07-07-2023 02:51 AM
Hello everyone, I am currently experiencing difficulties configuring OSPF using 4 VRFs in a circular/ring network using only one physical router. The problem lies in the fact that I am unable to configure IP routing on the LAN subinterface.
This is my configuration:
Current configuration : 3558 bytes
!
! Last configuration change at 10:05:03 UTC Fri Jul 7 2023
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
vrf definition green
!
address-family ipv4
exit-address-family
!
vrf definition yellow
!
address-family ipv4
exit-address-family
!
enable secret 5 $1$AMYY$sEXFgKu.yngef7hiP8Dgu1
enable password cisco456
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
ip vrf blue
rd 65000:2
!
ip vrf red
rd 65000:1
!
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1434C389
!
!
!
!
!
!
!
!
interface Loopback1
ip vrf forwarding red
ip address 10.0.0.1 255.255.255.255
!
interface Loopback2
ip vrf forwarding blue
ip address 10.0.0.2 255.255.255.255
!
interface GigabitEthernet0/0
bandwidth 100
ip vrf forwarding blue
ip address 192.168.1.12 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0.1
ip vrf forwarding red
!
interface GigabitEthernet0/0.2
ip vrf forwarding blue
!
interface GigabitEthernet0/0.3
vrf forwarding yellow
!
interface GigabitEthernet0/0.4
vrf forwarding green
!
interface GigabitEthernet0/1
description unused available port
ip vrf forwarding red
ip address 192.168.1.13 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1.1
ip vrf forwarding red
!
interface GigabitEthernet0/1.2
ip vrf forwarding blue
!
interface GigabitEthernet0/1.3
vrf forwarding yellow
!
interface GigabitEthernet0/1.4
vrf forwarding green
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
router ospf 2 vrf blue
router-id 10.0.0.2
log-adjacency-changes
redistribute static subnets
network 192.168.1.0 0.0.0.255 area 0
!
router ospf 1 vrf red
router-id 10.0.0.1
log-adjacency-changes
redistribute static subnets
network 192.168.1.0 0.0.0.255 area 0
!
router rip
version 2
network 192.168.1.0
!
address-family ipv4 vrf red
redistribute connected
network 192.168.1.0
neighbor 192.168.1.12
no auto-summary
exit-address-family
!
address-family ipv4 vrf blue
redistribute connected
network 192.168.1.0
neighbor 192.168.1.13
no auto-summary
exit-address-family
!
router bgp 65000
no synchronization
no bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf blue
no synchronization
bgp router-id 192.168.1.12
network 10.2.0.0 mask 255.255.255.0
redistribute connected
neighbor 192.168.1.13 remote-as 65000
neighbor 192.168.1.13 activate
exit-address-family
!
address-family ipv4 vrf red
no synchronization
bgp router-id 192.168.1.13
network 10.1.0.0 mask 255.255.255.0
redistribute connected
neighbor 192.168.1.12 remote-as 65000
neighbor 192.168.1.12 activate
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route vrf blue 10.2.0.0 255.255.255.0 Null0
ip route vrf blue 10.5.0.0 255.255.0.0 Null0
ip route vrf blue 10.5.0.0 255.255.255.0 Null0
ip route vrf blue 10.5.1.0 255.255.255.0 Null0
!
!
!
snmp-server community public RO
!
control-plane
!
!
line con 0
exec-timeout 0 0
password cisco
line aux 0
password cisco
login
modem InOut
transport input all
speed 115200
flowcontrol hardware
line vty 0 4
password cisco
login
transport input all
line vty 5 15
password cisco
login
!
scheduler allocate 20000 1000
end
Is there any solution or a way to accomplish this?
Any help would be greatly appreciated.
07-07-2023 03:22 AM
interface GigabitEthernet0/0
bandwidth 100
ip vrf forwarding blue
ip address 192.168.1.12 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0.1
ip vrf forwarding red
!
interface GigabitEthernet0/0.2
ip vrf forwarding blue
!
interface GigabitEthernet0/0.3
vrf forwarding yellow
!
interface GigabitEthernet0/0.4
vrf forwarding green
You config main interface in vrf blue and assign IP then you need to config subinterface in different vrf
That not work I think
Use
Interface x/x
Interface x/x.1
Ip vrf forwarding red
Interface x/x.2
Ip vrf forwarding blue
07-07-2023 03:55 AM
I have created two additional VRFs, Cyan (instead of Blue) and Scarlett (instead of Red). I am using a 4-pair RJ45 Ethernet cable to connect the two physical interfaces, but I am currently facing difficulties in understanding how OSPF will function in this setup.
