Routing between VR's on a single switch

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered
Create Date: Mar 20 2013 3:28AM

I have a network that I am trying to isolate. Lets say it's 1.1.1.0/24. I would like it to communicate with 2.2.2.0/24 and 3.3.3.0/24 and not with the other 15 networks. My thought was to put it on a separate VR and only advertise this network to 2.2.2.0 and 3.3.3.0. I thought this might be a cleaner way to do this as opposed to creating an acl and having to list every network in the acl. And if I understand Extreme ACL's correctly (very possible that I dont'), I would have to create ingress and egress ACL's.
So the underlying question is - Am I able to route between VR's on the same switch without having to exit the switch, go through a firewall, and then connect back into the switch?

This is on a BD8810 XOS 12.6.3.2

Thanks!
Forrest

(from Forrest_Darst)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 20 2013 2:07PM

Hello Forest

As of right now there is no way to route between VRs in the same switch.  The intent of the VR is for complete L3 isolation so going to an out side FW or other router is needed.

As for the ACLs you can create an ACL that looks at the traffic in both directions of the conversation and have it applied on ingress.

P

(from Paul_Russo)
Photo of Wallance

Wallance

  • 260 Points 250 badge 2x thumb
Hello,

For X670 with summitX-15.4.1.3, does it support routing between VRs on a single switch? Or one PBR can solve routing of different VRs on the same switch?

Thanks.
Photo of MrGuga

MrGuga

  • 294 Points 250 badge 2x thumb
If you have 2 spare ports, you might link them to each other and put each one in a different VR. Never tried it though, you might have some trouble because of the same macaddress. But then you could create a new macaddress on that interface with VRRP.
Photo of Wallance

Wallance

  • 260 Points 250 badge 2x thumb
Did it work from you? Would you share some config? Thanks a lot.
Photo of Stephane Grosjean

Stephane Grosjean

  • 762 Points 500 badge 2x thumb
Hi,

that wouldn't be a good idea, as the mac address would be the same (tricking it with VRRP doesn't work).

As of today, VRF leaking is not supported. I'd encourage you to contact your local SE to discuss this topic further.

This conversation is no longer open for comments or replies.