cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

411
Views
0
Helpful
0
Replies
Highlighted

VASI, VRF, NAT, and Routing

Ok, I am looking for an easier way to do this.  This is a little above my CCNA level.

I have an ISR-4331 running IOS-XE 16.6.4 IPBase with an SM-X-ES3-16-P EtherSwitch module running IOS 15.2(3)E1 LANbase.  My goal:  connect/route about 8+ systems that use identical IP addresses (let's say each system has 10.1.1.2/30 - router has .1/30) plugged into the EtherSwitch.  I currently have this working with the first 4 ports (all have 10.1.1.1/30 at the interface - see show ip int br below) and they can ping one another fine, but I have to use 6 VASI interfaces and static routing to make it happen.  On the EthSw, ports Gig 0/1-15 are in their own VLAN (101-115); 0/16 is trunked to the Router Gig 0/0/1 interface because the Ethernet-Internal will not allow service instances for VLANs (probably needs upgrade on software for that). Anyway... 

1. Is there an easier way to automate route table build with OSPF or another protocol with the vasi interfaces and NAT?

2. Is there a way to minimize the number of vasi interfaces?  If you look at the config, I have a separate vasi pair for each connection, 1-2, 1-3, 1-4, 2-3, 2-4, 3-4, with 12 separate static routes... Just seems like a waste.

Thanks in advance!

Dan

 

show run:

version 16.6
....snip
!
ip vrf PORT1
description VLAN101/GiB0/1
rd 1:1
!
ip vrf PORT10
description GiB0/10
rd 1:10
!
ip vrf PORT11
description GiB0/11
rd 1:11
!
ip vrf PORT12
description GiB0/12
rd 1:12
!
ip vrf PORT13
description GiB0/13
rd 1:13
!
ip vrf PORT14
description GiB0/14
rd 1:14
!
ip vrf PORT15
description GiB0/15
rd 1:15
!
ip vrf PORT2
description GiB0/2
rd 1:2
!
ip vrf PORT3
description GiB0/3
rd 1:3
!
ip vrf PORT4
description GiB0/4
rd 1:4
!
ip vrf PORT5
description GiB0/5
rd 1:5
!
ip vrf PORT6
description GiB0/6
rd 1:6
!
ip vrf PORT7
description GiB0/7
rd 1:7
!
ip vrf PORT8
description GiB0/8
rd 1:8
!
ip vrf PORT9
description GiB0/9
rd 1:9
!
no ip domain lookup
!
ethernet-internal subslot 1/0
platform switchport svi
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
no ip address
speed 1000
no negotiation auto
!
interface GigabitEthernet0/0/1
description INTERFACE_FOR_EtherSwitch
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.101
encapsulation dot1Q 101
ip vrf forwarding PORT1
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/1.102
encapsulation dot1Q 102
ip vrf forwarding PORT2
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/1.103
encapsulation dot1Q 103
ip vrf forwarding PORT3
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/1.104
encapsulation dot1Q 104
ip vrf forwarding PORT4
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0/1.105
encapsulation dot1Q 105
ip vrf forwarding PORT5
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.106
encapsulation dot1Q 106
ip vrf forwarding PORT6
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.107
encapsulation dot1Q 107
ip vrf forwarding PORT7
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.108
encapsulation dot1Q 108
ip vrf forwarding PORT8
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.109
encapsulation dot1Q 109
ip vrf forwarding PORT9
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.110
encapsulation dot1Q 110
ip vrf forwarding PORT10
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.111
encapsulation dot1Q 111
ip vrf forwarding PORT11
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.112
encapsulation dot1Q 112
ip vrf forwarding PORT12
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.113
encapsulation dot1Q 113
ip vrf forwarding PORT13
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.114
encapsulation dot1Q 114
ip vrf forwarding PORT14
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.115
encapsulation dot1Q 115
ip vrf forwarding PORT15
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface Ethernet-Internal1/0/0
!
interface Ethernet-Internal1/0/1
no negotiation auto
switchport mode trunk
!
interface Vlan1
no ip address
!
interface vasileft1
ip vrf forwarding PORT1
ip address 172.16.1.1 255.255.255.252
ip nat outside
!
interface vasileft2
ip vrf forwarding PORT1
ip address 172.16.1.5 255.255.255.252
ip nat outside
!
interface vasileft3
ip vrf forwarding PORT1
ip address 172.16.1.9 255.255.255.252
ip nat outside
!
interface vasileft4
ip vrf forwarding PORT2
ip address 172.16.1.13 255.255.255.252
ip nat outside
no keepalive
!
interface vasileft5
ip vrf forwarding PORT2
ip address 172.16.1.17 255.255.255.252
ip nat outside
no keepalive
!
interface vasileft6
ip vrf forwarding PORT3
ip address 172.16.1.21 255.255.255.252
ip nat outside
no keepalive
!
interface vasiright1
ip vrf forwarding PORT2
ip address 172.16.1.2 255.255.255.252
ip nat outside
!
interface vasiright2
ip vrf forwarding PORT3
ip address 172.16.1.6 255.255.255.252
ip nat outside
!
interface vasiright3
ip vrf forwarding PORT4
ip address 172.16.1.10 255.255.255.252
ip nat outside
no keepalive
!
interface vasiright4
ip vrf forwarding PORT3
ip address 172.16.1.14 255.255.255.252
ip nat outside
no keepalive
!
interface vasiright5
ip vrf forwarding PORT4
ip address 172.16.1.18 255.255.255.252
ip nat outside
no keepalive
!
interface vasiright6
ip vrf forwarding PORT4
ip address 172.16.1.22 255.255.255.252
ip nat outside
no keepalive
!
ip nat inside source static 10.1.1.1 192.168.1.1 vrf PORT1
ip nat inside source static 10.1.1.1 192.168.1.2 vrf PORT2
ip nat inside source static 10.1.1.1 192.168.1.3 vrf PORT3
ip nat inside source static 10.1.1.1 192.168.1.4 vrf PORT4
ip nat outside source static 192.168.1.1 10.1.1.1 vrf PORT1
ip nat outside source static 192.168.1.2 10.1.1.1 vrf PORT2
ip nat outside source static 192.168.1.3 10.1.1.1 vrf PORT3
ip nat outside source static 192.168.1.4 10.1.1.1 vrf PORT4
ip forward-protocol nd
!
ip route vrf PORT1 192.168.1.2 255.255.255.255 172.16.1.2
ip route vrf PORT1 192.168.1.3 255.255.255.255 172.16.1.6
ip route vrf PORT1 192.168.1.4 255.255.255.255 172.16.1.10
ip route vrf PORT2 192.168.1.1 255.255.255.255 172.16.1.1
ip route vrf PORT2 192.168.1.3 255.255.255.255 172.16.1.14
ip route vrf PORT2 192.168.1.4 255.255.255.255 172.16.1.18
ip route vrf PORT3 192.168.1.1 255.255.255.255 172.16.1.5
ip route vrf PORT3 192.168.1.2 255.255.255.255 172.16.1.13
ip route vrf PORT3 192.168.1.4 255.255.255.255 172.16.1.22
ip route vrf PORT4 192.168.1.1 255.255.255.255 172.16.1.9
ip route vrf PORT4 192.168.1.2 255.255.255.255 172.16.1.17
ip route vrf PORT4 192.168.1.3 255.255.255.255 172.16.1.21

