Hello Cisco Community, I am working on a complex network segmentation project and need design guidance, specifically due to hardware role assignments and an IOS XE version constraint. My current design is as follow: Primary L3 Core/Distribution: Meraki MS250 (Handles inter-VLAN routing for all non-VRF traffic). Dedicated VRF Engine: Cisco Catalyst 9300L (running native IOS XE 17.15 via CLI). This device is only to be used for its VRF functionality. Firewall/Egress: Meraki MX250. I must create 10 fully isolated VRFs, where all 10 VRFs must use the exact same overlapping IP subnet (e.g., 10.1.1.0/24). The network needs to route traffic as follows: Client Traffic (VLAN 101-110, all 10.1.1.0/24) → C9300L (VRF lookup). C9300L (routed out of VRF) → MS250 (Primary Core). MS250 → MX250 (Egress/NAT) → Internet. What is the best method to connect the C9300L's 10 VRFs to the MS250? Routing Loop Prevention: Since the MS250 is the primary core, what specific static routes or route filtering is required on the C9300L and the MS250 to ensure the VRF-bound traffic is sent to the C9300L without causing a routing loop, while non-VRF traffic uses the MS250's existing routing tables? Any advice on the optimal connection type (L3 Routed Port vs. SVI with Static Route) between the C9300L and MS250 in this highly specific VRF-delegated role would be greatly appreciated.
... View more