VRFs on a Cisco 2600
I searched about the web for information on how to do this and didn’t find anything obvious (all examples where far to complex). My home network (as I’ve said before) is overly complex, it’s designed to mirror many of the different techniques that I use at work. To that end, I have a management network which is heavily locked down, which provides me access to the various router and switch management interfaces.
I had a problem though, in order to reach my management IP on my router I had to trunk a vlan to it, which worked fine. But because I already had a default route I couldn’t route back managment traffic easily (without many many different routes) back to my network, so I could only ever configure the router from my core house router. This sucked.
I had heard about VRFs at work in relation to MPLS, I thought that it might help. Sure enough it’s done what I want. I think I’m best demonstrating this with route print outs and the config rather then words.
ala-2620-ro01#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
ala-2620-ro01#sh ip route vrf mgmt
Routing Table: mgmt
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.10.10.1
ala-2620-ro01#sh ip route vrf inet
Routing Table: inet
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
88.0.0.0/29 is subnetted, 1 subnets
C xxx.xxx.xxx.xxx is directly connected, FastEthernet0/0.10
62.0.0.0/32 is subnetted, 1 subnets
C 62.3.83.5 is directly connected, Dialer0
S* 0.0.0.0/0 is directly connected, Dialer0
Config:
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ala-2620-ro01
!
logging buffered 4096 informational
logging console informational
!
no aaa new-model
ip subnet-zero
ip cef
!
no ip domain lookup
ip domain name alastria.lan
ip name-server 10.10.10.1
!
ip vrf inet
!
ip vrf mgmt
!
ip multicast-routing vrf mgmt
ip multicast-routing vrf inet
!
ip audit po max-events 100
!
username peter privilege 15 secret 5 xxxx
username monitor secret 5 xxxx
!
interface ATM0/0
no ip address
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0/0
ip vrf forwarding mgmt
ip address 10.10.10.10 255.255.255.0
no ip proxy-arp
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding inet
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip pim sparse-dense-mode
no snmp trap link-status
!
interface Dialer0
ip vrf forwarding inet
ip unnumbered FastEthernet0/0.10
ip pim sparse-dense-mode
encapsulation ppp
ip route-cache flow
ip igmp unidirectional-link
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxx
ppp chap password 0 xxxx
!
ip http server
ip http authentication local
no ip http secure-server
!
ip classless
!
ip route vrf mgmt 0.0.0.0 0.0.0.0 10.10.10.1
ip route vrf inet 0.0.0.0 0.0.0.0 Dialer0
!
logging facility local0
logging source-interface FastEthernet0/0
logging 10.10.0.1
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 10 deny any
!
snmp-server community public RO 10
snmp-server enable traps tty
!
line con 0
login local
line aux 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
ntp clock-period 17179815
ntp source FastEthernet0/0
ntp server 10.10.10.1
!
end