Solved: Routing 2 networks out 2 sub interfaces.

ryanparr9 · ‎08-07-2008

On a Cisco 1841 I have two LAN subnets connected to the router using the two FE ports. I have my serial interface using a T1 with 2 PVCs. My challenge is that I want subnet #1 to route out PVC #1 and subnet #2 to route out PVC #2. I have my route map set up and applied to the FE interfaces as follows:

!

interface FastEthernet0/0

description *** Subnet #1 ***

ip address 10.10.24.1 255.255.255.0

ip route-cache flow

ip policy route-map route_subnet1

duplex auto

speed auto

!

interface FastEthernet0/1

description *** Subnet #2 ***

ip address 10.10.5.1 255.255.255.0

ip route-cache flow

ip policy route-map route_subnet2

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

encapsulation frame-relay

no fair-queue

service-module t1 timeslots 1-24

frame-relay lmi-type ansi

!

interface Serial0/0/0.1 point-to-point

ip address 10.100.50.98 255.255.255.252

frame-relay interface-dlci 124 IETF

!

interface Serial0/0/0.2 point-to-point

ip address 10.100.54.58 255.255.255.252

frame-relay interface-dlci 100 IETF

!

ip route 0.0.0.0 0.0.0.0 10.100.54.57

!

access-list 1 permit 10.10.24.0 0.0.0.255

access-list 2 permit 10.10.5.0 0.0.0.255

!

route-map route_subnet2 permit 10

match ip address 2

set ip next-hop 10.100.54.57

!

route-map route_subnet1 permit 10

match ip address 1

set ip next-hop 10.100.50.97

!

We are using static routing and if I leave the default route in place, all traffic is routed according to it. If I remove the default route, the traffic doesn't route out. I thought that the 'set ip next-hop' command was supposed to take precedence over the routing table? How do I set a default route for my 2 subnets so that they use the PVC they are assigned to? What am I missing?

Thanks

rkhalil · ‎08-10-2008

You can create a Local VRF in your router to separate the routing tables.

example:

!

ip vrf SUBNET1

rd 1:1

!

interface FastEthernet0/0

description *** Subnet #1 ***

ip address 10.10.24.1 255.255.255.0

ip route-cache flow

ip vrf forwarding SUBNET1

duplex auto

speed auto

!

interface FastEthernet0/1

description *** Subnet #2 ***

ip address 10.10.5.1 255.255.255.0

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

encapsulation frame-relay

no fair-queue

service-module t1 timeslots 1-24

frame-relay lmi-type ansi

!

interface Serial0/0/0.1 point-to-point

ip address 10.100.50.98 255.255.255.252

ip vrf forwarding SUBNET1

frame-relay interface-dlci 124 IETF

!

interface Serial0/0/0.2 point-to-point

ip address 10.100.54.58 255.255.255.252

frame-relay interface-dlci 100 IETF

!

ip route 0.0.0.0 0.0.0.0 10.100.54.57

ip route vrf SUBNET1 0.0.0.0 0.0.0.0 10.100.50.97

!

if you want can create 2 vrf.. this example

1 network on vrf , 1 network in the backplane.

Commands examples:

ping vrf SUBNET1 x.x.x.x

sh ip route vrf SUBNET1

telnet x.x.x.x /vrf SUBNET1

--

Raul

Regards.

(rate if useful)

View solution in original post

rkhalil · ‎08-10-2008

You can create a Local VRF in your router to separate the routing tables.

example:

!

ip vrf SUBNET1

rd 1:1

!

interface FastEthernet0/0

description *** Subnet #1 ***

ip address 10.10.24.1 255.255.255.0

ip route-cache flow

ip vrf forwarding SUBNET1

duplex auto

speed auto

!

interface FastEthernet0/1

description *** Subnet #2 ***

ip address 10.10.5.1 255.255.255.0

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

encapsulation frame-relay

no fair-queue

service-module t1 timeslots 1-24

frame-relay lmi-type ansi

!

interface Serial0/0/0.1 point-to-point

ip address 10.100.50.98 255.255.255.252

ip vrf forwarding SUBNET1

frame-relay interface-dlci 124 IETF

!

interface Serial0/0/0.2 point-to-point

ip address 10.100.54.58 255.255.255.252

frame-relay interface-dlci 100 IETF

!

ip route 0.0.0.0 0.0.0.0 10.100.54.57

ip route vrf SUBNET1 0.0.0.0 0.0.0.0 10.100.50.97

!

if you want can create 2 vrf.. this example

1 network on vrf , 1 network in the backplane.

Commands examples:

ping vrf SUBNET1 x.x.x.x

sh ip route vrf SUBNET1

telnet x.x.x.x /vrf SUBNET1

--

Raul

Regards.

