problem with creating vrf on Cisco 1721

pavlosd · ‎08-12-2003

I tried to modify an existing configuration we had in our site (up to now was working) to separate traffic locally on a 1721 router using vrf. Although vrf works on ethernet and loopback interfaces after a few tests I made, it does not work on BRI. other site dials in, interface comes up and I cannot ping other site.

Here is a sample configuration:

dialin#sh run

Building configuration...

Current configuration : 4125 bytes

!

version 12.2

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname dialin

!

logging buffered 4096 debugging

aaa new-model

!

aaa authentication login default local enable

aaa authentication login use-local local

aaa authentication ppp default local

aaa authorization network default local

aaa session-id common

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx

!

username xxxx password xxx

username test callback-dialstring xxxxxxxx password 0 test

memory-size iomem 15

ip subnet-zero

!

ip vrf ISDN

rd 1.1.1.1:1

route-target export 1.1.1.1:1

route-target import 1.1.1.1:1

ip cef

!

isdn switch-type basic-net3

chat-script offhook "" "ATH1" OK

chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 60 CONNECT \c

modemcap entry My_USR:MSC=&F1S0=1

!

interface Loopback0

ip address xx.xx.xx.1 255.255.255.255

!

interface BRI0

description ISDN Dial-in Connection

ip vrf forwarding ISDN

ip address xx.xx.0.2 255.255.255.252

encapsulation ppp

ip tcp header-compression passive

no ip mroute-cache

dialer idle-timeout 3600

dialer-group 1

isdn switch-type basic-net3

no cdp enable

ppp max-bad-auth 3

ppp authentication chap

!

interface FastEthernet0

ip address xx.xx.190.41 255.255.255.0

no keepalive

speed auto

no cdp enable

!

interface FastEthernet0.6

encapsulation dot1Q 6

ip vrf forwarding ISDN

ip address 192.168.1.70 255.255.255.192

no cdp enable

!

interface Serial0

physical-layer async

no ip address

encapsulation ppp

ip tcp header-compression passive

dialer in-band

dialer rotary-group 1

dialer-group 1

async mode dedicated

no peer default ip address

!

interface Serial1

physical-layer async

no ip address

encapsulation ppp

ip tcp header-compression passive

shutdown

dialer in-band

dialer rotary-group 1

dialer-group 1

async mode dedicated

no peer default ip address

!

interface Dialer1

description connected to Dial-inPCs(modem)

ip unnumbered FastEthernet0

encapsulation ppp

ip tcp header-compression passive

no keepalive

dialer in-band

dialer idle-timeout 7200

dialer-group 1

peer default ip address pool PSTN_POOL

no cdp enable

ppp max-bad-auth 3

ppp callback accept

ppp authentication chap pap

!

ip local pool PSTN_POOL 192.168.190.38 192.168.190.39

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.190.254

ip route vrf ISDN x.x.x.2 255.255.255.255 BRI0 192.168.0.1

ip route vrf ISDN 192.168.3.1 255.255.255.255 BRI0 192.168.0.1

!

dialer-list 1 protocol ip permit

no cdp run

!

line con 0

line 1 2

flush-at-activation

script modem-off-hook offhook

script callback callback

login authentication use-local

modem InOut

modem autoconfigure type usr_sportster

no exec

transport input all

autoselect during-login

autoselect ppp

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

transport output none

!

no scheduler allocate

end

dialin#

dialin#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C1700 Software (C1700-SY-M), Version 12.2(11)T9, RELEASE SOFTWARE (fc1)

TAC Support: http://www.cisco.com/tac

Compiled Sat 21-Jun-03 04:22 by cmong

Image text-base: 0x80008124, data-base: 0x80A946C8

ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)

System image file is "flash:c1700-sy-mz.122-11.T9.bin"

cisco 1721 (MPC860P) processor (revision 0x100) with 27853K/4915K bytes of memory.

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

1 FastEthernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

Some more info:

dialin#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 192.168.190.254 to network 0.0.0.0

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.192/26 is directly connected, Loopback0

