I've been trying to solve a problem for over a day regarding inter-vrf routing using MP-BGP and I can't seem to figure a few things out.
I have Cisco 1921 which has VRF-JLAN and VRF-JGLOBE with 3 interfaces configured as (g0/0 = vrf JLAN, g0/1=no vrf, g0/2 = dot1q trunk to 2960S). vrf JLAN is a restricted network for users access, dns server, e.t.c. vrf JGLOBE is for Video server and global routing table belongs to Wifi Access. I've been able to seperate all the network and I can route traffic out to the Internet from vrf JLAN and the global route table but where I'm having issues is getting vrf JGLOBE to route traffic using the Global route table.
For example: vrf JLAN should not be accessed by either Global or vrf JGLOBE. JGLOBE should be able to access vrf JLAN dns server but it should route its internet traffic via Global route table (g0/1). Last JLAN should be able to access 2 networks from the Global route table.
I've attached my config and diagram so you can better understand what I'm trying to achieve. More light to solving this problem would be much appreciated.
interface GigabitEthernet0/0 description LAN-ACCESS-INTERNET [TO Nexthop FIREWALL] ip vrf forwarding JLAN ip address 192.168.4.3 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip inspect INTERNET-FW out ip virtual-reassembly in load-interval 30 duplex auto speed auto ! interface GigabitEthernet0/1 description GLOBAL-Wifi-INTERNET [TO Nexthop - FIREWALL] ip address 192.168.5.3 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip inspect GLOBAL-FW in ip inspect GLOBAL-FW out ip virtual-reassembly in load-interval 30 duplex auto speed auto ! interface GigabitEthernet0/2 no ip address duplex auto speed auto ! interface GigabitEthernet0/2.3 description Users LAN encapsulation dot1Q 3 ip vrf forwarding JLAN ip address 192.168.30.1 255.255.255.240 ! interface GigabitEthernet0/2.4 description Video Server encapsulation dot1Q 4 ip vrf forwarding JGLOBE ip address 10.6.40.1 255.255.255.0 ! router ospf 1 vrf JLAN router-id 10.6.6.10 redistribute bgp 65001 subnets network 0.0.0.0 255.255.255.255 area 0 ! router ospf 2 vrf JGLOBE router-id 10.5.7.10 redistribute bgp 65001 subnets network 0.0.0.0 255.255.255.255 area 0 ! router bgp 65001 bgp router-id 10.4.6.4 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart ! address-family ipv4 redistribute connected exit-address-family ! address-family ipv4 vrf JGLOBE redistribute connected redistribute ospf 2 exit-address-family ! address-family ipv4 vrf JLAN redistribute connected redistribute ospf 1 exit-address-family ! ip dns view vrf JGLOBE default ip dns view vrf JLAN default ip route 0.0.0.0 0.0.0.0 192.168.5.1 ip route vrf JGLOBE 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.5.1 ip route vrf JLAN 0.0.0.0 0.0.0.0 192.168.4.1 name LAN_INET ! ! ip prefix-list GLOBAL-INET seq 5 permit 0.0.0.0/0 ! ip prefix-list SERVER-NET seq 5 permit 10.6.40.2/32 ! ip prefix-list WIFI-NET seq 5 permit 10.254.0.0/22 le 32
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...