08-07-2008 02:13 PM - edited 03-03-2019 11:04 PM
On a Cisco 1841 I have two LAN subnets connected to the router using the two FE ports. I have my serial interface using a T1 with 2 PVCs. My challenge is that I want subnet #1 to route out PVC #1 and subnet #2 to route out PVC #2. I have my route map set up and applied to the FE interfaces as follows:
!
interface FastEthernet0/0
description *** Subnet #1 ***
ip address 10.10.24.1 255.255.255.0
ip route-cache flow
ip policy route-map route_subnet1
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Subnet #2 ***
ip address 10.10.5.1 255.255.255.0
ip route-cache flow
ip policy route-map route_subnet2
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
no fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
ip address 10.100.50.98 255.255.255.252
frame-relay interface-dlci 124 IETF
!
interface Serial0/0/0.2 point-to-point
ip address 10.100.54.58 255.255.255.252
frame-relay interface-dlci 100 IETF
!
ip route 0.0.0.0 0.0.0.0 10.100.54.57
!
!
access-list 1 permit 10.10.24.0 0.0.0.255
access-list 2 permit 10.10.5.0 0.0.0.255
!
route-map route_subnet2 permit 10
match ip address 2
set ip next-hop 10.100.54.57
!
route-map route_subnet1 permit 10
match ip address 1
set ip next-hop 10.100.50.97
!
!
We are using static routing and if I leave the default route in place, all traffic is routed according to it. If I remove the default route, the traffic doesn't route out. I thought that the 'set ip next-hop' command was supposed to take precedence over the routing table? How do I set a default route for my 2 subnets so that they use the PVC they are assigned to? What am I missing?
Thanks
Solved! Go to Solution.
08-10-2008 03:22 PM
You can create a Local VRF in your router to separate the routing tables.
example:
!
ip vrf SUBNET1
rd 1:1
!
interface FastEthernet0/0
description *** Subnet #1 ***
ip address 10.10.24.1 255.255.255.0
ip route-cache flow
ip vrf forwarding SUBNET1
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Subnet #2 ***
ip address 10.10.5.1 255.255.255.0
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
no fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
ip address 10.100.50.98 255.255.255.252
ip vrf forwarding SUBNET1
frame-relay interface-dlci 124 IETF
!
interface Serial0/0/0.2 point-to-point
ip address 10.100.54.58 255.255.255.252
frame-relay interface-dlci 100 IETF
!
ip route 0.0.0.0 0.0.0.0 10.100.54.57
ip route vrf SUBNET1 0.0.0.0 0.0.0.0 10.100.50.97
!
!
if you want can create 2 vrf.. this example
1 network on vrf , 1 network in the backplane.
Commands examples:
ping vrf SUBNET1 x.x.x.x
sh ip route vrf SUBNET1
telnet x.x.x.x /vrf SUBNET1
--
Raul
Regards.
(rate if useful)
08-10-2008 03:22 PM
You can create a Local VRF in your router to separate the routing tables.
example:
!
ip vrf SUBNET1
rd 1:1
!
interface FastEthernet0/0
description *** Subnet #1 ***
ip address 10.10.24.1 255.255.255.0
ip route-cache flow
ip vrf forwarding SUBNET1
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Subnet #2 ***
ip address 10.10.5.1 255.255.255.0
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
no fair-queue
service-module t1 timeslots 1-24
frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
ip address 10.100.50.98 255.255.255.252
ip vrf forwarding SUBNET1
frame-relay interface-dlci 124 IETF
!
interface Serial0/0/0.2 point-to-point
ip address 10.100.54.58 255.255.255.252
frame-relay interface-dlci 100 IETF
!
ip route 0.0.0.0 0.0.0.0 10.100.54.57
ip route vrf SUBNET1 0.0.0.0 0.0.0.0 10.100.50.97
!
!
if you want can create 2 vrf.. this example
1 network on vrf , 1 network in the backplane.
Commands examples:
ping vrf SUBNET1 x.x.x.x
sh ip route vrf SUBNET1
telnet x.x.x.x /vrf SUBNET1
--
Raul
Regards.
