Solved: VRF

Mlex1 · ‎10-11-2022

Hi every one i make this topology i can ping from both ISP R1 and from R1 can ping every where, here my question from both PC i can ping only this ip address 172.16.0.0/24 and 172.16.1.0/24 i can't ping ISP ip add. this one my topology

config on ISP1

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
description TO-R1
ip address 10.10.10.1 255.255.255.0
duplex auto
!
interface Ethernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto

config from ISP2

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
description To-R1
ip address 11.11.11.1 255.255.255.0
duplex auto
!
interface Ethernet0/1
ip address 192.168.1.2 255.255.255.0
duplex auto

config switch

interface Ethernet0/0
switchport trunk allowed vlan 101,102
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/1
switchport trunk allowed vlan 203,204
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/2
switchport access vlan 203
switchport mode access
!
interface Ethernet0/3
switchport access vlan 204
switchport mode access
!
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
switchport access vlan 102
switchport mode access
!
interface Ethernet1/3
switchport access vlan 101
switchport mode access

config router

vrf definition ISP1 
 ! 
 address-family ipv4 
 exit-address-family 
vrf definition ISP2 
 ! 
 address-family ipv4 
 exit-address-family
!

track 1 ip sla 1 reachability

delay down 30

!

track 2 ip sla 2 reachability

delay down 30

!

track 3 list boolean or

object 1

object 2

!

interface Ethernet0/0
no ip address
no ip redirects
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
duplex auto
!
interface Ethernet0/0.101
description TO-ISP1
encapsulation dot1Q 101
vrf forwarding ISP1
ip address 10.10.10.2 255.255.255.0
no ip redirects
ip nat outside
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/0.102
description TO-ISP2
encapsulation dot1Q 102
vrf forwarding ISP2
ip address 11.11.11.2 255.255.255.0
no ip redirects
ip nat outside
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/1
no ip address
no ip redirects
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
duplex auto
!
interface Ethernet0/1.203
description USER
encapsulation dot1Q 203
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nat inside
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/1.204
description USER
encapsulation dot1Q 204
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip nat inside
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!

ip nat source route-map RM_NAT_ISP1 interface Ethernet0/0.101 overload
ip nat source route-map RM_NAT_ISP2 interface Ethernet0/0.102 overload
ip route 0.0.0.0 0.0.0.0 Ethernet0/0.101 10.10.10.1 50 name ISP1 track 1
ip route 0.0.0.0 0.0.0.0 Ethernet0/0.102 11.11.11.1 100 name ISP2 track 2
ip route vrf ISP1 0.0.0.0 0.0.0.0 10.10.10.1
ip route vrf ISP2 0.0.0.0 0.0.0.0 11.11.11.1
!
ip access-list extended NAT
permit ip 172.16.0.0 0.0.0.255 any
permit ip 172.16.1.0 0.0.0.255 any
!
ip sla 1
icmp-echo 1.1.1.1 source-interface Ethernet0/0.101
vrf ISP1
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 2.2.2.2 source-interface Ethernet0/0.102
vrf ISP2
frequency 10
ip sla schedule 2 life forever start-time now
ipv6 ioam timestamp
!
route-map RM_NAT_ISP2 permit 10
match ip address NAT
match interface Ethernet0/0.102
!
route-map RM_NAT_ISP1 permit 10
match ip address NAT
match interface Ethernet0/0.101

Wish all the best

Mlex1 · ‎10-11-2022

here i made mistake after this i able ping every where i delete my ip nat outside/inside and typed ip nat enable

``

interface Ethernet0/0.101
description TO-ISP1
encapsulation dot1Q 101
vrf forwarding ISP1
ip address 10.10.10.2 255.255.255.0
no ip redirects
ip nat outside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/0.102
description TO-ISP2
encapsulation dot1Q 102
vrf forwarding ISP2
ip address 11.11.11.2 255.255.255.0
no ip redirects
ip nat outside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/1
no ip address
no ip redirects
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
duplex auto
!
interface Ethernet0/1.203
description USER
encapsulation dot1Q 203
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nat inside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/1.204
description USER
encapsulation dot1Q 204
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip nat inside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments

``

Wish all the best

View solution in original post

MHM Cisco World · ‎10-11-2022

you config two VRF one for each ISP, and LAN is in GRT (global routing table)
so first you need static route between GRT and VRF
second I see track and I think also you config IP SLA so you also need IP SLA to be VRF aware.

