no communication between endpoints in cross vrf

ra4ul · ‎03-03-2023

Hi

I have setup a lab as mentioned in following diagram. In following diagram i am trying to ping from user-4 to vpc machine. But ping between these two machines are not happening. The topology is not complete yet as i am stuck at this point and would appreciate if someone can help in finding out where exactly i am making a mistake. I have attached the config as well in case if you want to have look on it.

Here's is a route print output of core001,core002 & firewall (Icon is just for representation it's a cisco box)

Endpoints ip addresses are:

1.user4:-60.60.60.4 & 2.vpcs:- 100.100.100.2

core001#show ip route vrf local_lan

Routing Table: local_lan
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/28 is directly connected, Vlan440
L 10.10.10.1/32 is directly connected, Vlan440
60.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 60.60.60.0/24 is directly connected, Vlan100
L 60.60.60.1/32 is directly connected, Vlan100
100.0.0.0/24 is subnetted, 1 subnets
O E2 100.100.100.0 [110/20] via 172.16.10.3, 00:12:47, Vlan411
172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.16.10.0/29 is directly connected, Vlan411
L 172.16.10.1/32 is directly connected, Vlan411
C 172.16.20.0/30 is directly connected, Vlan300
L 172.16.20.1/32 is directly connected, Vlan300

============================================

core002#show ip route vrf local_lan

Routing Table: local_lan
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/28 is directly connected, Vlan440
L 10.10.10.2/32 is directly connected, Vlan440
60.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 60.60.60.0/24 is directly connected, Vlan100
L 60.60.60.2/32 is directly connected, Vlan100
100.0.0.0/24 is subnetted, 1 subnets
O E2 100.100.100.0 [110/20] via 172.16.10.3, 00:14:07, Vlan411
172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.16.10.0/29 is directly connected, Vlan411
L 172.16.10.2/32 is directly connected, Vlan411
C 172.16.20.0/30 is directly connected, Vlan300
L 172.16.20.2/32 is directly connected, Vlan300

=========================================

firewall-1#show ip route vrf inter-vrf

Routing Table: inter-vrf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/28 is subnetted, 1 subnets
O E1 10.10.10.0 [110/21] via 172.16.10.2, 00:16:24, Vlan411
[110/21] via 172.16.10.1, 00:17:03, Vlan411
60.0.0.0/24 is subnetted, 1 subnets
O E1 60.60.60.0 [110/21] via 172.16.10.2, 00:16:24, Vlan411
[110/21] via 172.16.10.1, 00:17:03, Vlan411
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.100.100.0/24 is directly connected, Vlan201
L 100.100.100.1/32 is directly connected, Vlan201
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.10.0/29 is directly connected, Vlan411
L 172.16.10.3/32 is directly connected, Vlan411

Harold Ritter · ‎03-03-2023

Hi @ra4ul ,

The issue is probably that the vlan100 interface on user-4, core001 and core002 use the same MAC address. Can you check the output for "show int vlan100" from these 3 devices? If they are the same, you can change them to be different, using the "mac-address" command under the interface vlan100.

Also, you have two default routes on user-4. One to core001 primary address and the other to the HSRP virtual IP address. You should only keep the one to the HSRP virtual IP address only.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

ra4ul · ‎03-23-2023

Hi Harold,

I did as advised but still no luck

Mac addresses reflecting for vlan 100 on core001,core002 and user4

core01 vlan 100 mac aabb.cc80.0100
core02 vlan 100 mac aabb.cc80.0200
user4 vlan 100 mac aabb.cc80.0600

Adjusted user-4 for default route.

user-4#show run | i route
ip route 0.0.0.0 0.0.0.0 60.60.60.3

user-4#show ip route

Gateway of last resort is 60.60.60.3 to network 0.0.0.0

Trace to destination 100.100.100.0 stuck at core001

ra4ul · ‎03-14-2023