4948E DNS resolution not working using mgmtVrf

Mister Cartwright · ‎01-31-2013

Using a 4948E switch with FastEthernet1 as the management interface which uses the VRF mgmtVrf. I cannot get DNS resolution to work for some reason.

I am using code enterprise 15.1-2.SG and here are the relevant config snippets:

ip domain-lookup source-interface FastEthernet1

ip domain-name domain.com

ip name-server 4.2.2.1

ip name-server 4.2.2.2

!

interface FastEthernet1

vrf forwarding mgmtVrf

ip address 192.168.20.10 255.255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

speed auto

duplex auto

!

ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 192.168.20.1

If I try to ping using a host name it fails, even if I specify to use the VRF.

SWITCH#ping vrf mgmtVrf google.com

Translating "google.com"...domain server (4.2.2.1) (4.2.2.2)

% Unrecognized host or address, or protocol not running.

I read online there are some commands in a different code that support specifying the VRF along with the name servers, but I don't have those options. All I can do is set the source-interface on the domain-lookup command.

viawest.net · ‎02-26-2013

Any luck on finding a solution? I'm having the exact same issue on my WS-C4948E switches.

Mister Cartwright · ‎02-27-2013

I had to open a case with TAC and they told me that the lastest code on the 4948E does not support VRF-aware DNS, and there is no work-around. I ended up having to not use the management interface Fa1 for management, and instead go back to using a VLAN interface riding over the production trunks, since you cannot un-attach Fa1 from the VRF.

viawest.net · ‎02-27-2013

Its also possible that scp is not vrf-aware on the 4948. I could not get a "copy scp: bootflash:" to work even when using an IP address for the scp host. Strage that it doesn't work since I do have "ip ssh source-interface FastEthernet1" set in the config. Had to resort to using tftp which is SLOW when trying to copy an image over a WAN link.