 

 

 

show ip int br:

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 unassigned YES unset down down
GigabitEthernet0/0/1 unassigned YES NVRAM up up
Gi0/0/1.101 10.1.1.1 YES manual up up
Gi0/0/1.102 10.1.1.1 YES NVRAM up up
Gi0/0/1.103 10.1.1.1 YES NVRAM up up
Gi0/0/1.104 10.1.1.1 YES NVRAM up up
Gi0/0/1.105 10.1.1.1 YES NVRAM up up
Gi0/0/1.106 10.1.1.1 YES NVRAM up up
Gi0/0/1.107 10.1.1.1 YES NVRAM up up
Gi0/0/1.108 10.1.1.1 YES NVRAM up up
Gi0/0/1.109 10.1.1.1 YES NVRAM up up
Gi0/0/1.110 10.1.1.1 YES NVRAM up up
Gi0/0/1.111 10.1.1.1 YES NVRAM up up
Gi0/0/1.112 10.1.1.1 YES NVRAM up up
Gi0/0/1.113 10.1.1.1 YES NVRAM up up
Gi0/0/1.114 10.1.1.1 YES NVRAM up up
Gi0/0/1.115 10.1.1.1 YES NVRAM up up
GigabitEthernet0/0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/1/0 unassigned YES unset administratively down down
GigabitEthernet0/1/1 unassigned YES unset administratively down down
Ethernet-Internal1/0/0 unassigned YES unset up up
Ethernet-Internal1/0/1 unassigned YES unset up up
GigabitEthernet0 unassigned YES NVRAM administratively down down
Vlan1 unassigned YES unset up up
vasileft1 172.16.1.1 YES manual up up
vasileft2 172.16.1.5 YES manual up up
vasileft3 172.16.1.9 YES manual up up
vasileft4 172.16.1.13 YES manual up up
vasileft5 172.16.1.17 YES manual up up
vasileft6 172.16.1.21 YES manual up up
vasiright1 172.16.1.2 YES manual up up
vasiright2 172.16.1.6 YES manual up up
vasiright3 172.16.1.10 YES manual up up
vasiright4 172.16.1.14 YES manual up up
vasiright5 172.16.1.18 YES manual up up
vasiright6 172.16.1.22 YES manual up up

Everyone's tags (3)