Guest

Support

A through Z

Hierarchical Navigation

Downloads

A through Z

debug condition vrf

To limit debug output to a specific Virtual Routing and Forwarding (VRF) instance, use the debug condition vrfcommand in privileged EXEC mode. To remove the debug condition, use the undebug version of the command .

debug condition vrf vrf-name
undebug condition vrf vrf-name

Syntax Description

vrf-name

Name of a VRF.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to limit debug output to a single VRF.


Note
EIGRP does not support the debug condition vrf command.

Examples

The following example shows how to limit debugging output to VRF red:

Router# debug condition vrf red

Related Commands

Command

Description

vrf definition

Defines a virtual routing and forwarding instance.

debug vrf

To get debugging information on virtual routing and forwarding (VRF) instances, use the debug vrfcommand in privileged EXEC mode. To turn off the debug output, use the undebug version of the command.

debug vrf {create | delete | error | ha | initialization | interface | ipv4 | ipv6 | issu | lock | lookup | mpls | selection}
undebug vrf {create | delete | error | ha | initialization | interface | ipv4 | ipv6 | issu | lock | lookup | mpls | selection}

Syntax Description

create

Specifies VRF creation debugging.

delete

Specifies VRF deletion debugging.

error

Specifies VRF error debugging.

ha

Specifies VRF high-availability debugging.

initialization

Specifies VRF subsystem initialization debugging.

interface

Specifies VRF interface assignment debugging.

ipv4

Specifies VRF IPv4 address family debugging.

ipv6

Specifies VRF IPv6 address family debugging.

issu

Specifies VRF in-service software upgrade debugging.

lock

Specifies VRF lock debugging.

lookup

Specifies VRF database lookup debugging.

mpls

Specifies VRF multiprotocol label switching debugging.

selection

Specifies VRF selection debugging.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to get debugging information on VRFs.

Examples

The following example shows how to turn on debugging of VRF interface assignment:

Router# debug vrf interface

Related Commands

Command

Description

vrf definition

Defines a virtual routing and forwarding instance.

description (VRF definition)

To assign a helpful description to a virtual routing and forwarding (VRF) instance, use the description command in VRF definition configuration mode. To remove the description, use the no form of this command.

description string
no description

Syntax Description

string

Description of a VRF (up to 244 characters).

Command Default

This command has no default arguments or keywords.

Command Modes

VRF definition configuration mode (config-vrf)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Specify a helpful string of text for network administrators reading the configuration file.

Examples

The following example describes VRF red as a VRF for carrying Company-A traffic:

Router(config)# vrf definition red
Router(config-vrf)# description Company-A

Related Commands

Command

Description

vrf definition

Defines a virtual routing and forwarding instance.

exit-if-vnet

To exit virtual network interface mode, use the exit-if-vnetcommand in virtual network interface mode.

exit-if-vnet

Syntax Description

This command has no arguments or keywords.

Command Modes

Virtual network interface mode (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

This command is not saved in a configuration and therefore does not appear in show running-config output.

The exit-if-vnet command is one of the commands that will be displayed in system help if you enter a ? at the Router(config-if-vnet)# prompt. However, the exit command performs the same function as the exit-if-vnet command and is a shorter command to enter.

Examples

The following example shows how to exit virtual network interface mode:

Router(config)# vrf definition red
Router(config-vrf)# vnet tag 100
R1(config-vrf)# description guest access
R1(config-vrf)# address-family ipv4
R1(config-vrf-af)# exit-address-family
R1(config-vrf)# vrf definition blue
R1(config-vrf)# vnet tag 200
R1(config-vrf)# description Finance
R1(config-vrf)# address-family ipv4
R1(config-vrf-af)# exit-address-family
R1(config-vrf)# interface fastethernet 1/1/1
R1(config-if)# ip address 10.1.1.1 255.255.255.0
R1(config-if)# vnet trunk
R1(config-if)# vnet name blue
R1(config-if-vnet)# exit-if-vne
t
R1(config-if)#

Related Commands

Command

Description

exit

Exits any configuration mode to the next highest mode in the CLI mode hierarchy.

vnet

Configures overrides of an interface’s attributes on a per-VRF basis and enters virtual network interface mode.

exit-vrf-list

To exit VRF list submode, use the exit-vrf-listcommand in VRF list submode.

exit-vrf-list

Syntax Description

This command has no arguments or keywords.

