip address negotiated

ip nat enable

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp chap ...


This two interfaces are in the global route table because there is no vrf indication. These are for internet access (a simple adsl connection)

Then, I have this interface in VRF named "lan123"

interface FastEthernet0/1.23

encapsulation dot1Q 123

ip vrf forwarding lan123

ip address

ip nat enable

Now the issue.

If I write:

ip route vrf lan123 Dialer0

this works and, with nat, internet works. The question is why this works without the "global" keyword? I'm going from the vrf named "lan123" routing table to global table without the using of "global" keyword.

If I try to use:

ip route vrf lan123 Dialer0 global

there is an error indication.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aghaznavi Fri, 09/07/2007 - 06:09

The global routing table is the normal routing table which can be seen using the show ip route command which contains all the routes of the customers. The vrf routing table contains only the per customer routing table.

Thankyou for you answer. The question is that we cannot jump from a virtual routing table to another without using BGP. If we would like to go in the global routing table (for internet navigation for example) we need to use a special syntax (i.e. "global" keyword). In my example interface "Dialer0" is in the global routing table. And the IOS permit me to go from a VRF table to the global routing table without using the "global" keyword with the:

ip route vrf voce Dialer0

I think that this should not work. But works. I would like to know if this is a bug in IOS or not.

For "jump" from a routing table to another there is this another special syntax:

ip route Serial2/1.1

but, in my example, I don't use this

tonypearce1 Tue, 04/24/2012 - 01:37

I just see this now. But after thinking about this, I believe this is how it should work because we specify an interface rather than an IP address. Think about what the command is doing, and how VRF actually works. In the end, the traffic will leave an interface, that is all.


This Discussion