(rate if useful)

Marwan ALshawi · ‎08-10-2008

i a gree with RAUL idea 100%

but before u go to VRFs config

just try to add the following command to ur posted config

ip route 0.0.0.0 0.0.0.0 interface serial0/0/0.1

ip route 0.0.0.0 0.0.0.0 serial0/0/0.2

and in ur route-map replace the line next-hop

with the folowing line

set ip default next-hop [here put the remote router ip address]

and good luck

ryanparr9 · ‎08-11-2008

I didn't try the suggestion of adding 2 default routes:

ip route 0.0.0.0 0.0.0.0 interface serial0/0/0.1

ip route 0.0.0.0 0.0.0.0 serial0/0/0.2

I was concerned that I wouldn't be able to get back in the router remotely. I also don't see how this would work. I am not sure how the router would know which default route to send the traffic out since there isn't an identifier. If you could explain that would be appreciated.

Thanks.

ryanparr9 · ‎08-11-2008

Thanks. I think I am headed in the right direction now. I thought that PBR was the correct way to direct my traffic but vrf seems even easier to configure.

I followed your instructions. I had to enable cef first. When I did get the ip vrf commands on the interfaces though, it deleted their ip addresses. I logged back though and added the addresses again and everything was good. A couple of weird things now though... I am trying a traceroute with my source as 10.10.24.1 and the following error is output:

% Invalid source address- IP address not on any of our up interfaces

A show int clearly shows that the interface is up.

router#show int fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

Internet address is 10.10.24.1/24

I can ping addresses on the 10.10.24 subnet and traffic is passing. If I tracert from an XP machine on the subnet it shows that the traffic is going out the correct PVC.

If I traceroute with the source interface of FastEthernet 0/0 though, the traceroute functions and doesn't return an error but the traffic still goes out the default route address and not the new vrf default route.

Why would the traffic take different default paths? If I specified the source as FE0/0 (10.10.24.1) it goes out the wrong PVC but all client machines on that subnet go out the correct PVC?

One other weird thing. If I show arp on the router, I only see clients connected to the 10.10.5.0 subnet and nothing on the 10.10.24.0 subnet. I don't even see the 10.10.24.1 arp entry.

This all might be normal behavior in this configuration but I thought I would double check.

Thanks for your help.

Marwan ALshawi · ‎08-10-2008

i think the main probel is with your routing the static one

u have only one default route so the packet will use it

u need to make two defualt routes as i meantion or the best way is to make two static routes each one for each remote site(not default)

lets say ur remite site 1 LAN address is 192.168.1.0/24

and your remote site two LAN

192.168.2.0/24

first remove th default routye

no ip route 0.0.0.0 0.0.0.0 10.100.54.57

then

ip route 192.168.1.0 255.255.255.0 interface serial0/0/0.1

ip route 192.168.2.0 255.255.255.0 interface serial0/0/0.2

in this way the route will be more accurat and ur route-map should work fine

good luck

and if worked let me know

Richard Burts · ‎08-11-2008

Ryan

I do not agree with Marwan and his suggestion that you need a second static default route. Your implementation should work perfectly fine with a single default route.

The symptoms that you are describing reflect the fact that the VRF works on traffic passing through the router but that ping and traceroute which are originated by the router itself are not affected by this. I would suggest that to get your ping and traceroute to also work you try local policy based routing:

ip local policy

and I believe that your route_subnet1 would probably be ok here.

HTH

Rick

HTH

Rick

ryanparr9 · ‎08-11-2008

Thanks for the input. I questioned that suggestion but I appreciate all the help that I can get.

I basically did away with the PBR since I was having some issues with it not routing anything. I implemented the VRF and that seems to be working with the exception of not being able to see any addresses in the ARP table coming from the interface with VRF specified.

The routing of the traffic going through the router as opposed to originating from the router makes sense. Would that be the same thing with the VRF instead of the PBR?

Thanks!

Richard Burts · ‎08-11-2008

Ryan

I wrote my response initially in terms of PBR. After posting and rereading the thread I realized that you had stopped PBR and gone to VRF so I re-wrote my response to fit what I thought was the case with VRF and I think that the same basic issue exists with VRF about traffic initiated by the router itself. I think my suggestion would work ok. But also take a close look in the reponse by Raul and note the ability to reference the VRF in various commands:

ping vrf SUBNET1 x.x.x.x

sh ip route vrf SUBNET1

telnet x.x.x.x /vrf SUBNET1

HTH

Rick

HTH

Rick

Marwan ALshawi · ‎08-11-2008

hi guys

let me clearfy my idea

first about the VRFs i said it is good soulsion

but not the best here because VRFs used in more comlicated routed networkes and especially when there are overlaped IP address

and ur case simple

hub and spoke topology with two remote sites

and about the other static route that sugessted to be added because

u have only ine default static route

so if the packet want to go t the other remote site and u dont have a route for that site

the default route will be considered and will not go to the right site

so before u need to make polcy and route map

u need to make sure u have full connectivity

and u can go from evry site to evry site

then

u go to the route maps and make policies

i hop i was more clear here

and good luck