05-03-2004 06:21 AM
Hello,
my customer configured a 3550 with vrf's and needs the ability that directed broadcasts are exchanged between some L3 Interfaces on this switch which are all in the same vrf. Is this supported because it's not working?
Thank's
Mathias
05-03-2004 11:43 PM
You need to enable directed broadcast forwarding on the L3 Interfaces
use the command Ip directed-broadcast on the interfaces to enable directed broadcast forwarding.
Refer to this URL for more information
05-04-2004 12:05 AM
we already enabled directed broadcast forwarding but it is not working. Without vrf's everything is fine.
/mspoerr
05-04-2004 05:09 AM
can you post the configuration and also the IOS version in use.
05-05-2004 12:57 AM
check out this link, it may be of use to you.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a00800800b6.html
05-05-2004 03:58 AM
I am sorry but it is not helpful for my problem.
The configuration is the following:
interface Vlan322
ip vrf forwarding AUV-Neu
ip address 10.130.112.1 255.255.255.224
no ip redirects
ip directed-broadcast
no ip proxy-arp
!
interface Vlan323
ip vrf forwarding AUV-Neu
ip address 10.130.113.1 255.255.255.0
no ip redirects
ip directed-broadcast
no ip proxy-arp
ip pim dense-mode
What we want to do next is to configure the broadcast-address for each segment with the "ip broadcast-address" command. Maybe this will help.
/mspoerr
05-05-2004 10:30 PM
" By default, IP directed broadcasts are dropped; they are not forwarded. Dropping IP-directed broadcasts makes routers less susceptible to denial-of-service attacks.
You can enable forwarding of IP-directed broadcasts on an interface where the broadcast becomes a physical (MAC-layer) broadcast. Only those protocols configured by using the ****ip forward-protocol**** global configuration command are forwarded
You can specify an access list to control which broadcasts are forwarded. When an access list is specified, only those IP packets permitted by the access list are eligible to be translated from directed broadcasts to physical broadcasts"
The Ip broadcast-address helps you in configuring a broadcast address, default broadcast address being 255.255.255.255. What you can possibly do is configure the broadcast address of each of your network segments to its connected interface. as you have already enabled directed broadcast you can now specify the type of broadcast packets that need to be forwarded.
again check out this link for follow up.
05-10-2004 05:28 AM
I don't think that the "ip forward-protocol" is needed because without vrf the switch forwards the directed broadcasts.
/mspoerr
05-06-2004 05:53 PM
Based on your config, you seems to implement Ethernet solution using one VRF to support multiple VLANs or multi-VRF CE using one Ethernet PE port? If you used ISL trunking, MPLS VPN won't work. Some equipment, such as engine 0 GE line card won't support MPLS VPN. The information that you provided really is not enough for me to help out. I may be able to figure out if you attach a detail drawing and the whole PE and CE config.
05-10-2004 05:41 AM
We are using the C3550 as Mulit-vrf CE and we do not use ISL trunking. Without vrf's it is working.
I have now a litte test setup -> Host1 - c3550 - Host2. I use a ping to the broadcast address as "test tool". Without vrf's I get some answers, with vrf's I get an "icmp host unreachable". When I do the ping from the c3550 I get all the answers.
/mspoerr
---
Config:
ip vrf test
rd 65000:65000
interface FastEthernet0/1
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
interface Vlan1
ip vrf forwarding test
ip address 10.1.1.1 255.255.255.0
ip broadcast-address 10.1.1.255
ip directed-broadcast
!
interface Vlan2
ip vrf forwarding test
ip address 10.2.2.2 255.255.255.0
ip broadcast-address 10.2.2.255
ip directed-broadcast
05-12-2004 02:17 PM
The 3550 multi-VRF CE should work...it works in my environment. I haven't seen your complete config yet...I just suggest the following:
1. Check the switch IOS. It has to 12.1.11EA1 or later.
2. Check your design. A physical interfaces on 3550 switch connect, as a 802.1Q trunk, to the PE and FE0/1 and FE0/2 should connect to the CE hosts(VPN TEST). Check the routing protocol in the multi-vrf CE switch...only the latest IOS support routing protocol other than OSPF. I assume you have defined a routing protocol, such as eBGP, between the PE and the 3550 switch CE. If not, your config have not complete. The following is my suggestion:
ip routing
ip vrf test
rd 65000:65000
route-target export 65000:65000
route-target import 65000:65000
!
interface FastEthernet0/x
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
spanning-tree portfast
!
interface FastEthernet0/1
switchport access vlan 1
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
!
interface Vlan1
ip vrf forwarding test
ip address 10.1.1.1 255.255.255.0
!
interface Vlan2
ip vrf forwarding test
ip address 10.2.2.2 255.255.255.0
!
router ospf 1 vrf test
.
.(I assume this has been defined)
.
router bgp 65000
.
.(I assume this has been defined)
.
05-12-2004 11:35 PM
There is only the c3550 with no other connections. My testsetup was the following:
PC1 - (VLAN1 - c3550 - VLAN2) - PC2
When I ping the broadcast address of VLAN2 from PC1 and the vlans are in the same vrf, it is not working.
The switch IOS is 12.1.20.EA1a, enhanced routing is activated.
/mspoerr
05-29-2004 10:15 AM
Hi all,
I opened a TAC case for this issue and after some time they told me that this is a bug. The problem is resolved in 12.1.20.EA2 IOS.
/mspoerr
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide