Scribd
Upload
315 views18 pages

Configure and Verify VRF Lite

This document provides instructions for implementing VRF-Lite on a network topology. The objectives are to configure and verify VRF functionality and static routing. The tasks include building the network, configuring VRF and interfaces on routers R1-R3 and switches D1-D2, and verifying static routing between the VRF instances. An addressing table is provided to configure IPv4 and IPv6 addresses on each interface.

Uploaded by

cciersman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
315 views18 pages

Configure and Verify VRF Lite

This document provides instructions for implementing VRF-Lite on a network topology. The objectives are to configure and verify VRF functionality and static routing. The tasks include building the network, configuring VRF and interfaces on routers R1-R3 and switches D1-D2, and verifying static routing between the VRF instances. An addressing table is provided to configure IPv4 and IPv6 addresses on each interface.

Uploaded by

cciersman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Download PNETLab Platform

PNETLAB Store
[Link]

IMPLEMENT VRF-LITE

Lab Topology:
Please use the following topology to complete this lab exercise:

[Link]
Objectives:
§ Configure and verify the VRF feature.
§ Verify static routing

1
Download PNETLab Platform
PNETLAB Store
[Link]

Task:

1. Build the Network and Configure Basic Device Settings


2. Configure and Verify VRF and Interface Addressing
3. Configure and Verify Static Routing for Reachability Inside Each VRF

Addressing Table:
Device Interface IPv4 Address IPv6 Address IPv6 Link-Local
fe80::1:1
G0/0/0 [Link]/24 [Link]/64
fe80::1:2
G0/0/1.5 [Link]/24 [Link]/64
R1 fe80::1:4
G0/0/1.8 [Link]/24 [Link]/64
fe80::1:2
S0/1/0 [Link]/25 [Link]/64
fe80::2:1
G0/0/0 [Link]/24 [Link]/64
R2 fe80::2:2
Loopback0 [Link]/24 [Link]/64
fe80::3:1
S0/1/0 [Link]/25 [Link]/64
R3 fe80::3:2
Loopback0 [Link]/27 [Link]/64
fe80::d1:1
G1/0/5 [Link]/24 [Link]/64
D1 fe80::d1:2
VLAN 11 [Link]/24 [Link]/64
fe80::d2:1
G1/0/5 [Link]/24 [Link]/64
D2 fe80::d2:2
VLAN 11 [Link]/24 [Link]/64

2
Download PNETLab Platform
PNETLAB Store
[Link]

Solution:
Task 1: Build the Network and Configure Basic Device Settings

Router R1:
enable
configure terminal
hostname R1
no ip domain lookup
ipv6 unicast-routing
banner motd # R1, Implement VRF-Lite #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit

Router R2:
enable
configure terminal
hostname R2
no ip domain lookup
ipv6 unicast-routing
banner motd # R2, Implement VRF-Lite #
line con 0

3
Download PNETLab Platform
PNETLAB Store
[Link]

exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface e0/0
ip address [Link] [Link]
ipv6 address fe80::2:1 link-local
ipv6 address [Link]/64
no shutdown
exit
interface loopback 0
ip address [Link] [Link]
ipv6 address fe80::2:2 link-local
ipv6 address [Link]/64
no shutdown
exit
ip route [Link] [Link] e0/0 [Link]
ipv6 route ::/0 e0/0 [Link]

Router R3:
enable
configure terminal
hostname R3
no ip domain lookup
ipv6 unicast-routing

4
Download PNETLab Platform
PNETLAB Store
[Link]

banner motd # R3, Implement VRF-Lite #


line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface e0/0
ip address [Link] [Link]
ipv6 address fe80::3:1 link-local
ipv6 address [Link]/64
no shutdown
exit
interface loopback 0
ip address [Link] [Link]
ipv6 address fe80::3:2 link-local
ipv6 address [Link]/64
no shutdown
exit
ip route [Link] [Link] e0/0 [Link]
ipv6 route ::/0 e0/0 [Link]

Switch D1:
enable
configure terminal
hostname D1

5
Download PNETLab Platform
PNETLAB Store
[Link]

no ip domain lookup
ip routing
ipv6 unicast-routing
banner motd # D1, Implement VRF-Lite #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface e0/0
no switchport
ip address [Link] [Link]
ipv6 address fe80::d1:1 link-local
ipv6 address [Link]/64
no shutdown
exit
vlan 11
name LOCAL_VLAN
exit
interface vlan 11
ip address [Link] [Link]
ipv6 address fe80::d1:2 link-local
ipv6 address [Link]/64
no shutdown
exit
interface e0/1
6
Download PNETLab Platform
PNETLAB Store
[Link]

switchport mode access


switchport access vlan 11
no shutdown
exit
ip route [Link] [Link] e0/0 [Link]
ipv6 route ::/0 e0/0 [Link]

