Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 5548

Is there an equivalant command/feature in the Nexus platform to leak a global default into a VRF?  I see the ip route commands under the vrf context name config and can add a default route there, but is that the equivalent of the command above in the subject?  I'm trying to isolate another division's network in a VRF and still allow them Internet access without segementing the other resources into VRFs.

thank you

Bill

  • LAN Switching and Routing
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Hi Bill,

NXOS doesnt have a global routing table like IOS. You need to use import/export to leak routes between VRF. For N5K, this is supported 6.0(2). Alternatively, you can use physical cable connects the ports in different VRF, but it will burn 2 ports.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5500/sw/release/notes/6_02/Nexus5500_Release_Notes_6_02.html#wp465598

HTH,

Lei Tian

Cisco Employee

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Got it. Here is what you need to do with static routes.

vrf context RED

ip route 0.0.0.0 0.0.0.0 e1/20 192.168.1.1

int e1/19

switch access vlan 255

interface vlan 255

ip add 192.168.1.1/24

int e1/20

no switchport

vrf member RED

ip add 192.168.1.2/24

ip route 192.168.64.0/24 vlan 255 192.168.1.2

ip route 192.168.65.0/24 vlan 255 192.168.1.2

HTH,

Lei Tian

16 REPLIES
Cisco Employee

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Hi Bill,

NXOS doesnt have a global routing table like IOS. You need to use import/export to leak routes between VRF. For N5K, this is supported 6.0(2). Alternatively, you can use physical cable connects the ports in different VRF, but it will burn 2 ports.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5500/sw/release/notes/6_02/Nexus5500_Release_Notes_6_02.html#wp465598

HTH,

Lei Tian

New Member

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Hi Lei,

can you give me an idea of how the physical cable would be setup?  I'm not prepared to create the additional vrfs and leak routes between them, but the cable option sounds interesting.  Would it be a matter of connecting one cable to say port eth 1/1 that is in the VRF and eth 1/2 that is in a vlan or l3 mode?  I see I would need to burn two

SFPs per switch too. 

thank you

Cisco Employee

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Hi Bill,

Yes, you got the idea. Just connect one cable to two physical ports, one in VRF and the other port in a vlan or l3 mode in default VRF. You can even form routing protocol between the physical ports, so dynamically leak routes from VRF into default vrf.

HTH,

Lei Tian

New Member

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Lei, I see I can only place a layer 3 interface in a VRF.  Would I need to assign the L3 interface an IP address in the VRF subnet, or is it good enough to just have the interface belong to the VRF with no IP address? 

thank you

Cisco Employee

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Hi Bill,

Yes, you can only assign L3 interface into VRF. It is layer 3 concept, think each VRF as a seperarte routing table. If the physcial port is access port, you can put the SVI in a VRF.

HTH,

Lei Tian

New Member

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Hi Lei.  I was planning on putting an SVI in the VRF, but how do I bridge that SVI with the physical port?  Could I simply put it in the same VLAN as the SVI? 

port 1/19 - vlan 255 (Global routing table that has Internet GW in that vlan)   <------->  port 1/20 - vlan 164  (SVI of that vlan in VRF)

thanks again

Cisco Employee

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

Hi Bill,

So e1/20 will be

switchport mode access

switch port access vlan 164

interface vlan164

vrf memeber RED

HTH,

Lei Tian

New Member

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

That's what I was imagining, but I now see another vlan, 165, that needs put into the same VRF.  So with that method I'd need to use another pair of interfaces in the same switch wouldn't I? 

thanks

Cisco Employee

ip route vrf name 0.0.0.0 0.0.0.0 192.168.1.1 global in Nexus 55

No, you dont need to have another pair of interfaces. Just put the SVI for vlan 165, 164 into the same VRF, and form a routing neighbor between vlan 255 and vlan 164.

HTH,

Lei Tian

2758
Views
0
Helpful
16
Replies