Scribd
Upload
22 views12 pages

VIRTUAL ROUTING AND FORWARDING LABS

The document provides a detailed guide on configuring Virtual Routing and Forwarding (VRF) for the CCNP ENCOR exam, including steps for creating VRF instances, VLAN configurations, and static routing. It outlines specific commands for routers and switches, as well as examples for dual-stack configurations with IPv4 and IPv6. Additionally, it includes testing commands to verify VRF configurations and routing tables.

Uploaded by

hamzakilame
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views12 pages

VIRTUAL ROUTING AND FORWARDING LABS

The document provides a detailed guide on configuring Virtual Routing and Forwarding (VRF) for the CCNP ENCOR exam, including steps for creating VRF instances, VLAN configurations, and static routing. It outlines specific commands for routers and switches, as well as examples for dual-stack configurations with IPv4 and IPv6. Additionally, it includes testing commands to verify VRF configurations and routing tables.

Uploaded by

hamzakilame
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

VIRTUAL ROUTING AND FORWARDING

CCNP ENCOR Exam

By Justin O. OLANGI
(view my LinkedIn)
II. TOPOLOGY
This topologies are used just as a example.

For more advanced features of VRF, see the Cisco CCNP MPLS Layer 3 VPN course.

2 By Justin O. OLANGI
II. VIRTUAL ROUTING AND FORWARDING CONFIG
The following steps are required to create a VRF and assign it to an interface:

Step 1. Create a multiprotocol VRF routing table by using the command vrf definition vrf-name.

Step 2. Initialize the appropriate address family by using the command address-family {ipv4 |
ipv6}. The address family can be IPv4, IPv6, or both.

Step 3. Enter interface configuration submode and specify the interface to be associated with the
VRF instance by using the command interface interface-id.

Step 4. Associate the VRF instance to the interface or subinterface by entering the command vrf
forwarding vrf-name under interface configuration submode.

Step 5. Configure an IP address (IPv4, IPv6, or both) on the interface or subinterface by entering
either or both of the following commands:

IPv4 : ip address ip-address subnet-mask [secondary]


IPv6 : ipv6 address ipv6-address/prefix-length

II.1 VLAN Configuration

a. SW1
SW1(config)# vlan 10
SW1(config-vlan)# name Banking
SW1(config-vlan)# exit

SW1(config)# vlan 20
SW1(config-vlan)# name Employees
SW1(config-vlan)# exit

SW1(config)# vlan 444


SW1(config-vlan)# name MyRemote
SW1(config-vlan)# exit

SW1(config)# interface g0/0


SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan 10,20,444
SW1(config-if)# switchport trunk native vlan 444

SW1(config)# interface g0/1


SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10

3 By Justin O. OLANGI
SW1(config)# interface g0/2
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 20

a. SW2
SW2(config)# vlan 10
SW2(config-vlan)# name Banking
SW2(config-vlan)# exit

SW2(config)# vlan 20
SW2(config-vlan)# name Employees
SW2(config-vlan)# exit

SW2(config)# vlan 444


SW2(config-vlan)# name MyRemote
SW2(config-vlan)# exit

SW2(config)# interface g0/0


SW2(config-if)# switchport trunk encapsulation dot1q
SW2(config-if)# switchport mode trunk
SW2(config-if)# switchport trunk allowed vlan 10,20,444
SW2(config-if)# switchport trunk native vlan 444

SW2(config)# interface g0/1


SW2(config-if)# switchport mode access
SW2(config-if)# switchport access vlan 10

SW2(config)# interface g0/2


SW2(config-if)# switchport mode access
SW2(config-if)# switchport access vlan 20

II.2 VRF Dual Stack Configuration

a. R1
R1(config)# vrf definition Banking
R1(config-vrf)# description SENSITIVE_TRAFFIC
R1(config-vrf)# address-family ipv4
R1(config-vrf-af)# address-family ipv6

R1(config)# vrf definition Employees


R1(config-vrf)# description NORMAL_TRAFFIC
R1(config-vrf)# address-family ipv4
R1(config-vrf-af)# address-family ipv6

R1(config)# vrf definition MyRemote


R1(config-vrf)# description IT_MANAGEMENT
R1(config-vrf)# address-family ipv4
R1(config-vrf-af)# address-family ipv6
R1(config-vrf-af)# exit
R1(config-vrf)# exit