Switch D2:
enable
configure terminal
hostname D2
no ip domain lookup
ip routing
ipv6 unicast-routing
banner motd # D2, Implement VRF-Lite #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
password cisco123
exec-timeout 0 0
logging synchronous
login
exit
interface e0/0
no switchport
ip address [Link] [Link]
ipv6 address fe80::d2:1 link-local
ipv6 address [Link]/64

7
Download PNETLab Platform
PNETLAB Store
[Link]

no shutdown
exit
vlan 11
name LOCAL_VLAN
exit
interface vlan 11
ip address [Link] [Link]
ipv6 address fe80::d2:2 link-local
ipv6 address [Link]/64
no shutdown
exit
interface e0/1
switchport mode access
switchport access vlan 11
no shutdown
exit
ip route [Link] [Link] e0/0 [Link]
ipv6 route ::/0 e0/0 [Link]

Switch A1:
enable
configure terminal
hostname A1
no ip domain lookup
banner motd # A1, Implement VRF-Lite #
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
privilege level 15
8
Download PNETLab Platform
PNETLAB Store
[Link]

password cisco123
exec-timeout 0 0
logging synchronous
login
exit
vlan 5
name D1
exit
vlan 8
name D2
exit
interface e0/0
switchport mode trunk
switchport nonegotiate
no shutdown
exit
interface e0/1
switchport mode access
switchport access vlan 5
no shutdown
exit
interface e0/2
switchport mode access
switchport access vlan 8
no shutdown

9
Download PNETLab Platform
PNETLAB Store
[Link]

Task 2: Configure and Verify VRF and Interface Addressing

Step 1: On R1, create the required VRFs.


a. Create the CUSTOMER_A and CUSTOMER_B VRFs, and initialize them for both
IPv4 and IPv6. The VRF names are case sensitive.
R1(config)# vrf definition CUSTOMER_A
R1(config-vrf)# address-family ipv4
R1(config-vrf-af)# address-family ipv6
R1(config-vrf-af)# exit
R1(config-vrf)# vrf definition CUSTOMER_B
R1(config-vrf)# address-family ipv4
R1(config-vrf-af)# address-family ipv6
R1(config-vrf-af)# exit

b. Configure interfaces e0/0 and e1/0 for the CUSTOMER_A network.


R1(config)# interface e0/0
R1(config-if)# vrf forwarding CUSTOMER_A
R1(config-if)# ip address [Link] [Link]
R1(config-if)# ipv6 address fe80::1:1 link-local
R1(config-if)# ipv6 address [Link]/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface e1/0
R1(config-if)# vrf forwarding CUSTOMER_A
R1(config-if)# ip address [Link] [Link]
R1(config-if)# ipv6 address fe80::1:4 link-local
R1(config-if)# ipv6 address [Link]/64
R1(config-if)# no shutdown
R1(config-if)# exit

10
Download PNETLab Platform
PNETLAB Store
[Link]

c. Configure R1 interface e0/2 to support the CUSTOMER_B networks. E0/2 will


be performing inter-VLAN routing between VLANs 5 and 8.
R1(config)# interface e0/2
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface e0/2.5
R1(config-subif)# encapsulation dot1q 5
R1(config-subif)# vrf forwarding CUSTOMER_B
R1(config-subif)# ip address [Link] [Link]
R1(config-subif)# ipv6 address fe80::1:2 link-local
R1(config-subif)# ipv6 address [Link]/64
R1(config-subif)# exit
R1(config)# interface e0/2.8
R1(config-subif)# encapsulation dot1q 8
R1(config-subif)# vrf forwarding CUSTOMER_B
R1(config-subif)# ip address [Link] [Link]
R1(config-subif)# ipv6 address fe80::1:3 link-local
R1(config-subif)# ipv6 address [Link]/64
R1(config-subif)# end

Step 2: Verify the VRF-Lite configuration.

a. Verify the interface assignments using the show ip vrf interfaces command:
R1#show ip vrf interfaces
Interface IP-Address VRF Protocol
Et0/0 [Link] CUSTOMER_A up
Et0/1 [Link] CUSTOMER_A up
Et0/2.5 [Link] CUSTOMER_B up
Et0/2.8 [Link] CUSTOMER_B up

11
Download PNETLab Platform
PNETLAB Store
[Link]

b. Verify the VRF routing tables with the show ip route vrf vrf_name and
show ipv6 route vrf vrf_name command:

R1#show ip route vrf CUSTOMER_A | begin Gateway


Gateway of last resort is not set
[Link]/8 is variably subnetted, 4 subnets, 2 masks
C [Link]/24 is directly connected, Ethernet0/0
L [Link]/32 is directly connected, Ethernet0/0
C [Link]/24 is directly connected, Ethernet0/1
L [Link]/32 is directly connected, Ethernet0/1

