Can't connect from PE to CE

Answered Question
Jan 5th, 2009

I am in the process of setting up a lab that consists of an MPLS cloud. Within the lab design, I want to be able to connect to the CE, via telnet, from the PE.

I have successfully been able to do this on one "end" of the MPLS/VPN, however I am having difficulty on the other "end". Logic would dictate that I would copy the config from the working connection, change the ip addresses and be done with it. Unfortunately this is not the case.

Additionally, on the working PE-CE connection, the PE is a 2611 running Version 12.3(26) and on the non-working PE-CE connection the PE is a 3640 running Version 12.3(11)YZ2.

Attached are the configurations. Any assistance would be greatly appreciated.

I forgot to add the config for the not working connection.

Here is the config"

Not working:

ip vrf vpn-mtb

rd 1:100

route-target export 1:100

route-target import 1:100

!

no ip domain lookup

mpls label protocol ldp

tag-switching tdp router-id Loopback0

!

!

!

!

interface Loopback0

ip address 68.2.0.1 255.255.255.252

!

interface FastEthernet0/0

ip address 68.2.1.2 255.255.255.252

duplex auto

speed auto

tag-switching ip

!

interface FastEthernet1/0

ip vrf forwarding vpn-mtb

ip address 68.139.201.29 255.255.255.252

duplex auto

speed auto

tag-switching ip

!

interface FastEthernet2/0

no ip address

shutdown

duplex auto

speed auto

!

router ospf 1

router-id 68.2.0.1

log-adjacency-changes

network 68.0.0.0 0.255.255.255 area 0

!

router bgp 65000

no synchronization

bgp log-neighbor-changes

redistribute connected

neighbor 68.2.0.3 remote-as 65000

neighbor 68.2.0.3 update-source Loopback0

no auto-summary

!

address-family vpnv4

neighbor 68.2.0.3 activate

neighbor 68.2.0.3 send-community extended

exit-address-family

!

address-family ipv4 vrf vpn-mtb

redistribute connected

neighbor 68.139.201.30 remote-as 1

neighbor 68.139.201.30 activate

neighbor 68.139.201.30 as-override

no auto-summary

no synchronization

exit-address-family

!

no ip http server

ip classless

ip route 68.139.201.28 255.255.255.252 FastEthernet1/0

ip route vrf vpn-mtb 68.139.201.28 255.255.255.252 Loopback0 68.2.1.1 global

I have this problem too.
0 votes
Correct Answer by Harold Ritter about 7 years 11 months ago

Mark,

If you simply need to telnet to the CE from the local PE, the simplest way would be to use the following command "telnet 68.139.201.30 /vrf vpn-mtb".

BTW, you do not need to enable MPLS on the PE-CE link. You should therefore remove "tag-switching ip" from FastEthernet1/0.

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Harold Ritter Mon, 01/05/2009 - 10:54

Mark,

If you simply need to telnet to the CE from the local PE, the simplest way would be to use the following command "telnet 68.139.201.30 /vrf vpn-mtb".

BTW, you do not need to enable MPLS on the PE-CE link. You should therefore remove "tag-switching ip" from FastEthernet1/0.

Regards

mheick Mon, 01/05/2009 - 11:14

I would actually like to get to the CE from anywhere on the MPLS network. It seems as though the telnet command would only be a local connection, one that I would have to login to the adjacent PE router first, correct?

Thanks for the additional tip.

markom Mon, 01/05/2009 - 11:24

Can you be a little bit more specific as to what you consider to be "mpls cloud"?

You can telnet to this CE only from VRF's whose routing tables are imported into that particular routing instance, or with additional configuration, from the global routing table.

Here are some questions you should answer:

Are you sure that CE's have proper routing information? The fact that PE's have routing information, means nothing to CE's -- they need it too!

Are you sure that you have configured VTY password on CE and that telnet is not denied by some ACL?

Are you sure that PE-PE LSP exists?

mheick Mon, 01/05/2009 - 11:44

I have the following network design already in place. (If you have any suggestions on a better design, please let me know.)

CE1->PE1->BB1->BB2->PE2->CE2

I am running OSPF within the MPLS backbone.

I am then running BGP between the CE's and PE's. Routing, and subsequently telnet, was working fine before I enabled the vrf forwarding on the interfaces. As a matter of fact, I can use the command telnet 68.139.201.30 /vrf vpn-mtb and it works just fine.

Harold Ritter Mon, 01/05/2009 - 11:55

Mark,

You can use this command from any PE where that specific VRF is configured. This would be your best option as you generally don't want to exchange information between the VRF and the global unless you really need to.

Regards

mheick Mon, 01/05/2009 - 12:00

Understood. Thanks.

Although if I wanted to due an IOS upgrade on the router, my concern then would be how to get to the ftp server to download the new ios?

Actions

This Discussion