Command Modes

VRF list submode (config-vrf-list)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

This command is not saved in a configuration and therefore does not appear in show running-config output.

The exit-vrf-list command is one of the commands that will be displayed in system help if you enter a ? at the Router(config-vrf-list)# prompt. However, the exit command performs the same function as the exit-vrf-list command and is a shorter command to enter.

Examples

The following example shows how to exit VRF list submode:

Router(config)# vrf list external
Router(config-vrf-list)# member blue
Router(config-vrf-list)# exit-vrf-list
Router(config)#

Related Commands

Command

Description

exit

Exits any configuration mode to the next highest mode in the CLI mode hierarchy.

vrf list

Defines a list of VRFs.

ip ospf vnet area

To create an association between all of the virtual network subinterfaces of a virtual network trunk interface and the default Open Shortest Path First (OSPF) instance for each virtual network, use the ip ospf vnet areacommand in interface configuration mode. To remove that association, use the noform of this command.

ip ospf vnet area area-id
no ip ospf vnet area area-id

Syntax Description

area-id

OSPF area ID as a decimal value or in IP address format.

Command Default

The default OSPF instance for a virtual network is the OSPF instance in that virtual network that has the lowest OSPF process-ID.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

This command is allowed on virtual network trunk interfaces only. Removing the vnet trunk command will cause the ip ospf vnet area command to be removed also.

Use this command to associate all of the virtual networks on the trunk interface with the default OSPF instance.

The default OSPF instance for a virtual network is the OSPF instance in the virtual network that has the lowest OSPF process-ID. Therefore, the addition or removal of OSPF instances might cause a subinterface using this command to move from one instance to another.


Note
This command does not create a new OSPF instance. OSPF instances must be created explicitly in OSPF router submode. This behavior provides a way of omitting OSPF in selected virtual networks.

Examples

The following example shows how to associate all of the virtual networks on the trunk interface with the default OSPF instance:

Router(config)# interface gigabitethernet 0/0/0
Router(config-if)# ip address 10.0.0.1 255.255.255.0
Router(config-if)# vnet trunk
Router(config-if)# ip ospf vnet area 0

Related Commands

Command

Description

vnet trunk

Configures an interface to be a virtual network trunk interface.

member (VRF list)

To make a VRF a member of a VRF list, use the member command in VRF list configuration mode. To remove the membership, use the no form of this command.

member vrf-name
no member vrf-name

Syntax Description

vrf-name

Name of a VRF that belongs to the VRF list.

Command Default

There are no VRF members in a VRF list.

Command Modes

VRF list configuration (config-vrf-list)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to designate that a VRF is a member of a VRF list. A VRF list can be used to specify which VRFs are enabled over a trunk interface. The list can be referenced in the vnet trunk command to apply the trunk features to all of the VRFs on the list at once.

A VRF must be defined before it can be specified as a member of a VRF list. Up to 32 VRFs can be added to a VRF list.

Examples

The following example defines a VRF list namedCompany-A. Members on the list are VRF red and VRF green.

Router(config)# vrf definition red
Router(config-vrf)# vnet tag 100
Router(config-vrf)# vrf definition green
Router(config-vrf)# vnet tag 200
Router(config-vrf)# exit
Router(config)# vrf list Company-A
Router(config-vrf-list)# member red
Router(config-vrf-list)# member green

Related Commands

Command

Description

vnet trunk

Configures an interface to be a trunk interface.

vrf definition

Defines a virtual routing and forwarding instance.

vrf list

Defines a list of VRFs.

redistribute vrf

To redistribute routes that were replicated from one VRF into another VRF, use the redistribute vrfcommand in router configuration mode. To stop such redistribution, use the no form of this command.

redistribute vrf vrf-name route-map map-tag
no redistribute vrf vrf-name route-map map-tag

Syntax Description

vrf-name

Specifies the name of the VRF from which routes were replicated.

route-map map-tag

Specifies the name of a route map that filters out routes that should not be redistributed back to the original protocol.

Command Default

No routes are redistributed.

Command Modes

Router configuration (config-rtr)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command when you have multiple VRFs that need to access a shared service, such as a database server or application server. The clients and servers are located in different VRFs. To achieve connectivity between clients and servers, routes must be exchanged among VRFs. Routes are replicated from one VRF to another VRF, then the routes are propagated across each VRF through redistribution into the Interior Gateway Protocol (IGP).

We recommend implementing the route replication on the router directly connected to the server subnet. This eliminates the need to redistribute the host prefixes on the server’s VRF and thereby avoids a potential routing loop.