R1#show ipv6 route vrf CUSTOMER_B


IPv6 Routing Table - CUSTOMER_B - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
<output omitted>
a - Application
C [Link]/64 [0/0]
via Ethernet0/2.5, directly connected
L [Link]/128 [0/0]
via Ethernet0/2.5, receive
C [Link]/64 [0/0]
via Ethernet0/2.8, directly connected
L [Link]/128 [0/0]
via Ethernet0/2.8, receive
L FF00::/8 [0/0]
via Null0, receive

12
Download PNETLab Platform
PNETLAB Store
[Link]

c. Verify next-hop reachability within each vrf with the ping vrf vrf_name
address command:

R1#ping vrf CUSTOMER_A [Link]

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#ping vrf CUSTOMER_A [Link]

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to [Link], timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/18 ms
R1# ping vrf CUSTOMER_A [Link]

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
R1# ping vrf CUSTOMER_A [Link]

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to [Link], timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

13
Download PNETLab Platform
PNETLAB Store
[Link]

Task 3: Configure and Verify Static Routing for Reachability Inside Each VRF
Step 1: Verify that distant networks are not reachable within each VRF
In this step, you will check to make sure that distant networks are not
reachable from R1 within each VRF.
a. On R1, issue the commands ping vrf CUSTOMER_A [Link] and ping vrf
CUSTOMER_A [Link]. Neither should succeed:
R1# ping vrf CUSTOMER_A [Link]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1# ping vrf CUSTOMER_A [Link]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

b. On R1, issue the commands ping vrf CUSTOMER_A [Link] and


ping vrf CUSTOMER_A [Link]. Neither should succeed:
R1# ping vrf CUSTOMER_A [Link]

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to [Link], timeout is 2
seconds:
…..
% No valid route for destination
Success rate is 0 percent (0/1)
R1# ping vrf CUSTOMER_A [Link]

Type escape sequence to abort.


14
Download PNETLab Platform
PNETLAB Store
[Link]

Sending 5, 100-byte ICMP Echos to [Link], timeout is 2


seconds:
…..
% No valid route for destination
Success rate is 0 percent (0/1)

c. On R1, issue the commands ping vrf CUSTOMER_B [Link] and ping vrf
CUSTOMER_B [Link]. Neither should succeed:
R1# ping vrf CUSTOMER_B [Link]

Type escape sequence to abort.


Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

R1# ping vrf CUSTOMER_B [Link]


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

1. On R1, issue the commands ping vrf CUSTOMER_B [Link] and


ping vrf CUSTOMER_B [Link]. Neither should succeed:
R1# ping vrf CUSTOMER_B [Link]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2
seconds:

% No valid route for destination

15
Download PNETLab Platform
PNETLAB Store
[Link]

Success rate is 0 percent (0/1)

R1# ping vrf CUSTOMER_B [Link]


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2
seconds:

% No valid route for destination


Success rate is 0 percent (0/1)

Step 2: Configure static routing at R1 for each VRF


In this step, you will configure R1 so that it can reach distant networks in each
VRF. The neighbor systems (D1, D2, R2, and R3) have static routes already
configured, so as soon as you correctly install these static routes, there will be full
reachability within each VRF.
On R1, create static routes for the distant networks in the CUSTOMER_A VRF
using the ip route vrf vrf_name destination_network next-hop command.
R1(config)#ip route vrf CUSTOMER_A [Link] [Link] e0/0 [Link]
R1(config)#ip route vrf CUSTOMER_A [Link] [Link] e0/1 [Link]
R1(config)# ipv6 route vrf CUSTOMER_A [Link]/64 e0/0
[Link]
R1(config)# ipv6 route vrf CUSTOMER_A [Link]/64 e0/1
[Link]
R1(config)# ip route vrf CUSTOMER_B [Link] [Link] e0/2.5
[Link]
R1(config)# ip route vrf CUSTOMER_B [Link] [Link] e0/2.8
[Link]
R1(config)# ipv6 route vrf CUSTOMER_B [Link]/64 e0/2.5
[Link]
R1(config)# ipv6 route vrf CUSTOMER_B [Link]/64 e0/2.8
[Link]

16
Download PNETLab Platform
PNETLAB Store
[Link]

Step 3: Verify full reachability within each VRF


On R2, ping the IPv4 and IPv6 addresses of R3 interface Loopback0 using a source
address of R2 interface Loopback0. All pings should be successful.
R2#ping [Link] source loopback0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
Packet sent with a source address of [Link]
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R2#ping [Link] source loopback0


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2
seconds:
Packet sent with a source address of [Link]
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/18 ms

On R1, ping the IPv4 and IPv6 addresses of R2 and R3 interface Loopback0
R1#ping vrf CUSTOMER_A [Link]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1#ping vrf CUSTOMER_A [Link]


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is
2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms

R1#ping vrf CUSTOMER_A [Link]


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds:
17
Download PNETLab Platform
PNETLAB Store
[Link]

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms

R1#ping vrf CUSTOMER_A [Link]


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout is 2 seconds
:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

18

You might also like