Mlex1 · ‎10-11-2022

so first you need static route between GRT and VRF

you mean i should configure static route between ISP and R1?

Wish all the best

paul driver · ‎10-11-2022

Hello
The rtr needs to be able to route between VRF tables and the GRT of the lan subnets, try the following:
ip route vrf ISP1 172.16.0.0 255.255.255.0 eth0/1.23 global
ip route vrf ISP1 172.16.1.0 255.255.255.0 eth0/1.24 global
ip route vrf ISP2 172.16.0.0 255.255.255.0 eth0/1.23 global
ip route vrf ISP2 172.16.1.0 255.255.255.0 eth0/1.24 global

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Mlex1 · ‎10-11-2022

i try your option, here mistake

R1(config)#ip route vrf ISP1 172.16.0.0 255.255.255.0 ethernet0/1.203
% For VPN or topology routes, must specify a next hop IP address if not a point-to-p
oint interface
R1(config)#
R1(config)#ip route vrf ISP1 172.16.1.0 255.255.255.0 ethernet 0/1.204 ?
<1-255> Distance metric for this route
A.B.C.D Forwarding router's address
DHCP Default Gateway obtained from DHCP
multicast multicast route
name Specify name of the next hop
permanent permanent route
tag Set tag for this route
track Install route depending on tracked item
<cr>

R1(config)#ip route vrf ISP1 172.16.1.0 255.255.255.0 ethernet 0/1.204 global
^
% Invalid input detected at '^' marker.

R1(config)#

Wish all the best

paul driver · ‎10-11-2022

Hello
I had a feeling the rtr would complain about no nexthop so specify host as next hop it should then be accepted

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Mlex1 · ‎10-11-2022

appropriate for your support i found solution tomorrow i will share

Wish all the best

MHM Cisco World · ‎10-11-2022

I will check the config and send update

Mlex1 · ‎10-11-2022

Router doesn't accept this command

Wish all the best

Mlex1 · ‎10-11-2022

by the way i have like this route on R1

ip route vrf ISP1 0.0.0.0 0.0.0.0 10.10.10.1
ip route vrf ISP2 0.0.0.0 0.0.0.0 11.11.11.1

Wish all the best

Mlex1 · ‎10-11-2022

appropriate for your support i found solution tomorrow i will share answer

Wish all the best

MHM Cisco World · ‎10-11-2022

glad your issue is solved.
good luck friend.

Mlex1 · ‎10-11-2022

here i made mistake after this i able ping every where i delete my ip nat outside/inside and typed ip nat enable

``

interface Ethernet0/0.101
description TO-ISP1
encapsulation dot1Q 101
vrf forwarding ISP1
ip address 10.10.10.2 255.255.255.0
no ip redirects
ip nat outside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/0.102
description TO-ISP2
encapsulation dot1Q 102
vrf forwarding ISP2
ip address 11.11.11.2 255.255.255.0
no ip redirects
ip nat outside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/1
no ip address
no ip redirects
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
duplex auto
!
interface Ethernet0/1.203
description USER
encapsulation dot1Q 203
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip nat inside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments
!
interface Ethernet0/1.204
description USER
encapsulation dot1Q 204
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip nat inside [ip nat enable]
ip virtual-reassembly in drop-fragments
ip virtual-reassembly out drop-fragments

``

Wish all the best

paul driver · ‎10-12-2022

Hello

what you are using is NVI nat (domainless)

This is indeed is used for vrf nat - the nvi interface it creates is used for nat traffic as such no nat domains (inside:outside) or route leaking between vrf/grt is required
TBH i didn’t suggest this as the assumption was you were using PT simulation which i’m on the understanding it isnt supported - anyway thanks for sharing your solution.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Mlex1 · ‎10-12-2022

yes i also read about it on internet

Kind Regards
Parvin

Wish all the best