Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Assistance Needed: Inter-VRF Routing with MP-BGP

hello everyone,

I've been trying to solve a problem for over a day regarding inter-vrf routing using MP-BGP and I can't seem to figure a few things out.

I have Cisco 1921 which has VRF-JLAN and VRF-JGLOBE with 3 interfaces configured as (g0/0 = vrf JLAN, g0/1=no vrf, g0/2 = dot1q trunk to 2960S). vrf JLAN is a restricted network for users access, dns server, e.t.c. vrf JGLOBE is for Video server and global routing table belongs to Wifi Access. I've been able to seperate all the network and I can route traffic out to the Internet from vrf JLAN and the global route table but where I'm having issues is getting vrf JGLOBE to route traffic using the Global route table.

For example: vrf JLAN should not be accessed by either Global or vrf JGLOBE. JGLOBE should be able to access vrf JLAN dns server but it should route its internet traffic via Global route table (g0/1). Last JLAN should be able to access 2 networks from the Global route table.

I've attached my config and diagram so you can better understand what I'm trying to achieve. More light to solving this problem would be much appreciated.

ip vrf JGLOBE
 rd 65001:2
 export map WIFI
 route-target export 65001:2
!
ip vrf JLAN
 rd 65001:1
 import ipv4 unicast map C-GLOBAL
 route-target export 65001:1
 route-target import 65001:1
 route-target import 65001:2

interface GigabitEthernet0/0
 description LAN-ACCESS-INTERNET [TO Nexthop FIREWALL]
 ip vrf forwarding JLAN
 ip address 192.168.4.3 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip inspect INTERNET-FW out
 ip virtual-reassembly in
 load-interval 30
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description GLOBAL-Wifi-INTERNET [TO Nexthop - FIREWALL]
 ip address 192.168.5.3 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip inspect GLOBAL-FW in
 ip inspect GLOBAL-FW out
 ip virtual-reassembly in
 load-interval 30
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.3
 description Users LAN
 encapsulation dot1Q 3
 ip vrf forwarding JLAN
 ip address 192.168.30.1 255.255.255.240
!
interface GigabitEthernet0/2.4
 description Video Server
 encapsulation dot1Q 4
 ip vrf forwarding JGLOBE
 ip address 10.6.40.1 255.255.255.0
!         
router ospf 1 vrf JLAN
 router-id 10.6.6.10
 redistribute bgp 65001 subnets
 network 0.0.0.0 255.255.255.255 area 0
!
router ospf 2 vrf JGLOBE
 router-id 10.5.7.10
 redistribute bgp 65001 subnets
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 65001
 bgp router-id 10.4.6.4
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 !
 address-family ipv4
  redistribute connected
 exit-address-family
 !
 address-family ipv4 vrf JGLOBE
  redistribute connected
  redistribute ospf 2
 exit-address-family
 !
 address-family ipv4 vrf JLAN
  redistribute connected
  redistribute ospf 1
 exit-address-family
!
ip dns view vrf JGLOBE default
ip dns view vrf JLAN default
ip route 0.0.0.0 0.0.0.0 192.168.5.1
ip route vrf JGLOBE 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.5.1
ip route vrf JLAN 0.0.0.0 0.0.0.0 192.168.4.1 name LAN_INET
!
!
ip prefix-list GLOBAL-INET seq 5 permit 0.0.0.0/0
!
ip prefix-list SERVER-NET seq 5 permit 10.6.40.2/32
!
ip prefix-list WIFI-NET seq 5 permit 10.254.0.0/22 le 32

 

Everyone's tags (1)
80
Views
0
Helpful
0
Replies
CreatePlease login to create content