Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Avoid using connected network using vrf

Hi Everyone,

I have a 3560G connected to an ASA FW, both running layer 3 and hosting 6 or so VLANs. The switch is the default gateway for all VLANs (client request) and therefore see's all networks as connected. I used route maps to push the traffic from the switch to the FW so that it got firewalled before being delivered, but I cannot use one of the commands for failover should the FW fail (I wanted to route locally should the FW fail).

So, my question is this. If I placed all VLANs in their own vrf, NETA would not longer see NETB as a connected network and would follow the route to the FW's NETA interface. I could then inject the connecteds into each vrf but adjust theirf metric so that they are less preferable than the route to the FW. Should the FW route die, the next route would become active and traffic would route internally to the switch.

Can anyone see a problem with this idea?

Dan

PS - thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Avoid using connected network using vrf

How are you planning to inject the routes?

To leak routes between VRFs, you use static routing in the 3560 but you must point the gateway to an external device.

Ideally, you can use the FW as the gateway for those static routes but if the FW is down, the failover static routing approach won't work as expected.

5 REPLIES
Hall of Fame Super Bronze

Avoid using connected network using vrf

How are you planning to inject the routes?

To leak routes between VRFs, you use static routing in the 3560 but you must point the gateway to an external device.

Ideally, you can use the FW as the gateway for those static routes but if the FW is down, the failover static routing approach won't work as expected.

New Member

Avoid using connected network using vrf

thanks Edison.

Im trying to find a workaround for my previous question, but the route map statement isnt supported on 3560G. Any ideas on how I could get around this?

Dan

Hall of Fame Super Bronze

Avoid using connected network using vrf

Implementing redundancy at the FWs and only use the switches for Layer2?

New Member

Avoid using connected network using vrf

we only have a single FW and a single switch, unfortunately.

Dan

Hall of Fame Super Bronze

Avoid using connected network using vrf

No way around it...

217
Views
0
Helpful
5
Replies
CreatePlease to create content