I have a config on a switch which looks like this :
interface Port-channel1.12
encapsulation dot1Q 12
ip vrf forwarding AB_eth12
ip address 172.12.12.1 255.255.255.252
I am unable to understand how VRF is coming in to picture with VLAN here ? In what case someone will have such config ?
does that mean that traffic which is part of VRF ‘AB_eth12’ and going from interface 1.12 is tagged with VLAN 12 ?
First of all @ashokmax2002 is correct. Essentially, this command associates the AB_eth12 VRF with the Port-channel1.12 interface which is a L3 interface.
Not sure what you mean here exactly. Do you mean if a VLAN interface can function as a VRF forwarding interface? If so then yes. Do you mean if a VLAN can transport VRF information? Again, yes. Any VRF forwarding association occurs at a L3 interface. Routing according to that VRF directs traffic over any VLAN necessary.
current setup is like this . we need to bring the eigrp neightborship UP between both L3 sw. but there are some switches in between…which are just functioning as L2.
Packet that comes to interface tengig4.511, will get tagged with vlan511 and when reached to other side vlan 511 is allowed so it wil be able to trave through L2 switches.
I want to mention the reason why woul dany1 use dot1q encapsulation for VRF.
for example you have a core router which connect sto Metro ethernet service using 10 gig interface.
the metro ISP will form layer 2 connectivity between your core PE route and tons of customers.
now, e ach customer shouldn’t be able to communicate with another one through the same L2 service so each customer has its own VLAN as teh service access point (SAP) to the L2 metro ISP.
usually the customers will be connected via E-PIPE AKA VPWS or VPLS, depends on your network redundancy so the Metro ISP would look invisible for your PE router and your customer (L2 VPN).
so you will assign on that 10 gig port different vlans for each customer and some of them might want to have some L3 seperation using VRF with some far office on the other side of the world, while they are also seperated in the L2 metro which you as an ISP shouldn’t care about because it is different service to acomplish the same achivement.
int that case you should have vrf instance toward the 10gig interface that encapsulate only thet vlan data of that particular customer while other customers wouldn’t have to bother you with vrf and so you will configure them just with the regular dot1q encapsulation