KB ID 0001086 Dtd 18/06/15
Routing is one of my weaker subjects, and today I was trying to chase some routes though a network to locate all the firewalls. The core of the network has a bunch of 6500 Switches in various data centers. I tracked the network I was working on to an SVI on one of the core switches, that was in a VRF.
But how could I find the ‘next hop’, the routing table on these switches is very large.
Thankfully I’m surrounded by a team of routing ninjas, so I asked. The syntax is just;
Note: I you don’t know the name of the vrf;
show running-config vrf | incl <NAME>
Then as with any routing table, look for the default route.
Petes-Core-SW#show ip route vrf CORP:NET Routing Table: CORP:NET Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 184.108.40.206 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 220.127.116.11 10.0.0.0/8 is variably subnetted, 13 subnets, 5 masks B 10.1.0.0/16 [200/0] via 18.104.22.168, 3w5d B 22.214.171.124/24 [200/0] via 126.96.36.199, 3w5d B 188.8.131.52/24 [200/0] via 184.108.40.206, 3w5d B 220.127.116.11/24 [200/0] via 18.104.22.168, 3w5d B 10.220.50.0/24 [200/0] via 22.214.171.124, 3w5d C 126.96.36.199/29 is directly connected, GigabitEthernet2/28 L 188.8.131.52/32 is directly connected, GigabitEthernet2/28 C 184.108.40.206/24 is directly connected, Vlan229 L 220.127.116.11/32 is directly connected, Vlan229 B 18.104.22.168/24 [200/0] via 22.214.171.124, 3w4d B 126.96.36.199/24 [200/0] via 188.8.131.52, 3w4d B 184.108.40.206/30 [200/0] via 220.127.116.11, 3w5d B 18.104.22.168/30 [200/0] via 22.214.171.124, 3w4d 126.96.36.199/24 is subnetted, 1 subnets B 188.8.131.52 [200/0] via 184.108.40.206, 3w5d Petes-Core-SW# Lets test connectivity Petes-Core-SW# ping vrf CORP:NET 220.127.116.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 18.104.22.168, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms Petes-Core-SW#
Next hop is 22.214.171.124 (which turned out to be the firewall I was looking for).
To Ping Over a VFF
ping vrf CORP:NETÂ 192.168.1.100
To SSH Into Another IOS Device Over a VRF
ssh -l fredbloggs -vrf CORP:NETÂ 192.168.1.123
Related Articles, References, Credits, or External Links