I'm trying to come up with a config for have both MPLS (within a vrf) and DIA on the same router,. I have what I thought would work all lab'd up, but it's not all the way there and i'm not sure what i'm missing, or if it will even work this way.
All Cisco equipment: (configs attached) cust-switch <--> 3825 <--> ME3600 <--> 3825 <--> cust-switch the switch(s) have an ip address within vlan 100 .254 repectively I can see the subnet from the neighboring device in the vrf routing table, an can ping .2 (local to the router, on FE0/0/0) but can not ping .254 from remote side. Anyone able to give this a once-over would be greatly appreciated.
Cisco 3825 with a 2 port FE WIC card, attached to a 48 port switch. Fe0/0/0 and GigabitEthernet0/0.100 all on vlan 100 version 15.1 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service linenumber service sequence-numbers ! hostname Site-B-WF ! boot-start-marker boot system flash:c3825-adventerprisek9-mz.151-4.M10.bin boot-end-marker ! ! ! aaa new-model ! ! ! ! aaa session-id common ! clock timezone MST -7 0 clock summer-time MDT recurring ! dot11 syslog no ip source-route ! ip vrf mpls-vpn description MPLS VPN rd 18897:200 ! ip cef ! ! ip dhcp excluded-address 192.168.11.1 192.168.11.99 ip dhcp excluded-address 192.168.11.161 192.168.11.254 ! ip dhcp pool Computers network 192.168.11.0 255.255.255.0 default-router 192.168.11.1 dns-server 216.211.190.3 9.9.9.9 ! ip dhcp pool Phones network 192.168.12.0 255.255.255.0 default-router 192.168.12.1 dns-server 216.211.190.3 9.9.9.9 ! ip dhcp pool Wireless network 10.11.100.0 255.255.255.0 default-router 10.11.100.1 dns-server 216.211.190.3 9.9.9.9 lease 0 2 ! ip dhcp pool Tennant network 192.168.150.0 255.255.255.0 default-router 192.168.150.1 dns-server 216.211.190.3 9.9.9.9 ! ! no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! voice-card 0 ! ! ! ! ! ! ! crypto pki token default removal timeout 0 ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.11.254.121 255.255.255.255 no ip redirects no ip proxy-arp ip flow ingress ip ospf network point-to-point ! interface Null0 no ip unreachables no ipv6 unreachables ! interface GigabitEthernet0/0 no ip address ip nat inside ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.100 description Computers encapsulation dot1Q 100 ip address 192.168.11.1 255.255.255.0 no ip redirects no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/0.200 description Phones encapsulation dot1Q 200 ip address 192.168.12.1 255.255.255.0 no ip redirects no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/0.300 description Wireless encapsulation dot1Q 300 ip address 10.11.100.1 255.255.255.0 no ip redirects no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/0.400 description Tennant encapsulation dot1Q 400 ip address 192.168.150.1 255.255.255.0 no ip redirects no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1 mtu 9216 no ip address no ip redirects no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly in ip ospf network point-to-point ip ospf mtu-ignore duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.3595 description Data WAN encapsulation dot1Q 3595 ip address 208.123.206.226 255.255.255.248 ip nat outside ip virtual-reassembly in ! interface GigabitEthernet0/1.3602 description MPLS WAN encapsulation dot1Q 3602 ip vrf forwarding mpls-vpn ip address 10.10.10.2 255.255.255.252 ip virtual-reassembly in ! interface FastEthernet0/0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0/0.100 encapsulation dot1Q 100 ip vrf forwarding mpls-vpn ip address 192.168.11.2 255.255.255.0 ! interface FastEthernet0/0/1 no ip address shutdown duplex auto speed auto ! router bgp 65001 bgp router-id 10.11.254.121 bgp log-neighbor-changes neighbor 10.10.10.1 remote-as 65001 neighbor 208.123.206.225 remote-as 18897 ! address-family ipv4 network 10.10.10.0 mask 255.255.255.252 network 192.168.16.0 network 208.123.206.224 mask 255.255.255.248 redistribute connected no neighbor 10.10.10.1 activate neighbor 208.123.206.225 activate neighbor 208.123.206.225 soft-reconfiguration inbound neighbor 208.123.206.225 prefix-list AS-65001-net out exit-address-family ! address-family ipv4 vrf mpls-vpn network 10.10.10.0 mask 255.255.255.252 network 192.168.11.0 neighbor 10.10.10.1 remote-as 18897 neighbor 10.10.10.1 activate neighbor 10.10.10.1 soft-reconfiguration inbound neighbor 10.10.10.1 prefix-list AS-65001-vrf out exit-address-family ! ip default-gateway 208.123.206.225 ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 150 interface GigabitEthernet0/1.3595 overload ip route 0.0.0.0 0.0.0.0 208.123.206.225 ! ip prefix-list AS-65001-net seq 6 permit 208.123.206.224/29 ip prefix-list AS-65001-net seq 10 permit 10.11.254.121/32 ! ip prefix-list AS-65001-vrf seq 10 permit 192.168.11.0/24 ip prefix-list AS-65001-vrf seq 20 permit 10.10.10.0/30 ! ip prefix-list default-only seq 5 permit 0.0.0.0/0 access-list 150 remark Network Address Translation access-list 150 permit ip 192.168.11.0 0.0.0.255 any access-list 150 permit ip 192.168.12.0 0.0.0.255 any access-list 151 permit ip 192.168.11.0 0.0.0.255 192.168.16.0 0.0.0.255 access-list 151 permit ip 192.168.12.0 0.0.0.255 192.168.16.0 0.0.0.255 access-list 151 permit ip 192.168.11.0 0.0.0.255 192.168.17.0 0.0.0.255 access-list 151 permit ip 192.168.12.0 0.0.0.255 192.168.17.0 0.0.0.255 ! ! ! ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! line con 0 session-timeout 30 exec-timeout 60 0 logging synchronous line aux 0 session-timeout 30 exec-timeout 60 0 logging synchronous no exec transport input all line vty 0 4 session-timeout 30 exec-timeout 60 0 privilege level 15 logging synchronous transport input all line vty 5 15 session-timeout 30 exec-timeout 60 0 logging synchronous transport input all ! scheduler allocate 20000 1000 Site-B-WF# Site-B-WF#show ip route vrf mpls-vpn Routing Table: mpls-vpn Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C 10.10.10.0/30 is directly connected, GigabitEthernet0/1.3602 L 10.10.10.2/32 is directly connected, GigabitEthernet0/1.3602 B 10.10.10.4/30 [20/0] via 10.10.10.1, 3d12h 192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.11.0/24 is directly connected, FastEthernet0/0/0.100 L 192.168.11.2/32 is directly connected, FastEthernet0/0/0.100 B 192.168.16.0/24 [20/0] via 10.10.10.1, 15:52:26
Cisco 3825 with a 2 port FE WIC card, attached to a 48 port switch. Fe0/0/0 and GigabitEthernet0/1.100 all on vlan 100 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Site-A-KAL ! boot-start-marker boot system flash:c3825-adventerprisek9-mz.151-4.M10.bin boot-end-marker ! ! ! aaa new-model ! ! ! ! ! ! aaa session-id common ! ! dot11 syslog ip source-route ! ip vrf mpls-vpn description MPLS VPN rd 18897:200 ! ip cef ! ! ip dhcp excluded-address 192.168.16.1 192.168.16.99 ip dhcp excluded-address 192.168.16.161 192.168.16.254 ip dhcp excluded-address 192.168.17.1 192.168.17.99 ip dhcp excluded-address 192.168.17.161 192.168.17.254 ! ip dhcp pool Computers network 192.168.16.0 255.255.255.0 default-router 192.168.16.1 dns-server 216.211.190.3 9.9.9.9 ! ip dhcp pool Sip-Phones network 192.168.17.0 255.255.255.0 default-router 192.168.17.1 dns-server 216.211.190.3 9.9.9.9 ! ip dhcp pool Customer-Wireless network 10.11.100.0 255.255.255.0 default-router 10.11.100.1 dns-server 216.211.190.3 9.9.9.9 lease 0 2 ! ! no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! voice-card 0 ! ! ! ! ! ! ! crypto pki token default removal timeout 0 ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.11.254.122 255.255.255.255 ! interface GigabitEthernet0/0 no ip address ip nat inside ip virtual-reassembly in duplex auto speed auto media-type sfp negotiation auto ! interface GigabitEthernet0/0.3627 description DIA WAN encapsulation dot1Q 3627 ip address 208.123.206.234 255.255.255.248 ip virtual-reassembly in ! interface GigabitEthernet0/0.3628 description MPLS WAN encapsulation dot1Q 3628 ip vrf forwarding mpls-vpn ip address 10.10.10.6 255.255.255.252 ip virtual-reassembly in ! interface GigabitEthernet0/1 no ip address ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.100 description Computers encapsulation dot1Q 100 ip address 192.168.16.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.200 description VOIP Phones encapsulation dot1Q 200 ip address 192.168.17.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.300 description "Customer Wireless Network" encapsulation dot1Q 300 ip address 10.11.100.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface FastEthernet0/0/0 ip vrf forwarding mpls-vpn ip address 192.168.16.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/0/1 no ip address shutdown duplex auto speed auto ! router bgp 65001 bgp router-id 10.11.254.122 bgp log-neighbor-changes neighbor 208.123.206.233 remote-as 18897 ! address-family ipv4 redistribute connected neighbor 208.123.206.233 activate neighbor 208.123.206.233 soft-reconfiguration inbound neighbor 208.123.206.233 prefix-list default-only in neighbor 208.123.206.233 prefix-list AS-65001-net out exit-address-family ! address-family ipv4 vrf mpls-vpn network 10.10.10.4 mask 255.255.255.252 network 192.168.16.0 neighbor 10.10.10.5 remote-as 18897 neighbor 10.10.10.5 activate neighbor 10.10.10.5 soft-reconfiguration inbound neighbor 10.10.10.5 prefix-list AS-65001-vrf out exit-address-family ! ip default-gateway 208.123.206.233 ip forward-protocol nd ip http server no ip http secure-server ! ! ip nat inside source list 150 interface GigabitEthernet0/0.3627 overload ip route 0.0.0.0 0.0.0.0 208.123.206.233 ! ! ip prefix-list AS-65001-net seq 6 permit 208.123.206.232/29 ip prefix-list AS-65001-net seq 10 permit 10.11.254.122/32 ! ip prefix-list AS-65001-vrf seq 10 permit 192.168.16.0/24 ip prefix-list AS-65001-vrf seq 20 permit 10.10.10.4/30 ! ip prefix-list default-only seq 5 permit 0.0.0.0/0 access-list 150 remark Network Address Translation access-list 150 permit ip 192.168.16.0 0.0.0.255 any access-list 150 permit ip 192.168.17.0 0.0.0.255 any access-list 150 permit ip 10.11.100.0 0.0.0.255 any ! ! ! ! ! control-plane ! ! ! ! mgcp profile default ! ! ! ! line con 0 session-timeout 30 exec-timeout 60 0 logging synchronous line aux 0 session-timeout 30 exec-timeout 60 0 logging synchronous no exec transport input all line vty 0 4 session-timeout 30 exec-timeout 60 0 privilege level 15 logging synchronous transport input all ! scheduler allocate 20000 1000 Site-A-KAL#show ip route vrf mpls-vpn Routing Table: mpls-vpn Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks B 10.10.10.0/30 [20/0] via 10.10.10.5, 3d12h C 10.10.10.4/30 is directly connected, GigabitEthernet0/0.3628 L 10.10.10.6/32 is directly connected, GigabitEthernet0/0.3628 B 192.168.11.0/24 [20/0] via 10.10.10.5, 15:06:51 192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.16.0/24 is directly connected, FastEthernet0/0/0 L 192.168.16.2/32 is directly connected, FastEthernet0/0/0
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/