(rate if useful)
08-10-2008 04:59 PM
i a gree with RAUL idea 100%
but before u go to VRFs config
just try to add the following command to ur posted config
ip route 0.0.0.0 0.0.0.0 interface serial0/0/0.1
ip route 0.0.0.0 0.0.0.0 serial0/0/0.2
and in ur route-map replace the line next-hop
with the folowing line
set ip default next-hop [here put the remote router ip address]
and good luck
08-11-2008 01:20 PM
I didn't try the suggestion of adding 2 default routes:
ip route 0.0.0.0 0.0.0.0 interface serial0/0/0.1
ip route 0.0.0.0 0.0.0.0 serial0/0/0.2
I was concerned that I wouldn't be able to get back in the router remotely. I also don't see how this would work. I am not sure how the router would know which default route to send the traffic out since there isn't an identifier. If you could explain that would be appreciated.
Thanks.
08-11-2008 01:12 PM
Thanks. I think I am headed in the right direction now. I thought that PBR was the correct way to direct my traffic but vrf seems even easier to configure.
I followed your instructions. I had to enable cef first. When I did get the ip vrf commands on the interfaces though, it deleted their ip addresses. I logged back though and added the addresses again and everything was good. A couple of weird things now though... I am trying a traceroute with my source as 10.10.24.1 and the following error is output:
% Invalid source address- IP address not on any of our up interfaces
A show int clearly shows that the interface is up.
router#show int fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet address is 10.10.24.1/24
I can ping addresses on the 10.10.24 subnet and traffic is passing. If I tracert from an XP machine on the subnet it shows that the traffic is going out the correct PVC.
If I traceroute with the source interface of FastEthernet 0/0 though, the traceroute functions and doesn't return an error but the traffic still goes out the default route address and not the new vrf default route.
Why would the traffic take different default paths? If I specified the source as FE0/0 (10.10.24.1) it goes out the wrong PVC but all client machines on that subnet go out the correct PVC?
One other weird thing. If I show arp on the router, I only see clients connected to the 10.10.5.0 subnet and nothing on the 10.10.24.0 subnet. I don't even see the 10.10.24.1 arp entry.
This all might be normal behavior in this configuration but I thought I would double check.
Thanks for your help.
08-10-2008 06:59 PM
i think the main probel is with your routing the static one
u have only one default route so the packet will use it
u need to make two defualt routes as i meantion or the best way is to make two static routes each one for each remote site(not default)
lets say ur remite site 1 LAN address is 192.168.1.0/24
and your remote site two LAN
192.168.2.0/24
first remove th default routye
no ip route 0.0.0.0 0.0.0.0 10.100.54.57
then
ip route 192.168.1.0 255.255.255.0 interface serial0/0/0.1
ip route 192.168.2.0 255.255.255.0 interface serial0/0/0.2
in this way the route will be more accurat and ur route-map should work fine
good luck
and if worked let me know
08-11-2008 01:42 PM
Ryan
I do not agree with Marwan and his suggestion that you need a second static default route. Your implementation should work perfectly fine with a single default route.
The symptoms that you are describing reflect the fact that the VRF works on traffic passing through the router but that ping and traceroute which are originated by the router itself are not affected by this. I would suggest that to get your ping and traceroute to also work you try local policy based routing:
ip local policy
and I believe that your route_subnet1 would probably be ok here.
HTH
Rick
08-11-2008 01:57 PM
Thanks for the input. I questioned that suggestion but I appreciate all the help that I can get.
I basically did away with the PBR since I was having some issues with it not routing anything. I implemented the VRF and that seems to be working with the exception of not being able to see any addresses in the ARP table coming from the interface with VRF specified.
The routing of the traffic going through the router as opposed to originating from the router makes sense. Would that be the same thing with the VRF instead of the PBR?
Thanks!
08-11-2008 02:18 PM
Ryan
I wrote my response initially in terms of PBR. After posting and rereading the thread I realized that you had stopped PBR and gone to VRF so I re-wrote my response to fit what I thought was the case with VRF and I think that the same basic issue exists with VRF about traffic initiated by the router itself. I think my suggestion would work ok. But also take a close look in the reponse by Raul and note the ability to reference the VRF in various commands:
ping vrf SUBNET1 x.x.x.x
sh ip route vrf SUBNET1
telnet x.x.x.x /vrf SUBNET1
HTH
Rick
08-11-2008 04:26 PM
hi guys
let me clearfy my idea
first about the VRFs i said it is good soulsion
but not the best here because VRFs used in more comlicated routed networkes and especially when there are overlaped IP address
and ur case simple
hub and spoke topology with two remote sites
and about the other static route that sugessted to be added because
u have only ine default static route
so if the packet want to go t the other remote site and u dont have a route for that site
the default route will be considered and will not go to the right site
so before u need to make polcy and route map
u need to make sure u have full connectivity
and u can go from evry site to evry site
then
u go to the route maps and make policies
i hop i was more clear here
and good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide