[c-nsp] Catalyst 4507R and VRF-Lite

David Prall dcp at dcptech.com
Mon Feb 5 17:38:06 EST 2007


On the vty you need to put an access-class and use vrf-also.

http://cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_referenc
e_chapter09186a00800873c8.html

David

--
http://dcp.dcptech.com


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Francisco Rivas
> Sent: Monday, February 05, 2007 4:20 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Catalyst 4507R and VRF-Lite
>
> Hi all,
>
> I have a Cisco 4507R that's being used to connect three
> trunks from different providers. I need to pass some vlans
> from one provider to another, but these vlans needs to be
> renumbered. So I'm using VRF's to add interfaces from each
> provider to one VRF per circuit, routing among them, and
> that's OK. But I noticed one problem: if I try to get a
> telnet connection to any IP address of the 4507R inside of a
> VRF, from the CP point (from the customer's PE for example,
> to the router), the Catalyst don't answer the request and it
> gives me this output on the log:
>
> TCP0: bad seg from 192.168.10.2 -- IDB not up: port 23 seq
> 2757041294 ack 0 rcvnxt 0 rcvwnd 4128 len 0
>
> the config of the VRF is like this:
>
> ip vrf Test
>  rd 1:1
>  route-target export 1:1
>  route-target import 1:1
>
> !
> interface GigabitEthernet3/5
>  switchport access vlan 201
>  switchport mode access
> !
> interface Vlan201
>  ip vrf forwarding Test
>  ip address 192.168.10.1 255.255.255.252  no ip redirects !
> line vty 0 4
>  exec-timeout 5 0
>  password 7 xxxxxxxxxxxxxxxxxxxxx
>  login
> line vty 5 15
>  exec-timeout 5 0
>  password 7 xxxxxxxxxxxxxxxxxxxxx
>  login
> !
>
>
>
> So I have plugged a PC on the port 3/5 of the switch, and I
> give it the IP 192.168.10.2. I can ping the catalyst
> interface from the PC (192.168.10.1), but I can't telnet to it.
> What can I be missing here? I can telnet to the catalyst
> using the mgmt interface, but not using the IP of the VRF
> interface. Besides this, if I remove the "ip vrf forwarding
> Test" from the interface, and put the IP address again, I can
> telnet them without any problems....
> The IOS version running on the Catalyst is 12.2(25)EWA8
>
> regards,
>
> Francisco Rivas C.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list