Examples

The following example redisributes routes that were replicated from VRF blue into VRF red:

Router(config)# vrf definition red
Router(config-vrf)# vnet tag 101
Router(config-vrf)# address-family ipv4
Router(config-vrf)# route-replicate from vrf blue all route-map server-prefix-map
Router(config-vrf)# exit
Router(config)# ! Server prefix is carried in red and blue’s IGP to provide reachability 
Router(config)# ! to the server.
Router(config)# router ospf 1 vrf red
Router(config-rtr)# ! Redistribute routes that were replicated from vrf blue into red.
Router(config-rtr)# redistribute vrf blue route-map server-prefix-map

Related Commands

Command

Description

route-map

Defines the conditions for redistributing routes from one routing protocol into another.

route-replicate

Replicates routes from another topology and another VRF.

route-replicate (VRF address family)

To replicate routes from another topology and another VRF, use the route-replicatecommand in VRF address family configuration mode. To stop replicating routes, use the no form of this command.

route-replicate from vrf source-vrf-name {multicast | unicast} protocol [route-map map-tag]
no route-replicate from vrf source-vrf-name {multicast | unicast} protocol [route-map map-tag]

Syntax Description

from

Specifies from which topology route replication is enabled.

vrf source-vrf-name

Specifies the name of the VRF from which routes are replicated.

multicast

Specifies a multicast subaddress family identifier (SAFI).

unicast

Specifies a unicast SAFI.

protocol

Type of protocol of the source route. Note that some keywords require an argument. Valid keywords and arguments are:

  • all --Specifies all routes are replicated.
  • bgp autonomous-system-number --Border Gateway Protocol (BGP).
  • connected --Connected routes.
  • eigrp autonomous-system-number -- Enhanced Interior Gateway Routing Protocol (EIGRP).
  • isis area-tag --ISO Intermediate System-to-Intermediate System (IS-IS).
  • mobile --Mobile routes.
  • odr --On Demand stub routes.
  • ospf process-id --Open Shortest Path First (OSPF).
  • rip --Routing Information Protocol (RIP).
  • static --Static routes.

route-map map-tag

(Optional) Specifies the name of a route map that filters out routes that should not be replicated.

Command Default

No routes are replicated.

Command Modes

VRF address family (config-vrf-af)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Route replication creates a link to a route in a routing information base (RIB) that is in a different VRF.

Examples

The following example redistributes routes that were replicated from VRF blue into red:

Router(config)# vrf definition red
Router(config-vrf)# vnet tag 101
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# route-replicate from vrf blue all route-map server-prefix-map
Router(config-vrf-af)# exit-address-family
Router(config)# ! Server prefix is carried in red and blue’s IGP to provide reachability 
Router(config)# ! to the server.
Router(config)# router ospf 1 vrf red
Router(config-rtr)# ! Redistribute routes that were replicated from vrf blue into red.
Router(config-rtr)# redistribute vrf blue route-map server-prefix-map

Related Commands

Command

Description

route-map

Defines the conditions for redistributing routes from one routing protocol into another.

show ip route

Displays the current state of the routing table.

routing-context

To specify that subsequent EXEC commands will apply to a specific virtual routing and forwarding (VRF) instance, use the routing-contextcommand in privileged EXEC mode.

routing-context vrf vrf-name

Syntax Description

vrf vrf-name

Specifies the name of the VRF on which the subsequent EXEC commands will be based.

  • The vrf globalkeywords indicate the global vnet.

Command Default

There is no routing context for a specific VRF on which to base EXEC commands.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to set the VRF context before entering several privileged EXEC commands that you want to apply to the same VRF. This command saves you from repeatedly entering a VRF name in several commands while entering EXEC commands that apply to a single VRF.

When in a routing context, the system prompt changes to indicate the routing context being used.

Commands that can be used in a routing context are ping, show ip route, telnet, and traceroute.

Use the routing-context vrf global command to exit the routing context.

Examples

The following example of the routing-contextcommand causes the subsequent EXEC commands to apply to VRF red:

Router# routing-context vrf red
Router%red# ping 10.2.2.3
Protocol [ip]:
Sending 5, 100-byte ICMP Echos to 10.2.2.3, timeout is 2 seconds:
!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/2/4 ms
Router%red# show ip route
Routing Table: red
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.1.3.0/24 is directly connected, GigabitEthernet0/0/0.100
L        10.1.3.1/32 is directly connected, GigabitEthernet0/0/0.100
Router%red#

Related Commands

Command

Description

vrf definition

Configures a virtual routing and forwarding instance.

show running-config vnet

To display the running configuration of virtual networks configured on the router, use the show running-config vnetcommand in privileged EXEC mode.

show running-config vnet [vrf-name]

Syntax Description

vrf-name

(Optional) Name of a virtual network for which to display the running configuration.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to display the running configuration for one or all virtual networks configured on the router. The show running-config vnet command displays the same output as the show running-config vrf command, but displays only the virtual networks in the running configuration, not virtual routing and forwarding (VRF) instances.

Examples

The following sample output displays the running configurations for the virtual networks configured on the router:

Router# show running-config vnet
Building configuration...
Current configuration : 507 bytes
vrf definition blue
 vnet tag 200
 !
 address-family ipv4
 exit-address-family
!
!
interface GigabitEthernet1/1/0
 vnet trunk
 ip address 10.1.1.1 255.255.255.0
 vnet name red
 !
!
!
vrf definition red
 vnet tag 100
 !
 address-family ipv4
 exit-address-family
!
!         
interface GigabitEthernet1/1/0
 vnet trunk
 ip address 10.1.1.1 255.255.255.0
 vnet name red
 !
!
router eigrp rtp
!
address-family ipv4 unicast vrf red autonomous-system 1
  !
  topology base
  exit-af-topology
  network 10.0.0.0
 exit-address-family
!
!
end

Related Commands

Command

Description

vrf definition

Configures a virtual routing and forwarding instance.

show vnet

To display information about virtual networks, use the show vnetcommand in privileged EXEC mode.

show vnet [ipv4 | ipv6] [interface | brief | detail | lock] [vrf-name]

Syntax Description

ipv4

(Optional) Displays IPv4 information.

ipv6

(Optional) Displays IPv6 information when IPv6 is implemented in VRF NG.

interface

(Optional) Displays information about interfaces that have virtual networks configured.

brief

(Optional) Displays the name, tag, protocol, and interface for each virtual network.

detail

(Optional) Displays detailed information about virtual networks configured.

lock

(Optional) Displays VRF lock information.

vrf-name

(Optional) Name of a VRF.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Because a virtual network is a VRF, the show vnet command displays a subset of what the show vrf command displays; it displays only information about virtual networks.

Examples

The following sample output displays information about the interfaces that have virtual networks configured. The output is self-explanatory.

Router# show vnet interface
Interface    State VNET                             Tag   IP-Address
G1/1.100    Up    red                              100   10.1.1.1
G1/1.200    Up    blue                             200   10.1.1.1

Related Commands

Command

Description

show vrf

Displays information about VRFs.

show vnet counters

To display virtual network statistics, use the show vnet counters command in privileged EXEC mode.

show vnet counters

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to see virtual network statistics, such as the number of trunk interfaces configured on the router.

Examples

The following is sample output from the show vnet counters command. The output is self-explanatory.

Router# show vnet counters
Maximum number of VNETs supported: 32
Current number of VNETs configured: 8
Current number of VNET trunk interfaces: 1
Current number of VNET subinterfaces: 0
Current number of VNET forwarding interfaces: 0

Related Commands

Command

Description

vnet

Configures overrides of an interface’s attributes on a per-VRF basis and enters virtual network interface mode.

show vnet tag

To display where virtual network tags have been used or configured, use the showvnettag command in privileged EXEC mode.

show vnet tag

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to display the virtual network tags that the interfaces are using or configured with.

Examples

The following example displays the virtual network tags in use on all of the interfaces on the router. 

Router# show vnet tag
Tag   VNET(s)                          Interfaces 
100   red                              G1/1.100 
200   blue                             G1/1.200

Table 1 describes the significant fields shown in the display.

Table 1 show vnet tag Field Descriptions

Field

Description

Tag

Virtual network tag.

VNET(s)

Name of the virtual network using the tag.

Interface(s)

Interface on which the virtual network tag is configured or used. The tag number is appended to the interface number.

Related Commands

Command

Description

vnet tag

Assigns a tag to a virtual network.

vrf forwarding

Creates an edge interface for a virtual network.

show vrf counters

To display VRF statistics, use the show vrf counters command in privileged EXEC mode.

show vrf counters

Syntax Description

This command has no keywords or arguments.

