01-05-2009 10:04 AM
I am in the process of setting up a lab that consists of an MPLS cloud. Within the lab design, I want to be able to connect to the CE, via telnet, from the PE.
I have successfully been able to do this on one "end" of the MPLS/VPN, however I am having difficulty on the other "end". Logic would dictate that I would copy the config from the working connection, change the ip addresses and be done with it. Unfortunately this is not the case.
Additionally, on the working PE-CE connection, the PE is a 2611 running Version 12.3(26) and on the non-working PE-CE connection the PE is a 3640 running Version 12.3(11)YZ2.
Attached are the configurations. Any assistance would be greatly appreciated.
I forgot to add the config for the not working connection.
Here is the config"
Not working:
ip vrf vpn-mtb
rd 1:100
route-target export 1:100
route-target import 1:100
!
no ip domain lookup
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
!
!
!
interface Loopback0
ip address 68.2.0.1 255.255.255.252
!
interface FastEthernet0/0
ip address 68.2.1.2 255.255.255.252
duplex auto
speed auto
tag-switching ip
!
interface FastEthernet1/0
ip vrf forwarding vpn-mtb
ip address 68.139.201.29 255.255.255.252
duplex auto
speed auto
tag-switching ip
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 68.2.0.1
log-adjacency-changes
network 68.0.0.0 0.255.255.255 area 0
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 68.2.0.3 remote-as 65000
neighbor 68.2.0.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 68.2.0.3 activate
neighbor 68.2.0.3 send-community extended
exit-address-family
!
address-family ipv4 vrf vpn-mtb
redistribute connected
neighbor 68.139.201.30 remote-as 1
neighbor 68.139.201.30 activate
neighbor 68.139.201.30 as-override
no auto-summary
no synchronization
exit-address-family
!
no ip http server
ip classless
ip route 68.139.201.28 255.255.255.252 FastEthernet1/0
ip route vrf vpn-mtb 68.139.201.28 255.255.255.252 Loopback0 68.2.1.1 global
Solved! Go to Solution.
01-05-2009 10:54 AM
Mark,
If you simply need to telnet to the CE from the local PE, the simplest way would be to use the following command "telnet 68.139.201.30 /vrf vpn-mtb".
BTW, you do not need to enable MPLS on the PE-CE link. You should therefore remove "tag-switching ip" from FastEthernet1/0.
Regards
01-05-2009 10:54 AM
Mark,
If you simply need to telnet to the CE from the local PE, the simplest way would be to use the following command "telnet 68.139.201.30 /vrf vpn-mtb".
BTW, you do not need to enable MPLS on the PE-CE link. You should therefore remove "tag-switching ip" from FastEthernet1/0.
Regards
01-05-2009 11:14 AM
I would actually like to get to the CE from anywhere on the MPLS network. It seems as though the telnet command would only be a local connection, one that I would have to login to the adjacent PE router first, correct?
Thanks for the additional tip.
01-05-2009 11:24 AM
Can you be a little bit more specific as to what you consider to be "mpls cloud"?
You can telnet to this CE only from VRF's whose routing tables are imported into that particular routing instance, or with additional configuration, from the global routing table.
Here are some questions you should answer:
Are you sure that CE's have proper routing information? The fact that PE's have routing information, means nothing to CE's -- they need it too!
Are you sure that you have configured VTY password on CE and that telnet is not denied by some ACL?
Are you sure that PE-PE LSP exists?
01-05-2009 11:44 AM
I have the following network design already in place. (If you have any suggestions on a better design, please let me know.)
CE1->PE1->BB1->BB2->PE2->CE2
I am running OSPF within the MPLS backbone.
I am then running BGP between the CE's and PE's. Routing, and subsequently telnet, was working fine before I enabled the vrf forwarding on the interfaces. As a matter of fact, I can use the command telnet 68.139.201.30 /vrf vpn-mtb and it works just fine.
01-05-2009 11:55 AM
Mark,
You can use this command from any PE where that specific VRF is configured. This would be your best option as you generally don't want to exchange information between the VRF and the global unless you really need to.
Regards
01-05-2009 12:00 PM
Understood. Thanks.
Although if I wanted to due an IOS upgrade on the router, my concern then would be how to get to the ftp server to download the new ios?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide