I want to isolate a voice network from the data and control planes by using a separate VRF. It all works perfectly except at one point: A router which has a PRI connected needs to send/receive voice traffic to/from a dial-peer which is in the voice VRF.
The dial-peer is on a connected route on an Ethernet sub-interface (dot1q VLAN)
The network between router and the peer is built with L2 switches which are not VRF-aware (Cat29xx).
The problem is that the router doesn't send traffic to the dial-peer if I configure ip vrf forwarding name on the outgoing interface to the dial-peer.
There seems to be no way on IOS to specify that a certain dial-peer is on a given VRF, at least on what we're running (2800s with 12.4(22)T)
I have tried to import the interface route to the VRF, but for some reason it doesn't (though in all fairness, VRF/MPLS is not one of my strong subjects)
This is the dial-peer:
dial-peer voice 1010 voip
progress_ind setup enable 3
progress_ind progress enable 8
session protocol sipv2
session target ipv4:10.10.10.10
session transport udp
incoming called-number .
This is the interface (w/o ip vrf forwarding so it can do the job for now):
encapsulation dot1Q 201
ip address 10.10.10.3 255.255.255.0
ip verify unicast source reachable-via rx
no ip redirects
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 5555555555555555555
vrrp 1 ip 10.10.10.1
vrrp 1 authentication md5 key-string 7 5555555555555555555
This is the VRF:
ip vrf Voz
(config slightly edited to protect the guilty)
Any hint, idea or pointer appreciated. TIA.
Actually H323 and SIP Gateway functionality are now VRF-Aware. Configure as described in this document:
Essentially, you can use the "voice vrf vrf-name" global command.
I don't think dial-peer vrf aware is supported. Because the session target is directly connected you can't configure any static route in the GRT pointing to the VRF but you can configure the router so the interface will be both in the GRT and in the VRF:
ip vrf select source
ip vrf receive Voz