Command Default

This command has no default arguments.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to see VRF statistics, such as the number of VRFs configured on the router.

Examples

The following example displays sample output for the show vrf counters command:

Router# show vrf counters
Maximum number of VRFs supported: 10000
Maximum number of IPv4 VRFs supported: 10000
Maximum number of IPv6 VRFs supported: 10000
Current number of VRFs: 1
Current number of IPv4 VRFs: 0
Current number of IPv6 VRFs: 0

Related Commands

Command

Description

vrf definition

Configures a Virtual Routing and Forwarding instance.

show vrf list

To display information about a VRF list, use the show vrf listcommand in privileged EXEC mode.

show vrf list [vrf-list-name]

Syntax Description

vrf-list-name

(Optional) Name of a VRF list to restrict the output.

Command Default

This command has no default arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to see the VRF lists on the router and which VRFs are on each list.

Examples

The following sample output displays information about the VRF lists on the router.

Router# show vrf list
List Name: CustomerA
  Description: CustomerA’s site
  VRF Member Name(s):
    Red
    Blue
    Green
List Name: CustomerB
  Description: CustomerB
  VRF Member Name(s):
    Orange
    Purple

The output is self-explanatory.

Related Commands

Command

Description

vrf list

Defines a list of VRFs.

snmp context

To create a Simple Network Management Protocol (SNMP) context for Multi-Topology Routing (MTR) or for virtual networking, use the snmp context command in the appropriate command mode. To delete an SNMP context, use the no form of this command.

For SNMP V1 or V2c

snmp context context-name [community community-name [ro | rw] ]

For SNMP V3

snmp context context-name [user username [credential | [encrypted] [auth {md5 password | sha password} ] [access {access-list-number | access-list-name | ipv6 access-list-name} ] ] ]
no snmp context context-name

Syntax Description

context-name

Name of the SNMP context being created.

community community-name

(Optional) In SNMP v2c, specifies an SNMP community string.

ro

(Optional) In SNMP v2c, specifies read-only access.

rw

(Optional) In SNMP v2c, specifies read and write access.

user username

(Optional) In SNMP v3, specifies an SNMP user.

credential

(Optional) In SNMP v3, specifies if the user password is already configured and saved.

encrypted

(Optional) In SNMP v3, specifies that passwords are MD5 or SHA digests.

auth

(Optional) In SNMP v3, specifies authentication parameters for the user.

md5 password

(Optional) In SNMP v3, uses HMAC MD5 algorithm for authentication.

sha password

(Optional) In SNMP v3, uses HMAC SHA algorithm for authentication.

access

(Optional) In SNMP v3, specifies an access list associated with this group.

access-list-number

(Optional) In SNMP v3, specifies a standard access list number in the range 1 to 99.

access-list-name

(Optional) In SNMP v3, specifies an access list name.

ipv6 access-list-name

(Optional) In SNMP v3, specifies an IPv6 access list name.

Command Default

No SNMP contexts are configured.

Command Modes

Address family configuration (config-router-af) Router address family topology configuration (config-router-af-topology) Router configuration (config-router) VRF address family configuration (config-vrf-af) VRF configuration (config-vrf)

Command History

Release

Modification

12.2(33)SRB

This command was introduced.

Cisco IOS XE Release 3.1S

This command integrated into Cisco IOS XE Release 3.1S.

Cisco IOS XE Release 3.2S

This command was modified. All of the keywords were added, and all of the arguments except for context-name were added.

Usage Guidelines

When you use the no snmp context command, all SNMP instances in that context are deleted.

Examples

The following example shows how to create an SNMP context to be associated with VPN companyA:

Router(config)# ip vrf companyA
Router(config-vrf)# snmp context contextA

The following example shows how to create an SNMP context in VRF address family configuration mode to be associated with VPN companyA:

Router(config)# vrf definition companyA
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# snmp context contextA

Related Commands

Command

Description

address-family (VRF)

Selects an address family type for a VRF table and enters VRF address family configuration mode.

ip vrf

Configures a VRF routing table.

show snmp context mapping

Displays information about SNMP context mappings for MTR.

vrf definition

Configures a VRF routing table instance and enters VRF configuration mode.

vnet

To configure overrides of an interface’s attributes on a per-VRF basis, use the vnetcommand in virtual network interface mode. To remove a VRF-specific set of overrides from an interface, use the no form of this command.

vnet {global | name vrf-name}
no vnet {global | name vrf-name}

Syntax Description

global

Allows the parent interface to have a different attribute from the subinterfaces. This is helpful when you have untagged packets arriving on a parent interface; the vnet global attributes are applied to such packets.

