Cisco IOS – Find The ‘Default Route’ For A VRF

KB ID 0001086 


Routing is one of my weaker subjects, and today I was trying to chase some routes though a network to locate all the firewalls. The core of the network has a bunch of 6500 Switches in various data centers. I tracked the network I was working on to an SVI on one of the core switches, that was in a VRF.

6500 VRF

But how could I find the ‘next hop’, the routing table on these switches is very large.


Thankfully I’m surrounded by a team of routing ninjas, so I asked. The syntax is just;

show ip route vrf {VRF Name}

Note: I you don’t know the name of the vrf;

show running-config vrf


show running-config vrf | incl <NAME>

Then as with any routing table, look for the default route.

For example;

Petes-Core-SW#show ip route vrf CORP:NET

Routing Table: CORP:NET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is to network

S* [1/0] via is variably subnetted, 13 subnets, 5 masks
B [200/0] via, 3w5d
B [200/0] via, 3w5d
B [200/0] via, 3w5d
B [200/0] via, 3w5d
B [200/0] via, 3w5d
C is directly connected, GigabitEthernet2/28
L is directly connected, GigabitEthernet2/28
C is directly connected, Vlan229
L is directly connected, Vlan229
B [200/0] via, 3w4d
B [200/0] via, 3w4d
B [200/0] via, 3w5d
B [200/0] via, 3w4d is subnetted, 1 subnets
B [200/0] via, 3w5d

Lets test connectivity

Petes-Core-SW# ping vrf CORP:NET
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Next hop is (which turned out to be the firewall I was looking for).

To Ping Over a VFF

ping vrf <VRF-NAME> <IP ADDRESS>


ping vrf CORP:NET

To SSH Into Another IOS Device Over a VRF



ssh -l fredbloggs -vrf CORP:NET

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On