08-12-2003 12:09 AM
I tried to modify an existing configuration we had in our site (up to now was working) to separate traffic locally on a 1721 router using vrf. Although vrf works on ethernet and loopback interfaces after a few tests I made, it does not work on BRI. other site dials in, interface comes up and I cannot ping other site.
Here is a sample configuration:
dialin#sh run
Building configuration...
Current configuration : 4125 bytes
!
!
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname dialin
!
logging buffered 4096 debugging
aaa new-model
!
!
aaa authentication login default local enable
aaa authentication login use-local local
aaa authentication ppp default local
aaa authorization network default local
aaa session-id common
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
!
username xxxx password xxx
username test callback-dialstring xxxxxxxx password 0 test
memory-size iomem 15
ip subnet-zero
!
!
!
ip vrf ISDN
rd 1.1.1.1:1
route-target export 1.1.1.1:1
route-target import 1.1.1.1:1
ip cef
!
isdn switch-type basic-net3
chat-script offhook "" "ATH1" OK
chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 60 CONNECT \c
modemcap entry My_USR:MSC=&F1S0=1
!
!
!
interface Loopback0
ip address xx.xx.xx.1 255.255.255.255
!
interface BRI0
description ISDN Dial-in Connection
ip vrf forwarding ISDN
ip address xx.xx.0.2 255.255.255.252
encapsulation ppp
ip tcp header-compression passive
no ip mroute-cache
dialer idle-timeout 3600
dialer-group 1
isdn switch-type basic-net3
no cdp enable
ppp max-bad-auth 3
ppp authentication chap
!
interface FastEthernet0
ip address xx.xx.190.41 255.255.255.0
no keepalive
speed auto
no cdp enable
!
interface FastEthernet0.6
encapsulation dot1Q 6
ip vrf forwarding ISDN
ip address 192.168.1.70 255.255.255.192
no cdp enable
!
interface Serial0
physical-layer async
no ip address
encapsulation ppp
ip tcp header-compression passive
dialer in-band
dialer rotary-group 1
dialer-group 1
async mode dedicated
no peer default ip address
!
interface Serial1
physical-layer async
no ip address
encapsulation ppp
ip tcp header-compression passive
shutdown
dialer in-band
dialer rotary-group 1
dialer-group 1
async mode dedicated
no peer default ip address
!
interface Dialer1
description connected to Dial-inPCs(modem)
ip unnumbered FastEthernet0
encapsulation ppp
ip tcp header-compression passive
no keepalive
dialer in-band
dialer idle-timeout 7200
dialer-group 1
peer default ip address pool PSTN_POOL
no cdp enable
ppp max-bad-auth 3
ppp callback accept
ppp authentication chap pap
!
ip local pool PSTN_POOL 192.168.190.38 192.168.190.39
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.190.254
ip route vrf ISDN x.x.x.2 255.255.255.255 BRI0 192.168.0.1
ip route vrf ISDN 192.168.3.1 255.255.255.255 BRI0 192.168.0.1
!
!
dialer-list 1 protocol ip permit
no cdp run
!
!
line con 0
line 1 2
flush-at-activation
script modem-off-hook offhook
script callback callback
login authentication use-local
modem InOut
modem autoconfigure type usr_sportster
no exec
transport input all
autoselect during-login
autoselect ppp
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
transport output none
!
no scheduler allocate
end
dialin#
dialin#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SY-M), Version 12.2(11)T9, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 21-Jun-03 04:22 by cmong
Image text-base: 0x80008124, data-base: 0x80A946C8
ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)
System image file is "flash:c1700-sy-mz.122-11.T9.bin"
cisco 1721 (MPC860P) processor (revision 0x100) with 27853K/4915K bytes of memory.