C 192.168.190.0/24 is directly connected, FastEthernet0

S* 0.0.0.0/0 [1/0] via 192.168.190.254

dialin#

dialin#sh ip route vrf ISDN

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets

S 2.2.2.2 [1/0] via 192.168.0.1, BRI0

192.168.3.0/24 is variably subnetted, 3 subnets, 3 masks

S 192.168.3.1/32 [1/0] via 192.168.0.1, BRI0

C 192.168.0.0/30 is directly connected, BRI0

C 192.168.1.64/26 is directly connected, FastEthernet0.6

dialin#

dialin#sh ip cef

Prefix Next Hop Interface

0.0.0.0/0 192.168.190.254 FastEthernet0

0.0.0.0/32 receive

192.168.190.0/24 attached FastEthernet0

192.168.190.0/32 receive

192.168.190.40/32 192.168.190.40 FastEthernet0

192.168.190.41/32 receive

192.168.190.44/32 192.168.190.44 FastEthernet0

192.168.190.100/32 192.168.190.100 FastEthernet0

192.168.190.129/32 192.168.190.129 FastEthernet0

192.168.190.249/32 192.168.190.249 FastEthernet0

192.168.190.254/32 192.168.190.254 FastEthernet0

192.168.190.255/32 receive

192.168.1.192/26 attached Loopback0

192.168.1.192/32 receive

1.1.1.1/32 receive

192.168.1.255/32 receive

224.0.0.0/4 drop

224.0.0.0/24 receive

255.255.255.255/32 receive

dialin#sh ip cef vrf ISDN

Prefix Next Hop Interface

0.0.0.0/0 drop Null0 (default route handler entry)

0.0.0.0/32 receive

2.2.2.2/32 192.168.0.1 BRI0

192.168.3.1/32 192.168.0.1 BRI0

192.168.0.0/30 attached BRI0

192.168.0.0/32 receive

192.168.0.2/32 receive

192.168.0.3/32 receive

192.168.1.64/26 attached FastEthernet0.6

192.168.1.64/32 receive

192.168.1.70/32 receive

192.168.1.127/32 receive

224.0.0.0/24 receive

255.255.255.255/32 receive

dialin#

dialin#ping vrf ISDN 192.168.1.65

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.65, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

dialin#

gmarogi · ‎08-18-2003

It does not look like a vrf problem. You don't seem to have a 'dialer map' command for the remote BRI interface 192.168.0.1 . Add this and see if you are able to ping.

pavlosd · ‎08-21-2003

do I need dialer map even if my router is used only for accespting calls from the other peer? Reason I am asking is because the configuration was working fine before I added any vrf.

mlund · ‎08-25-2003

Hi

Try to use a dialer interface, and make the ip vrf forwarding ISDN on the dialer interface.

pavlosd · ‎08-26-2003

Truth is that I did tried that as well, but did not mentioned it since I thought it shouldn't make much diference. Still the same problem remains.

zvladov · ‎08-26-2003

It looks to me you are using T IOS.

Have you tryed the same setup with some

other than T IOS version?

Sometimes on the T release trains there

are some strange bugs.

So I suggest you use some 12.3 IOS or 12.2 release if you find the features you need.

Zvezdelin

pavlosd · ‎08-29-2003

Unfortunately there is lack of memory/flash on the specific router in order to load another version (i.e. 12.3).

mlund · ‎09-14-2003

If this still is an issue, I did it work with this config, and I use c1700-sy-mz_122-8_YN requires 48M ram.

hostname RO-ISDN

!

username multi password yy

username multi2 password xx

!

ip vrf ADMIN

rd 1:1

route-target export 1:1

route-target import 1:1

!

ip vrf USER

rd 2:2

route-target export 2:2

route-target import 2:2

!

ip cef

!

isdn switch-type basic-net3

isdn tei-negotiation first-call

!

interface Loopback1

ip vrf forwarding ADMIN

ip address 192.168.1.1 255.255.255.255

!

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip vrf forwarding ADMIN

ip address 192.168.250.171 255.255.255.248

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip vrf forwarding USER

ip address 192.168.67.3 255.255.255.128

!

interface BRI0/0

encap ppp

no ip address

dialer pool-member 10 max-link 1

dialer pool-member 20 max-link 1

isdn switch-type basic-net3

!

interface Dialer10

ip vrf forwarding ADMIN

ip address 192.168.19.239 255.255.255.0

encapsulation ppp

dialer pool 10

dialer remote-name multi

dialer string 12345

dialer-group 10

no cdp enable

ppp authentication chap

ppp chap hostname RO-ISDN

!

interface Dialer20

ip vrf forwarding USER

ip address 192.168.18.239 255.255.255.0

encapsulation ppp

dialer pool 20

dialer remote-name multi2

dialer string 54321

dialer-group 20

no cdp enable

ppp authentication chap

ppp chap hostname RO-ISDN

!

ip classless

ip route vrf ADMIN 0.0.0.0 0.0.0.0 192.168.19.1 220

ip route vrf USER 0.0.0.0 0.0.0.0 192.168.18.1 220

!

access-list 110 permit ip any any

access-list 120 permit ip any any

dialer-list 10 protocol ip list 110

dialer-list 20 protocol ip list 120

!

end

good luck