4 By Justin O. OLANGI
R1(config)# interface g0/1
R1(config-if)# no shutdown
R1(config-if)# exit

R1(config)# interface g0/1.10


R1(config-if)# description FOR_Banking
R1(config-if)# vrf forwarding Banking
R1(config-if)# encapsulation dot1q 10
R1(config-if)# ip address 10.177.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:177:10::1/64

R1(config)# interface g0/1.20


R1(config-if)# description FOR_Employees
R1(config-if)# vrf forwarding Employees
R1(config-if)# encapsulation dot1q 20
R1(config-if)# ip address 10.177.20.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:177:20::1/64

R1(config)# interface g0/1.444


R1(config-if)# description FOR_MyRemote
R1(config-if)# vrf forwarding MyRemote
R1(config-if)# encapsulation dot1q 444 native
R1(config-if)# ip address 10.177.44.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:177:44::1/64

R1(config)# interface g0/0


R1(config-if)# no shutdown
R1(config-if)# exit

R1(config)# interface g0/0.10


R1(config-if)# description FOR_Banking
R1(config-if)# vrf forwarding Banking
R1(config-if)# encapsulation dot1q 10
R1(config-if)# ip address 10.177.1.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:177:1::1/64

R1(config)# interface g0/0.20


R1(config-if)# description FOR_Employees
R1(config-if)# vrf forwarding Employees
R1(config-if)# encapsulation dot1q 20
R1(config-if)# ip address 10.177.2.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:177:2::1/64

R1(config)# interface g0/0.444


R1(config-if)# description FOR_MyRemote
R1(config-if)# vrf forwarding MyRemote
R1(config-if)# encapsulation dot1q 444
R1(config-if)# ip address 10.177.4.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:177:4::1/64

5 By Justin O. OLANGI
b. R2
R2(config)# vrf definition Banking
R2(config-vrf)# description SENSITIVE_TRAFFIC
R2(config-vrf)# address-family ipv4
R2(config-vrf-af)# address-family ipv6

R2(config)# vrf definition Employees


R2(config-vrf)# description NORMAL_TRAFFIC
R2(config-vrf)# address-family ipv4
R2(config-vrf-af)# address-family ipv6

R2(config)# vrf definition MyRemote


R2(config-vrf)# description IT_MANAGEMENT
R2(config-vrf)# address-family ipv4
R2(config-vrf-af)# address-family ipv6
R2(config-vrf-af)# exit
R2(config-vrf)# exit

R2(config)# interface g0/1


R2(config-if)# no shutdown
R2(config-if)# exit

R2(config)# interface g0/1.10


R2(config-if)# description FOR_Banking
R2(config-if)# vrf forwarding Banking
R2(config-if)# encapsulation dot1q 10
R2(config-if)# ip address 10.77.10.1 255.255.255.0
R2(config-if)# ipv6 address 2001:db8:77:10::1/64

R2(config)# interface g0/1.20


R2(config-if)# description FOR_Employees
R2(config-if)# vrf forwarding Employees
R2(config-if)# encapsulation dot1q 20
R2(config-if)# ip address 10.77.20.1 255.255.255.0
R2(config-if)# ipv6 address 2001:db8:77:20::1/64

R2(config)# interface g0/1.444


R2(config-if)# description FOR_MyRemote
R2(config-if)# vrf forwarding MyRemote
R2(config-if)# encapsulation dot1q 444 native
R2(config-if)# ip address 10.77.44.1 255.255.255.0
R2(config-if)# ipv6 address 2001:db8:77:44::1/64

R2(config)# interface g0/0


R2(config-if)# no shutdown
R2(config-if)# exit

R2(config)# interface g0/0.10


R2(config-if)# description FOR_Banking
R2(config-if)# vrf forwarding Banking
R2(config-if)# encapsulation dot1q 10
R2(config-if)# ip address 10.177.1.2 255.255.255.0
R2(config-if)# ipv6 address 2001:db8:177:1::2/64

6 By Justin O. OLANGI
R2(config)# interface g0/0.20
R2(config-if)# description FOR_Employees
R2(config-if)# vrf forwarding Employees
R2(config-if)# encapsulation dot1q 20
R2(config-if)# ip address 10.177.2.2 255.255.255.0
R2(config-if)# ipv6 address 2001:db8:177:2::2/64

R2(config)# interface g0/0.444


R2(config-if)# description FOR_MyRemote
R2(config-if)# vrf forwarding MyRemote
R2(config-if)# encapsulation dot1q 444
R2(config-if)# ip address 10.177.4.2 255.255.255.0
R2(config-if)# ipv6 address 2001:db8:177:4::2/64

II.3 VRF Static Routing

a. R1
R1(config)# ip route vrf Banking 10.77.10.0 255.255.255.0 10.177.1.2
R1(config)# ip route vrf Employees 10.77.20.0 255.255.255.0 10.177.2.2
R1(config)# ip route vrf MyRemote 10.77.44.0 255.255.255.0 10.177.4.2

R1(config)# ipv6 route vrf Banking 2001:db8:77:10::0/64 2001:db8:177:1::2


R1(config)# ipv6 route vrf Employees 2001:db8:77:20::0/64 2001:db8:177:2::2
R1(config)# ipv6 route vrf MyRemote 2001:db8:77:44::0/64 2001:db8:177:4::2

b. R2
R2(config)# ip route vrf Banking 10.177.10.0 255.255.255.0 10.177.1.1
R2(config)# ip route vrf Employees 10.177.20.0 255.255.255.0 10.177.2.1
R2(config)# ip route vrf MyRemote 10.177.44.0 255.255.255.0 10.177.4.1

R2(config)# ipv6 route vrf Banking 2001:db8:177:10::0/64 2001:db8:177:1::1


R2(config)# ipv6 route vrf Employees 2001:db8:177:20::0/64 2001:db8:177:2::1
R2(config)# ipv6 route vrf MyRemote 2001:db8:177:44::0/64 2001:db8:177:4::1

II.4 VRF IPv6 Routing enable

R1(config)# ipv6 unicast-routing


R2(config)# ipv6 unicast-routing

7 By Justin O. OLANGI
II.5 VRF Test

a. Show VRF
➢ R1

R1#show vrf
Name Default RD Protocols Interfaces
Banking <not set> ipv4,ipv6 Gi0/1.10
Gi0/0.10
Employees <not set> ipv4,ipv6 Gi0/1.20
Gi0/0.20
MyRemote <not set> ipv4,ipv6 Gi0/1.444
Gi0/0.444

➢ R2

R2#
R2#show vrf
Name Default RD Protocols Interfaces
Banking <not set> ipv4,ipv6 Gi0/1.10
Gi0/0.10
Employees <not set> ipv4,ipv6 Gi0/1.20
Gi0/0.20
MyRemote <not set> ipv4,ipv6 Gi0/1.444
Gi0/0.444

R2#

8 By Justin O. OLANGI
b. Show VRF Routing Table
➢ R2 IPv4

R2#show ip route vrf Banking

Routing Table: Banking


Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks


C 10.77.10.0/24 is directly connected, GigabitEthernet0/1.10
L 10.77.10.1/32 is directly connected, GigabitEthernet0/1.10
C 10.177.1.0/24 is directly connected, GigabitEthernet0/0.10
L 10.177.1.2/32 is directly connected, GigabitEthernet0/0.10
S 10.177.10.0/24 [1/0] via 10.177.1.1
R2#

R2#

9 By Justin O. OLANGI
➢ R2 IPv6

R2#show ipv6 route vrf Banking


IPv6 Routing Table - Banking - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
lA - LISP away, a – Application

C 2001:DB8:77:10::/64 [0/0]
via GigabitEthernet0/1.10, directly connected
L 2001:DB8:77:10::1/128 [0/0]
via GigabitEthernet0/1.10, receive
C 2001:DB8:177:1::/64 [0/0]
via GigabitEthernet0/0.10, directly connected
L 2001:DB8:177:1::2/128 [0/0]
via GigabitEthernet0/0.10, receive
S 2001:DB8:177:10::/64 [1/0]
via 2001:DB8:177:1::1
L FF00::/8 [0/0]
via Null0, receive
R2#

10 By Justin O. OLANGI
c. Ping between vPC by VRF
➢ User1 VRF Banking R1 to SRV1 VRF Banking R2

11 By Justin O. OLANGI
➢ User2 VRF Employees R1 to SRV2 VRF Employees R2

12 By Justin O. OLANGI

You might also like