Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
1
Helpful
3
Replies

VRF route leaking with static routes fails

cosmingrosu
Level 1
Level 1

‎03-10-2024 11:49 AM

I have the following topology in EVE-NG:

cosmingrosu_1-1710094292254.png

My goal is to allow Customer 2 clients (VPC4 and VPC5) to connect to Customer 1's FTP server.

ISP router has the following configuration:

ISP#show run
Building configuration...

Current configuration : 3520 bytes
!
! Last configuration change at 18:09:41 UTC Sun Mar 10 2024
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
vrf definition Customer1
!
address-family ipv4
exit-address-family
!
vrf definition Customer2
!
address-family ipv4
exit-address-family
!
vrf definition Customer3
!
address-family ipv4
exit-address-family
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
! 
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
! 
!
!
!
!
! 
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Customer1
ip address 192.168.1.1 255.255.255.0
duplex full
speed auto
media-type rj45
!
interface GigabitEthernet0/1
vrf forwarding Customer2
ip address 172.16.1.1 255.255.255.0
duplex full
speed auto
media-type rj45
!
interface GigabitEthernet0/2
vrf forwarding Customer3
ip address 10.1.1.1 255.255.255.0
duplex full
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex full
speed auto
media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 172.16.1.0 255.255.255.0 GigabitEthernet0/1
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0
ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global
ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global
!
ipv6 ioam timestamp
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end

ISP#

Routing tables:
Global:

ISP#show ip route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
S 172.16.1.0 is directly connected, GigabitEthernet0/1
S 192.168.1.0/24 is directly connected, GigabitEthernet0/0
ISP#

Customer1:

ISP#show ip route vrf Customer1

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
S 172.16.1.0 [1/0] via 172.16.1.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0
ISP#

Customer2:

ISP# show ip route vrf Customer2

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/1
L 172.16.1.1/32 is directly connected, GigabitEthernet0/1
192.168.1.0/32 is subnetted, 1 subnets
S 192.168.1.200 [1/0] via 192.168.1.1
ISP#

From ISP router I can ping every client using ping vrf <vrf_name> <client_ip_address> (ping vrf Customer1 192.168.1.200
), but when I try to ping from VPC4 (172.16.1.199) to the FTP (192.168.1.200) server, the ping fails.

Could you tell me what am I doing wrong?

 

0 Helpful
3 Replies 3

David Ruess
VIP
VIP

‎03-10-2024 05:20 PM

Hello,

 

2 issues I can possibly see are you dont have INSIDE?OUTSIDE interfaces defined on your ISP router. Secondly your static routes are pointing to the global table but Customer 1 is on the Customer 1 VRF.

 

-David

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee

‎03-10-2024 05:27 PM

Hi @cosmingrosu ,

Try with the following static routes instead:

no ip route 172.16.1.0 255.255.255.0 GigabitEthernet0/1

no ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0

no ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global

no ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global

ip route vrf Customer1 172.16.1.199 255.255.255.255 GigabitEthernet0/1 172.16.1.199

ip route vrf Customer1 172.16.1.200 255.255.255.255 GigabitEthernet0/1 172.16.1.200

ip route vrf Customer2 192.168.1.200 255.255.255.255 GigabitEthernet0/0 192.168.1.200

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

paul driver
VIP
VIP

‎03-11-2024 03:32 PM

Hello
You just need to advertise statically each vrf host/subnet into the other vrf route table has shown by @Harold Ritter  


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card