Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
2
Helpful
5
Replies

vrf-lite

Go to solution
Sunny Banks
Level 1
Level 1

‎03-26-2024 12:27 PM

SunnyBanks_0-1711481035694.png

Hello gentle people,

I'm labbing a vrf-lite setup and I feel the config is good. Per the topology, CORP works but PROD does not. The networks behind the core neighbour are pingable for CORP but not PROD. Here's the config for R1 & R2 : -

R1#show run
Building configuration...

Current configuration : 2183 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
ip vrf CORP
!
ip vrf PROD
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface GigabitEthernet0/0
ip vrf forwarding CORP
ip address 10.10.10.1 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet3/0
ip vrf forwarding PROD
ip address 10.10.10.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet4/0
no ip address
negotiation auto
!
interface GigabitEthernet4/0.1
encapsulation dot1Q 10
ip vrf forwarding CORP
ip address 30.30.30.1 255.255.255.252
!
interface GigabitEthernet4/0.2
encapsulation dot1Q 20
ip vrf forwarding PROD
ip address 30.30.30.5 255.255.255.252
!
interface FastEthernet5/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet6/0
no ip address
shutdown
negotiation auto
!
router ospf 1 vrf PROD
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.3 area 0
!
router ospf 2 vrf CORP
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.3 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
end

R2#show run
Building configuration...

Current configuration : 2183 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
ip vrf CORP
!
ip vrf PROD
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface GigabitEthernet0/0
ip vrf forwarding CORP
ip address 20.20.20.1 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet3/0
ip vrf forwarding PROD
ip address 20.20.20.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet4/0
no ip address
negotiation auto
!
interface GigabitEthernet4/0.1
encapsulation dot1Q 10
ip vrf forwarding CORP
ip address 30.30.30.2 255.255.255.252
!
interface GigabitEthernet4/0.2
encapsulation dot1Q 20
ip vrf forwarding PROD
ip address 30.30.30.6 255.255.255.252
!
interface FastEthernet5/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet6/0
no ip address
shutdown
negotiation auto
!
router ospf 1 vrf PROD
log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.3 area 0
!
router ospf 2 vrf CORP
log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.3 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
end

I've taken multiple looks and it seems good. Am I missing something obvious?

Thanks in advance,

Sunny

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
David Ruess
VIP
VIP

‎03-26-2024 01:25 PM

Hello,

Your PROD OSPF configuration is incorrect. Your network statement doesn't cover the interfaces in the PROD VRF. I'm assuming you also don't have PROD OSPF neighborship. Change it to include the .5 and .6 interfaces respectively/ Once you change that it should work.

 

-David

 

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎03-26-2024 01:15 PM

at first glance you OSPF configuration is incorrect:

router ospf 1 vrf PROD
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.3 area 0

you are advertising 30.30.30.0/30 network when you should be advertising 30.30.30.4/30 network

router ospf 1 vrf PROD
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 30.30.30.4 0.0.0.3 area 0

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

5 Replies 5

Go to solution
MHM Cisco World
VIP
VIP

‎03-26-2024 01:10 PM - edited ‎03-26-2024 01:20 PM

Nothing wrong in your config still

There is one piece missing' the RD of vrf 

You need to add RD for each VRF 

Then wr config' close lab and open it again and check 

As my colleague mention the subnet and mask is also wrong you use ""network 30.30.30.0 0.0.0.3"" but you need to use ""network 30.30.30.4/30""

MHM

0 Helpful

Go to solution
David Ruess
VIP
VIP

‎03-26-2024 01:25 PM

Hello,

Your PROD OSPF configuration is incorrect. Your network statement doesn't cover the interfaces in the PROD VRF. I'm assuming you also don't have PROD OSPF neighborship. Change it to include the .5 and .6 interfaces respectively/ Once you change that it should work.

 

-David

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎03-26-2024 01:13 PM

I reply to your second post' please check my reply 

MHM

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎03-26-2024 01:15 PM

at first glance you OSPF configuration is incorrect:

router ospf 1 vrf PROD
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 30.30.30.0 0.0.0.3 area 0

you are advertising 30.30.30.0/30 network when you should be advertising 30.30.30.4/30 network

router ospf 1 vrf PROD
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 30.30.30.4 0.0.0.3 area 0

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Sunny Banks
Level 1
Level 1

‎03-26-2024 04:19 PM

Thank you all. It was indeed the PROD ospf network statement.

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card