Cisco IOS – Find The ‘Default Route’ For A VRF

Posted on by

KB ID 0001086 

Problem

Routing is one of my weaker subjects, and today I was trying to chase some routes though a network to locate all the firewalls. The core of the network has a bunch of 6500 Switches in various data centers. I tracked the network I was working on to an SVI on one of the core switches, that was in a VRF.

But how could I find the ‘next hop’, the routing table on these switches is very large.

Solution

Thankfully I’m surrounded by a team of routing ninjas, so I asked. The syntax is just;

[box]show ip route vrf {VRF Name}[/box]

Note: I you don’t know the name of the vrf;

[box]show running-config vrf

OR

show running-config vrf | incl <NAME>[/box]

Then as with any routing table, look for the default route.

For example;

[box]

Petes-Core-SW#show ip route vrf CORP:NET

Routing Table: CORP:NET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 5.229.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 5.229.0.1
      10.0.0.0/8 is variably subnetted, 13 subnets, 5 masks
B        10.1.0.0/16 [200/0] via 123.123.123.1, 3w5d
B        5.219.28.0/24 [200/0] via 123.123.123.1, 3w5d
B        5.219.40.0/24 [200/0] via 123.123.123.1, 3w5d
B        5.219.241.0/24 [200/0] via 123.123.123.1, 3w5d
B        10.220.50.0/24 [200/0] via 123.123.123.1, 3w5d
C        5.229.0.0/29 is directly connected, GigabitEthernet2/28
L        5.229.0.2/32 is directly connected, GigabitEthernet2/28
C        5.229.1.0/24 is directly connected, Vlan229
L        5.229.1.1/32 is directly connected, Vlan229
B        5.229.60.0/24 [200/0] via 123.123.123.16, 3w4d
B        5.229.61.0/24 [200/0] via 123.123.123.16, 3w4d
B        5.229.255.0/30 [200/0] via 123.123.123.1, 3w5d
B        5.229.255.4/30 [200/0] via 123.123.123.16, 3w4d
      172.100.0.0/24 is subnetted, 1 subnets
B        172.100.100.0 [200/0] via 123.123.123.1, 3w5d
Petes-Core-SW#

Lets test connectivity

Petes-Core-SW# ping vrf CORP:NET 5.229.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.229.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Petes-Core-SW#

[/box]

Next hop is 5.229.0.1 (which turned out to be the firewall I was looking for).

To Ping Over a VFF

[box]ping vrf <VRF-NAME> <IP ADDRESS>

e.g.

ping vrf CORP:NET 192.168.1.100[/box]

To SSH Into Another IOS Device Over a VRF

[box]ssh -l <USER-NAME> -vrf <VRF_NAME> <IP-ADDRESS>

e.g.

ssh -l fredbloggs -vrf CORP:NET 192.168.1.123[/box]

Related Articles, References, Credits, or External Links

NA