From: Leandro Reis (leandrodarochareis@gmail.com)
Date: Fri May 02 2008 - 11:53:03 ART
Jens,
These should be enough:
1) Inside the VTY line: access-class 10 in vrf-also
2) ip radius source-interface FastEthernet0/1.299 vrf adm
3) ntp sever vrf adm x.y.w.z
Cheers,
Leandro
On 5/2/08, Jens Petter Johansen <jenseike@start.no> wrote:
> Hi group..
>
> I have a question that regards the use of vrf on a router.. I have on a
> router used two vrf, the first called adm and the secomd called wl..
>
> I seem to meet some different problems whith the use of this..
>
> First problem:
>
> I have put an access-list on the vty lines that only accepts ip traffic
> from the 172.16.0.0/16 net.. When I try to telnet from this network (that
> has a route in the routing table for vrf adm) The login gets denyed..
> I even tried to put in permit any in the acl but still no access.. I
> recon that this has something to do with the vrf config
>
> Second problem
>
> I have configured radius loging on the router.. This radius server also
> have a route trough vrf adm.. But it does not seem to reach the server
> att all.. I dont get any logs on the server..
>
> Third problem
>
> My ntp server do not syncronize with my ntp server.. This ntp server also
> have a route trough vrf adm...
>
> Seems to me all of these problems are related to using vrf.. But I am not
> able to find any commands that I can use in either of these tecnologies
> to specify that they should use vrf adm.. Only for the radius server I
> am
> able to specify what interface to use for source (wich I entered in the
> source interface to be a vrf adm forwarding interface) but still I dont
> reach the server..
>
> Anybody that can help me out with what to do here??
>
> aaa authentication login default group radius local
> aaa authentication login console enable
>
> ip vrf adm
> rd 12345:1
> !
> ip vrf forwarding
> !
> ip vrf wl
> rd 12345:70
> !
> interface FastEthernet0/1
> no ip address
> duplex full
> speed 100
> !
> interface FastEthernet0/1.153
> encapsulation dot1Q 153
> ip vrf forwarding wl
> ip address 172.17.255.41 255.255.255.252
> no snmp trap link-status
> !
> interface FastEthernet0/1.299
> encapsulation dot1Q 299
> ip vrf forwarding adm
> ip address 150.106.207.41 255.255.255.252
> no snmp trap link-status
> router ospf 11 vrf adm
> log-adjacency-changes
> redistribute connected subnets
> network 150.106.207.41 0.0.0.0 area 0
> network 150.106.248.1 0.0.0.0 area 0
> network 172.19.248.1 0.0.0.0 area 0
> distribute-list route-map denypro in
> !
> router ospf 12 vrf wl
> log-adjacency-changes
> redistribute connected subnets
> network 172.17.248.1 0.0.0.0 area 0
> network 172.17.255.41 0.0.0.0 area 0
>
> access-list 10 permit 172.16.0.0 0.0.255.255
>
> radius-server host 150.106.199.201 auth-port 1645 acct-port 1646
> radius-server host 150.106.199.200 auth-port 1645 acct-port 1646
> radius-server retransmit 1
> radius-server timeout 1
>
> Jens
>
> -------------------------------------------------------------------------
> Fe din egen, gratis e-postadresse pe Start.no
>
>
> Pass the CCIE in six weeks, Guaranteed!
> http://www.certscience.com/CCIE
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:15 ART