The vnet global is predefined on the router and refers to the default routing table. vnet global carries untagged traffic. By default, interfaces belong to vnet global.

name vrf-name

VRF that is included in the list of VRFs assigned to the interface by the vnet trunk command.

Command Default

Only vnet global exists.

Command Modes

Virtual network interface mode (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

This command can be entered on trunk interfaces only. Any commands entered under the vnetcommand will be disabled on any interface that does not have the vnet trunk command configured.

VRF subinterfaces inherit certain attributes from the parent interface. An example is the ip ospf cost command.

The vnetcommand is used if you want to configure a command for a specific VRF rather than inheriting the values of the VRFs on the interface. Use this command to enter virtual network interface mode and then configure commands that will apply to VRF specified.

Examples

The following example defines VRF red on Gigabit Ethernet interface 1/1/1. The system then enters virtual network interface mode and the user configures a value (OSPF cost of 30) that overrides the value inherited by the VRFs on the trunk interface (OSPF cost of 20).

Router(config)# interface gigabitethernet1/1/1
Router(config-if) vnet trunk
Router(config-if) ip address 10.1.2.1 255.255.255.0
Router(config-if) ! Set OSPF cost for all vNETs on this interface to 20.
Router(config-if) ip ospf cost 20
Router(config-if) vnet name red
Router(config-if) ! Set OSPF cost for red to 30.
Router(config-if-vnet) ip ospf cost 30
Router(config-if-vnet) exit-if-vnet

The following example defines VRF red on Gigabit Ethernet interface 1/1/1. The system then enters virtual network interface mode and the user configures a value (OSPF cost of 40) that applies to vnet global only.

Router(config)# interface gigabitethernet1/1/1
Router(config-if) vnet trunk
Router(config-if) ip address 10.1.2.1 255.255.255.0
Router(config-if) vnet global
Router(config-if-vnet) ! Set OSPF cost for global to 40.
Router(config-if-vnet) ip ospf cost 40
Router(config-if-vnet) exit-if-vnet

Related Commands

Command

Description

vnet trunk

Configures an interface to be a trunk interface.

vnet tag

To assign a tag to a virtual network, use the vnet tag command in vrf definition submode or interface VRF submode. To remove the tag, use the no form of this command.

vnet tag number
no vnet tag number

Syntax Description

number

Numeric tag that will encapsulate the packets in this virtual network. The range for number is platform-dependent.

Command Default

This command has no default arguments or keywords.

Command Modes

vrf definition submode (config-vrf) interface VRF submode (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

This command determines that the VRF is actually a VIPNet instance.

This command is typically used in vrf definition mode to assign a single tag to a VRF. You must ensure that the same virtual network tag value is configured for the same VRF on each edge and core router (interface).

This command might be used in interface VRF submode on a trunk interface if the user wants to give a VRF a different tag on one interface from the tag on another interface. The primary application for this situation would be for a VRF edge router to peer with an MPLS VPN PE router and the PE links to the VRF edge are VLANs. The vnet tag command allows the user to configure the virtual network tags to be the same as the VLAN IDs on a per-interface basis.

Examples

The following example illustrates the typical use of a virtual network tag. This example in vrf definition mode assigns tag 100 to VRF red. 

Router(config)# vrf definition red
Router(config-vrf) vnet tag 100

The following example is not a typical scenario, because one VRF is using two different tags. In this example in interface VRF submode, VRF blue is assigned tag 100 on Gigabit Ethernet interface 1/1/1 and tag 200 on Gigabit Ethernet interface 1/0/0:

Router(config)# interface gigabitethernet 1/1/1
Router(config-if)# vnet trunk
Router(config-if)# ip address 10.1.2.1 255.255.255.0
Router(config-if)# vnet name blue
Router(config-if)# vnet tag 100
Router(config-if)# exit
Router(config)# interface gigabitethernet 1/0/0
Router(config-if)# vnet trunk
Router(config-if)# ip address 10.1.2.2 255.255.255.0
Router(config-if)# vnet name blue
Router(config-if)# !Use different tag for vNET blue for this interface.
Router(config-if)# vnet tag 200

Related Commands

Command

Description

vrf definition

Defines a Virtual Routing and Forwarding instance.

vnet trunk

To configure an interface to be a virtual network trunk interface, use the vnet trunk command in interface configuration mode. To remove the virtual network trunk from the interface, use the no form of this command.

vnet trunk [list vrf-list-name]
no vnet trunk

Syntax Description

list vrf-list-name

(Optional) Name of a VRF list.

  • Use this keyword and argument to allow the trunk to carry multiple VRFs.

Command Default

This command has no default arguments or keywords.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

A trunk interface connects VRF routers together to provide the core to transport traffic for multiple VRFs. Trunk interfaces carry tagged traffic.

Because a trunk interface carries multiple VRFs, sometimes it is not sufficient to display only the trunk interface name in the output of show or debug commands. When it is necessary to indicate that display output pertains to a particular VRF running on the trunk interface, the convention used is interface.vnet-tag . For example, g1/1.101 or g1/1.102 .

Examples

The following example defines Gigabit Ethernet interface 1/1/1 as a trunk interface.

Router(config)# interface gigabitethernet 1/1/1
Router(config-if)# vnet trunk
Router(config-if)# ip address 10.1.1.1 255.255.255.0

Related Commands

Command

Description

vrf list

Defines a list of VRFs.

vrf definition

To configure a virtual routing and forwarding (VRF) routing table instance and enter VRF configuration mode, use the vrf definition command in global configuration mode. To remove a VRF routing table, use the no form of this command.

vrf definition vrf-name
no vrf definition vrf-name

Syntax Description

vrf-name

Name assigned to a VRF.

Command Default

No VRFs are defined. No import or export lists are associated with a VRF. No route maps are associated with a VRF.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.2(33)SRB

This command was introduced.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(33)SB

This command was integrated into Cisco IOS Release 12.2(33)SB.

12.4(20)T

This command was integrated into Cisco IOS Release 12.4(20)T.

12.2(33)SXI

This command was integrated into Cisco IOS Release 12.2(33)SXI.

Cisco IOS XE Release 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

Cisco IOS XE Release 3.2S

This command was modified. Its use was expanded to support virtual networks.

Usage Guidelines

Use the vrf definition command to give a VRF a name and to enter VRF configuration mode. Once the router is in VRF configuration mode, use the rd command to give the VRF a route distinguisher (RD). The rdcommand creates the routing and forwarding tables and associates the RD with the VRF instance named in the vrf-name argument.

Users can configure shared route targets (import and export) between IPv4 and IPv6. This feature is useful in a migration scenario, where IPv4 policies already are configured and IPv6 policies should be the same as the IPv4 policies. You can configure separate route-target policies for IPv4 and IPv6 VPNs in address family configuration mode. Enter address family configuration mode from VRF configuration mode.

In VRF configuration mode, you can also associate a Simple Network Management Protocol (SNMP) context with the named VRF and configure or update a VPN ID.

The vrf definition default command can be used to configure a VRF name that is a NULL value until a default VRF name can be configured. This is typically before any VRF-related AAA commands are configured.

Virtual Network Use of vrf definition Command

Use the vrf definition command to give a VRF a name and to enter VRF configuration mode. By default, each virtual network trunk interface on the router is able to carry traffic for every VRF defined by the vrf definition command. If you want to enable only a subset of VRFs on a trunk interface, use the vrf list command.


Note
We recommend you do not define a virtual network with the name “global,” because the system predefines vnet global and it is best to avoid conflict with the predefined version.

Examples

The following example assigns the name vrf1 to a VRF, enters VRF configuration mode, and configures a route distinguisher, 100:20:

Router(config)# vrf definition vrf1
Router(config-vrf)# rd 100:20

The following virtual network example defines VRF red, enters VRF configuration mode, and assigns virtual network tag 100 to VRF red:

Router(config)# vrf definition red
Router(config-vrf)# vnet tag 100

Related Commands

Command

Description

address-family (VRF)

Enters VRF address family configuration mode to select an address family type for a VRF table.

context

Associates an SNMP context with a particular VRF.

rd

Specifies a route distinguisher.

route-target

Creates a route-target extended community for a VPN VRF.

vnet

Configures overrides of an interface’s attributes on a per-VRF basis

vnet tag

Assigns a tag to a virtual network.

vpn id

Sets or updates a VPN ID on a VRF.

vrf forwarding

Associates a VRF instance with an interface or subinterface.

vrf list

Defines a list of VRFs.

vrf forwarding

To associate a Virtual Routing and Forwarding (VRF) instance or a virtual network with an interface or subinterface, use the vrf forwarding command in interface configuration mode. To disassociate a VRF or virtual network from an interface, use the no form of this command.

vrf forwarding vrf-name [downstream vrf-name2]
no vrf forwarding

Syntax Description

vrf-name

The interface name to be associated with the specified VRF.

downstream

(Optional) Enables half-duplex VRF (HDVRF) functionality on the interface and associates the interface with the downstream VRF.

vrf-name2

(Optional) The interface name to be associated with the specified downstream VRF.

