[c-nsp] Catalyst 4507R and VRF-Lite

[Francisco Rivas]

Hi all,

I have a Cisco 4507R that's being used to connect three trunks from 
different providers. I need to pass some vlans from one provider to 
another, but these vlans needs to be renumbered. So I'm using VRF's to 
add interfaces from each provider to one VRF per circuit, routing among 
them, and that's OK. But I noticed one problem: if I try to get a telnet 
connection to any IP address of the 4507R inside of a VRF, from the CP 
point (from the customer's PE for example, to the router), the Catalyst 
don't answer the request and it gives me this output on the log:

TCP0: bad seg from 192.168.10.2 -- IDB not up: port 23 seq 2757041294 
ack 0 rcvnxt 0 rcvwnd 4128 len 0

the config of the VRF is like this:

ip vrf Test
 rd 1:1
 route-target export 1:1
 route-target import 1:1

!        
interface GigabitEthernet3/5
 switchport access vlan 201
 switchport mode access
!
interface Vlan201
 ip vrf forwarding Test
 ip address 192.168.10.1 255.255.255.252
 no ip redirects
!
line vty 0 4
 exec-timeout 5 0
 password 7 xxxxxxxxxxxxxxxxxxxxx
 login
line vty 5 15
 exec-timeout 5 0
 password 7 xxxxxxxxxxxxxxxxxxxxx
 login
!



So I have plugged a PC on the port 3/5 of the switch, and I give it the 
IP 192.168.10.2. I can ping the catalyst interface from the PC 
(192.168.10.1), but I can't telnet to it.
What can I be missing here? I can telnet to the catalyst using the mgmt 
interface, but not using the IP of the VRF interface. Besides this, if I 
remove the "ip vrf forwarding Test" from the interface, and put the IP 
address again, I can telnet them without any problems....
The IOS version running on the Catalyst is 12.2(25)EWA8

regards,

Francisco Rivas C.