I am sorry! I forgot config for another end.

------------------------------------------------

cat 3750

interface Tunnel10

ip address 172.31.255.253 255.255.255.252

keepalive 10 3

tunnel source Vlan10

tunnel destination 10.112.86.6

interface GigabitEthernet1/0/1

switchport access vlan 10

interface Vlan10

ip address 10.112.86.20 255.255.255.192

3750#sh int tunnel 10

Tunnel10 is up, line protocol is up

Hardware is Tunnel

Internet address is 172.31.255.253/30

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive set (10 sec), retries 3

Tunnel source 10.112.86.20 (Vlan10), destination 10.112.86.6, fastswitch TTL 255

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Tunnel TTL 255

Checksumming of packets disabled

Last input 01:40:56, output 00:00:02, output hang never

Last clearing of "show interface" counters 01:17:49

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts (0 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

467 packets output, 22416 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

38 packets input, 2964 bytes, 0 no buffer

Received 0 broadcasts (0 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

508 packets output, 27780 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

hi

I dont think the tunnel will come up coz @ one side you have applied VRF under that and on the other side u dont tht.

By applying VRF under that ur bringing that interface as a member of a particular MPLS VPN.

Since you have keepalives in place it will try to check the connectivity and it wont be able to get that established coz of the other side which is not the participating in the same vpn.

AFAIK If u want to bring the tunnel up then u shuld have the vrf forwarding configured on the other side too as well the necessary RT,RD values to enable the communication between them.

once ur thru with that u need to have normal (VPNV4)MP-BGP sessions to be configured between these devices to exchange the routing info.

Also clarify the purpose and the requirment to have this kinda topo over there..

you will be able to ping the ip address of the destination coz the ip will be reachable to u.

using an extended ping u cant ping the remote tunnel interface ip address with souce as ur local tunnel interface ip address from both the sides.

regds

hi

I dont think the tunnel will come up coz @ one side you have applied VRF under that and on the other side u dont have tht.

By applying VRF under the tunnel interface ur bringing that interface as a member of particular MPLS VPN.

Since you have keepalives in place under the tunnels it will try to check the connectivity and it wont be able to get that established coz of the other side which is not the participating in the same vpn.

AFAIK If u want to bring the tunnel up then u shuld have the vrf forwarding configured on the other side too as well with the necessary RT,RD values to enable the communication between them.

once ur thru with that u need to have normal (VPNV4)MP-BGP sessions to be configured between these devices to exchange the routing info.

Also clarify the purpose and the requirment to have this kinda topo over there..

regds

Tunnel destination resolve via VRF. I can ping tunel destination from vrf (ping vrf test 10.112.86.20).

sh ip ro vrf test

Routing Table: test

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static

route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/26 is subnetted, 1 subnets

C 10.112.86.0 is directly connected, Vlan10

30.0.0.0/24 is subnetted, 1 subnets

C 30.30.30.0 is directly connected, Loopback

#ping vrf test 10.112.86.20

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.112.86.20, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

but tunnel is down.

What level of code are you running on the Sup720. It should definitely work. Can you just remove the keepalive on the Sup720 side to see if the tunnel comes up?

Thanks,

I use IOS 12.2(18)SXD6

Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(18)SXD6, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2005 by cisco Systems, Inc.

Compiled Wed 17-Aug-05 18:13 by evmiller

Image text-base: 0x4002100C, data-base: 0x42320000

I did a bit more research and it looks like creating a tunnel through a VRF is not yet supported in the 12.2SX code train.

BTW: the fact that the "tunnel vrf" command was available in 12.2(18)SXD was probably an oversight. This command has been removed in 12.2SXE and SXF.

I tried and it works in 12.0S and 12.4, which doesn't help in your case.

Hope this helps,

I opened case to cisco TAC and I received similar answer.

it's a feature which at this point has not yet been added to the cat6k list of features.

I cry :-(

Thanks hritter and all