Command Default

The default for an interface is the global routing table.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

12.2(33)SRB

This command was introduced.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(33)SB

This command was integrated into Cisco IOS Release 12.2(33)SB. The downstream vrf-name2 keyword and argument were added to support Multiprotocol Label Switching VPN half-duplex VRFs.

12.4(20)T

This command was integrated into Cisco IOS Release 12.4(20)T.

12.2(33)SXI

This command was integrated into Cisco IOS Release 12.2(33)SXI.

Cisco IOS XE Release 3.1S

This command was integrated into Cisco IOS XE Release 3.1S.

Cisco IOS XE Release 3.2S

This command was modified. Its use was expanded to support virtual networks.

Usage Guidelines

Use the vrf forwarding command to associate an interface with a VRF. When the interface is bound to a VRF, previously configured IPv4 and IPv6 addresses are removed, and they must be reconfigured.

The downstream keyword associates the interfaces with a downstream VRF, which enables half-duplex VRF functionality on the interface. Some functions operate in the upstream VRFs, and others operate in the downstream VRFs. The following functions operate in the downstream VRFs:

  • PPP peer routes are installed in the downstream VRFs.
  • Authentication, authorization, and accounting (AAA) per-user routes are installed in the downstream VRFs.
  • A Reverse Path Forwarding (RPF) check is performed in the downstream VRFs.

In the virtual network environment, the vrf forwarding command is supported on an edge interface; it is not supported on a trunk interface.

A VRF and a virtual network are mutually exclusive on an interface. In other words, an interface can be a VRF interface or a virtual network edge interface, but not both.

Examples

The following example shows how to associate a VRF named site1 to serial interface 0/0 and configure an IPv6 and an IPv4 address:

interface Serial0/0
 vrf forwarding site1
 ipv6 address 2001:100:1:1000::72b/64
 ip address 10.11.11.1 255.255.255.0

The following example associates the VRF named U with the virtual-template 1 interface and specifies the downstream VRF named D: 

Router(config)# interface virtual-template 1 
Router(config-if)# vrf forwarding U downstream D
Router(config-if)# ip unnumbered Loopback1

The following example shows how to configure an edge interface:

interface gigabitethernet 0/0/0
 vrf forwarding red
 ip address 10.12.12.1 255.255.255.0

Related Commands

Command

Description

vnet

Enters virtual network interface mode.

vrf definition

Configures a VRF routing table instance and enters VRF configuration mode.

vrf list

To define a list of VRFs, use the vrf list command in global configuration mode. To remove the list of VRFs, use the no form of this command.

vrf list vrf-list-name
no vrf list vrf-list-name

Syntax Description

vrf-list-name

Name of a list of VRFs.

  • A vrf-list-name may contain up to 32 characters. Quotation marks, spaces, and * are not allowed.

Command Default

This command has no default values.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Release 3.2S

This command was introduced.

Usage Guidelines

Use this command to create a list of VRFs and then specify the VRFs that belong on the list. The list can be referenced in the vnet trunk command, for example, to specify that the trunk interface can carry traffic for only the VRFs on the list.

The VRFs specified for the list must already be defined. A maximum of 32 VRF lists can be configured per router. Use the show vrf list command to see information about the list, such as description and members.

Examples

The following example defines a VRF list named nonprofits. Members on the list are VRF red and VRF green.

Router(config)# vrf definition red
Router(config-vrf)# vnet tag 100
Router(config-vrf)# description Foundation A
Router(config-vrf)# vrf definition green
Router(config-vrf)# vnet tag 200
Router(config-vrf)# description Foundation B
Router(config-vrf)# exit
Router(config)# vrf list nonprofits
Router(config-vrf-list)# description nonprofits 2010
Router(config-vrf-list)# member red
Router(config-vrf-list)# member green

Related Commands

Command

Description

member

Defines a member of a VRF list.

show vrf list

Displays information about VRF lists.