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Some more info:
dialin#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.190.254 to network 0.0.0.0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.192/26 is directly connected, Loopback0
C 192.168.190.0/24 is directly connected, FastEthernet0
S* 0.0.0.0/0 [1/0] via 192.168.190.254
dialin#
dialin#
dialin#
dialin#sh ip route vrf ISDN
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 192.168.0.1, BRI0
192.168.3.0/24 is variably subnetted, 3 subnets, 3 masks
S 192.168.3.1/32 [1/0] via 192.168.0.1, BRI0
C 192.168.0.0/30 is directly connected, BRI0
C 192.168.1.64/26 is directly connected, FastEthernet0.6
dialin#
dialin#
dialin#
dialin#
dialin#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 192.168.190.254 FastEthernet0
0.0.0.0/32 receive
192.168.190.0/24 attached FastEthernet0
192.168.190.0/32 receive
192.168.190.40/32 192.168.190.40 FastEthernet0
192.168.190.41/32 receive
192.168.190.44/32 192.168.190.44 FastEthernet0
192.168.190.100/32 192.168.190.100 FastEthernet0
192.168.190.129/32 192.168.190.129 FastEthernet0
192.168.190.249/32 192.168.190.249 FastEthernet0
192.168.190.254/32 192.168.190.254 FastEthernet0
192.168.190.255/32 receive
192.168.1.192/26 attached Loopback0
192.168.1.192/32 receive
1.1.1.1/32 receive
192.168.1.255/32 receive
224.0.0.0/4 drop
224.0.0.0/24 receive
255.255.255.255/32 receive
dialin#sh ip cef vrf ISDN
Prefix Next Hop Interface
0.0.0.0/0 drop Null0 (default route handler entry)
0.0.0.0/32 receive
2.2.2.2/32 192.168.0.1 BRI0
192.168.3.1/32 192.168.0.1 BRI0
192.168.0.0/30 attached BRI0
192.168.0.0/32 receive
192.168.0.2/32 receive
192.168.0.3/32 receive
192.168.1.64/26 attached FastEthernet0.6
192.168.1.64/32 receive
192.168.1.70/32 receive
192.168.1.127/32 receive
224.0.0.0/24 receive
255.255.255.255/32 receive
dialin#
dialin#ping vrf ISDN 192.168.1.65
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.65, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
dialin#
08-18-2003 09:00 AM
It does not look like a vrf problem. You don't seem to have a 'dialer map' command for the remote BRI interface 192.168.0.1 . Add this and see if you are able to ping.
08-21-2003 09:11 PM
do I need dialer map even if my router is used only for accespting calls from the other peer? Reason I am asking is because the configuration was working fine before I added any vrf.
08-25-2003 05:06 AM
Hi
Try to use a dialer interface, and make the ip vrf forwarding ISDN on the dialer interface.
08-26-2003 08:49 AM
Truth is that I did tried that as well, but did not mentioned it since I thought it shouldn't make much diference. Still the same problem remains.
08-26-2003 10:27 PM
It looks to me you are using T IOS.
Have you tryed the same setup with some
other than T IOS version?
Sometimes on the T release trains there
are some strange bugs.
So I suggest you use some 12.3 IOS or 12.2 release if you find the features you need.
Zvezdelin
08-29-2003 02:43 AM
Unfortunately there is lack of memory/flash on the specific router in order to load another version (i.e. 12.3).
09-14-2003 11:22 PM
If this still is an issue, I did it work with this config, and I use c1700-sy-mz_122-8_YN requires 48M ram.
hostname RO-ISDN
!
username multi password yy
username multi2 password xx
!
ip vrf ADMIN
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf USER
rd 2:2
route-target export 2:2
route-target import 2:2
!
ip cef
!
isdn switch-type basic-net3
isdn tei-negotiation first-call
!
interface Loopback1
ip vrf forwarding ADMIN
ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding ADMIN
ip address 192.168.250.171 255.255.255.248
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding USER
ip address 192.168.67.3 255.255.255.128
!
interface BRI0/0
encap ppp
no ip address
dialer pool-member 10 max-link 1
dialer pool-member 20 max-link 1
isdn switch-type basic-net3
!
interface Dialer10
ip vrf forwarding ADMIN
ip address 192.168.19.239 255.255.255.0
encapsulation ppp
dialer pool 10
dialer remote-name multi
dialer string 12345
dialer-group 10
no cdp enable
ppp authentication chap
ppp chap hostname RO-ISDN
!
interface Dialer20
ip vrf forwarding USER
ip address 192.168.18.239 255.255.255.0
encapsulation ppp
dialer pool 20
dialer remote-name multi2
dialer string 54321
dialer-group 20
no cdp enable
ppp authentication chap
ppp chap hostname RO-ISDN
!
ip classless
ip route vrf ADMIN 0.0.0.0 0.0.0.0 192.168.19.1 220
ip route vrf USER 0.0.0.0 0.0.0.0 192.168.18.1 220
!
access-list 110 permit ip any any
access-list 120 permit ip any any
dialer-list 10 protocol ip list 110
dialer-list 20 protocol ip list 120
!
end
good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide