use of vrf on a router

From: Jens Petter Johansen (jenseike@start.no)
Date: Fri May 02 2008 - 05:24:14 ART

• Next message: A.G. Ananth Sarma (GMail): "Re: class-map example in doc cd,is it correct? More on this"
• Previous message: Alexei Monastyrnyi: "Re: Status lab rack on Sydney"
• Next in thread: Leandro Reis: "Re: use of vrf on a router"
• Maybe reply: Leandro Reis: "Re: use of vrf on a router"
• Maybe reply: Thomas Fowles: "Re: use of vrf on a router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group..

I have a question that regards the use of vrf on a router.. I have on a
router used two vrf, the first called adm and the secomd called wl..

I seem to meet some different problems whith the use of this..

First problem:

I have put an access-list on the vty lines that only accepts ip traffic
from the 172.16.0.0/16 net.. When I try to telnet from this network (that
has a route in the routing table for vrf adm) The login gets denyed..
I even tried to put in permit any in the acl but still no access.. I
recon that this has something to do with the vrf config

Second problem

I have configured radius loging on the router.. This radius server also
have a route trough vrf adm.. But it does not seem to reach the server
att all.. I dont get any logs on the server..

Third problem

My ntp server do not syncronize with my ntp server.. This ntp server also
have a route trough vrf adm...

Seems to me all of these problems are related to using vrf.. But I am not
able to find any commands that I can use in either of these tecnologies
to specify that they should use vrf adm.. Only for the radius server I
am
able to specify what interface to use for source (wich I entered in the
source interface to be a vrf adm forwarding interface) but still I dont
reach the server..

Anybody that can help me out with what to do here??

aaa authentication login default group radius local
aaa authentication login console enable

ip vrf adm
 rd 12345:1
!
ip vrf forwarding
!
ip vrf wl
 rd 12345:70
!
interface FastEthernet0/1
 no ip address
 duplex full
 speed 100
!
interface FastEthernet0/1.153
 encapsulation dot1Q 153
 ip vrf forwarding wl
 ip address 172.17.255.41 255.255.255.252
 no snmp trap link-status
!
interface FastEthernet0/1.299
 encapsulation dot1Q 299
 ip vrf forwarding adm
 ip address 150.106.207.41 255.255.255.252
 no snmp trap link-status
router ospf 11 vrf adm
 log-adjacency-changes
 redistribute connected subnets
 network 150.106.207.41 0.0.0.0 area 0
 network 150.106.248.1 0.0.0.0 area 0
 network 172.19.248.1 0.0.0.0 area 0
 distribute-list route-map denypro in
!
router ospf 12 vrf wl
 log-adjacency-changes
 redistribute connected subnets
 network 172.17.248.1 0.0.0.0 area 0
 network 172.17.255.41 0.0.0.0 area 0

access-list 10 permit 172.16.0.0 0.0.255.255

radius-server host 150.106.199.201 auth-port 1645 acct-port 1646
radius-server host 150.106.199.200 auth-port 1645 acct-port 1646
radius-server retransmit 1
radius-server timeout 1

Jens

-------------------------------------------------------------------------
Fe din egen, gratis e-postadresse pe Start.no

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: A.G. Ananth Sarma (GMail): "Re: class-map example in doc cd,is it correct? More on this"
• Previous message: Alexei Monastyrnyi: "Re: Status lab rack on Sydney"
• Next in thread: Leandro Reis: "Re: use of vrf on a router"
• Maybe reply: Leandro Reis: "Re: use of vrf on a router"
• Maybe reply: Thomas Fowles: "Re: use of vrf on a router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:15 ART