we already enabled directed broadcast forwarding but it is not working. Without vrf's everything is fine.

/mspoerr

can you post the configuration and also the IOS version in use.

I am sorry but it is not helpful for my problem.

The configuration is the following:

interface Vlan322

ip vrf forwarding AUV-Neu

ip address 10.130.112.1 255.255.255.224

no ip redirects

ip directed-broadcast

no ip proxy-arp

!

interface Vlan323

ip vrf forwarding AUV-Neu

ip address 10.130.113.1 255.255.255.0

no ip redirects

ip directed-broadcast

no ip proxy-arp

ip pim dense-mode

What we want to do next is to configure the broadcast-address for each segment with the "ip broadcast-address" command. Maybe this will help.

/mspoerr

" By default, IP directed broadcasts are dropped; they are not forwarded. Dropping IP-directed broadcasts makes routers less susceptible to denial-of-service attacks.

You can enable forwarding of IP-directed broadcasts on an interface where the broadcast becomes a physical (MAC-layer) broadcast. Only those protocols configured by using the ****ip forward-protocol**** global configuration command are forwarded

You can specify an access list to control which broadcasts are forwarded. When an access list is specified, only those IP packets permitted by the access list are eligible to be translated from directed broadcasts to physical broadcasts"

The Ip broadcast-address helps you in configuring a broadcast address, default broadcast address being 255.255.255.255. What you can possibly do is configure the broadcast address of each of your network segments to its connected interface. as you have already enabled directed broadcast you can now specify the type of broadcast packets that need to be forwarded.

again check out this link for follow up.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080115936.html#xtocid16

I don't think that the "ip forward-protocol" is needed because without vrf the switch forwards the directed broadcasts.

/mspoerr

Based on your config, you seems to implement Ethernet solution using one VRF to support multiple VLANs or multi-VRF CE using one Ethernet PE port? If you used ISL trunking, MPLS VPN won't work. Some equipment, such as engine 0 GE line card won't support MPLS VPN. The information that you provided really is not enough for me to help out. I may be able to figure out if you attach a detail drawing and the whole PE and CE config.

We are using the C3550 as Mulit-vrf CE and we do not use ISL trunking. Without vrf's it is working.

I have now a litte test setup -> Host1 - c3550 - Host2. I use a ping to the broadcast address as "test tool". Without vrf's I get some answers, with vrf's I get an "icmp host unreachable". When I do the ping from the c3550 I get all the answers.

/mspoerr

---

Config:

ip vrf test

rd 65000:65000

interface FastEthernet0/1

switchport mode access

no ip address

spanning-tree portfast

!

interface FastEthernet0/2

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

interface Vlan1

ip vrf forwarding test

ip address 10.1.1.1 255.255.255.0

ip broadcast-address 10.1.1.255

ip directed-broadcast

!

interface Vlan2

ip vrf forwarding test

ip address 10.2.2.2 255.255.255.0

ip broadcast-address 10.2.2.255

ip directed-broadcast

The 3550 multi-VRF CE should work...it works in my environment. I haven't seen your complete config yet...I just suggest the following:

1. Check the switch IOS. It has to 12.1.11EA1 or later.

2. Check your design. A physical interfaces on 3550 switch connect, as a 802.1Q trunk, to the PE and FE0/1 and FE0/2 should connect to the CE hosts(VPN TEST). Check the routing protocol in the multi-vrf CE switch...only the latest IOS support routing protocol other than OSPF. I assume you have defined a routing protocol, such as eBGP, between the PE and the 3550 switch CE. If not, your config have not complete. The following is my suggestion:

ip routing

ip vrf test

rd 65000:65000

route-target export 65000:65000

route-target import 65000:65000

!

interface FastEthernet0/x

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree portfast

!

interface FastEthernet0/1

switchport access vlan 1

switchport mode access

no ip address

spanning-tree portfast

!

interface FastEthernet0/2

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

!

interface Vlan1

ip vrf forwarding test

ip address 10.1.1.1 255.255.255.0

!

interface Vlan2

ip vrf forwarding test

ip address 10.2.2.2 255.255.255.0

!

router ospf 1 vrf test

.

.(I assume this has been defined)

.

router bgp 65000

.

.(I assume this has been defined)

.

There is only the c3550 with no other connections. My testsetup was the following:

PC1 - (VLAN1 - c3550 - VLAN2) - PC2

When I ping the broadcast address of VLAN2 from PC1 and the vlans are in the same vrf, it is not working.

The switch IOS is 12.1.20.EA1a, enhanced routing is activated.

/mspoerr