07-07-2023 11:35 PM
IOU1#show run
IOU1#show running-config
Building configuration...
Current configuration : 2468 bytes
!
! Last configuration change at 06:31:52 UTC Sat Jul 8 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IOU1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!
!
ip vrf CE1
rd 1:100
route-target export 1:1
route-target import 1:1
!
ip vrf CE2
rd 1:200
route-target export 1:1
route-target import 1:1
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.1
encapsulation dot1Q 10
ip vrf forwarding CE1
ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/0.2
encapsulation dot1Q 20
ip vrf forwarding CE2
ip address 20.0.0.1 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 100
bgp log-neighbor-changes
!
address-family ipv4 vrf CE1
redistribute connected
exit-address-family
!
address-family ipv4 vrf CE2
redistribute connected
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
!
end
07-07-2023 11:36 PM
for subinterface check the lab I share 
for OSPF just share your topology I will help you in this case 
MHM
07-07-2023 08:20 AM - edited 07-07-2023 08:22 AM
Hello @Cisco Enthusiast ,
in addition to what has been already noted you should configure an IP address under each subinterface in different VLANs.
And what is more important you need to provide an encapsulation dot1q command under each subinterface to make the router understand what frames are to be processed by a specific subinterface
int gi0/1
no ip address
desc main interface
int gi0/1.10
encapsulation dot1q 10
ip vrf forwarding blue
ip address 192.168.1.13 255.255.255.0
int gi0/1.20
encapsulation dot1q 20
ip vrf forwarding red
ip address 192.168.2.13 255.255.255.0
if you are connecting with a cable two ports of the same router you need to use the same enc dot1q settings vlan id 10 or vlan id 20 , two different VRFs and to use two IP addresses in the same IP subnet but associated to different VRFs
in this way you can pretend to be interconnecting different devices
You will need also to add
capability vrf-lite
under each router ospf process in order to be able to accept LSAs coming from the other neighbor.
The DN down bit is set in LSA generated within a VRF associated OSPF process for prefixes coming from MP BGP.
The command capability vrf-lite disables the check on the DN bit on received LSAs.
Hope to help
Giuseppe
07-10-2023 01:38 AM
I think my question has been a bit misunderstood, as all the replies have been about only two VRFs. I would like to share the picture below to clarify the situation.
If we assume that each router represents a VRF, and all these VRFs are within a single physical router, how can I configure OSPF in this case?
I couldn't find a representation of my topology, so I used Cisco Packet Tracer to make it a bit clearer.
07-10-2023 02:41 AM
this lab for you friend and for all later see this post, 
IOU1 have three VRF and each one config with specific OSPF process, then we use BGP to leak routes between these OSPF aware 
IOU2(OSPF100)
IOU3(OSPF110)
IOU4(OPSF120)
these three routes advertise it LO via OSPF to IOU1 and receives LO of other routers.
IOU1# show run
IOU1# show running-config
Building configuration...
Current configuration : 2882 bytes
!
! Last configuration change at 09:35:17 UTC Mon Jul 10 2023
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IOU1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!
!
ip vrf CE1
rd 1:100
route-target export 1:100
route-target import 2:100
route-target import 3:100
!
ip vrf CE2
rd 2:100
route-target export 2:100
route-target import 1:100
route-target import 3:100
!
ip vrf CE3
rd 3:100
route-target export 3:100
route-target import 1:100
route-target import 2:100
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip vrf forwarding CE1
ip address 100.0.0.1 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding CE2
ip address 110.0.0.1 255.255.255.0
!
interface Ethernet0/2
ip vrf forwarding CE3
ip address 120.0.0.1 255.255.255.0
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 100 vrf CE1
redistribute bgp 100 subnets
network 100.0.0.0 0.0.0.255 area 0
!
router ospf 110 vrf CE2
redistribute bgp 100 subnets
network 110.0.0.0 0.0.0.255 area 0
!
router ospf 120 vrf CE3
redistribute bgp 100 subnets
network 120.0.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
!
address-family ipv4 vrf CE1
redistribute ospf 100
exit-address-family
!
address-family ipv4 vrf CE2
redistribute ospf 110
exit-address-family
!
address-family ipv4 vrf CE3
redistribute ospf 120
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
!
end
IOU1#
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide