In my configuration I have to interfaces for internet access, without vrf:
dsl operating-mode auto
encapsulation aal5mux ppp dialer
dialer pool-member 1
ip address negotiated
ip nat enable
dialer pool 1
no cdp enable
ppp chap ...
This two interfaces are in the global route table because there is no vrf indication. These are for internet access (a simple adsl connection)
Then, I have this interface in VRF named "lan123"
encapsulation dot1Q 123
ip vrf forwarding lan123
ip address 192.168.143.254 255.255.255.0
ip nat enable
Now the issue.
If I write:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0
this works and, with nat, internet works. The question is why this works without the "global" keyword? I'm going from the vrf named "lan123" routing table to global table without the using of "global" keyword.
If I try to use:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0 global
The global routing table is the normal routing table which can be seen using the show ip route command which contains all the routes of the customers. The vrf routing table contains only the per customer routing table.
Thankyou for you answer. The question is that we cannot jump from a virtual routing table to another without using BGP. If we would like to go in the global routing table (for internet navigation for example) we need to use a special syntax (i.e. "global" keyword). In my example interface "Dialer0" is in the global routing table. And the IOS permit me to go from a VRF table to the global routing table without using the "global" keyword with the:
ip route vrf voce 0.0.0.0 0.0.0.0 Dialer0
I think that this should not work. But works. I would like to know if this is a bug in IOS or not.
For "jump" from a routing table to another there is this another special syntax:
ip route 220.127.116.11 255.255.255.0 Serial2/1.1 192.168.121.113
I just see this now. But after thinking about this, I believe this is how it should work because we specify an interface rather than an IP address. Think about what the command is doing, and how VRF actually works. In the end, the traffic will leave an interface, that is all.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...