02-08-2017 08:57 PM - edited 03-08-2019 09:15 AM
Hi.
We have configured a temporary solution to connect to our switches.
Clients on the 192.168.100.x network can ping clients on all the networks but not on the 172.17.1.x.
When doing a ping on the switch with source an 192 address it doesn't work either.
When I do a traceroute it keeps looping on the vlan interface of the core switch.
What is wrong here??
Switch relative config:
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf list mgmtVrf
!
!
ip vrf BMCS-VRF
rd 302:1
route-target export 302:1
route-target import 305:1
!
ip vrf EMGCY-VRF
rd 307:1
!
ip vrf FIRE-VRF
rd 305:1
route-target export 305:1
route-target import 302:1
!
ip vrf LIGHT-VRF
rd 304:1
!
ip vrf MGMT-VRF
rd 301:1
!
ip vrf PASYS-VRF
rd 306:1
!
ip vrf PWRMGMT-VRF
rd 303:1
!
!
!
vtp domain linktonowhere
vtp mode transparent
!
!
!
p
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
!
vlan 100
!
vlan 301
name V301_ESN_MGMT
!
!
interface Loopback0
ip vrf forwarding MGMT-VRF
no ip address
!
switchport mode trunk
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
!
interface GigabitEthernet1/2/47
description "Temporary"
switchport access vlan 100
switchport mode access
!
!
interface Vlan1
no ip address
!
interface Vlan100
description "Temporary
ip vrf forwarding BMCS-VRF
ip address 192.168.100.211 255.255.255.0
!
interface Vlan301
description MGMT-VRF
ip address 172.17.1.1 255.255.255.0
!
interface Vlan302
ip vrf forwarding BMCS-VRF
ip address 172.17.2.1 255.255.255.0
!
interface Vlan303
ip vrf forwarding BMCS-VRF
ip address 172.17.3.1 255.255.255.0
!
interface Vlan304
ip vrf forwarding BMCS-VRF
ip address 172.17.4.1 255.255.255.0
!
interface Vlan305
no ip address
!
interface Vlan320
ip vrf forwarding FIRE-VRF
ip address 172.17.20.1 255.255.255.0
!
interface Vlan321
ip vrf forwarding FIRE-VRF
ip address 172.17.21.1 255.255.255.0
!
interface Vlan322
ip vrf forwarding FIRE-VRF
ip address 172.17.22.1 255.255.255.0
!
interface Vlan323
ip vrf forwarding FIRE-VRF
ip address 172.17.23.1 255.255.255.0
!
interface Vlan324
ip vrf forwarding FIRE-VRF
ip address 172.17.24.1 255.255.255.0
!
interface Vlan325
ip vrf forwarding FIRE-VRF
ip address 172.17.25.1 255.255.255.0
!
router bgp 1
bgp log-neighbor-changes
!
address-family ipv4 vrf BMCS-VRF
redistribute connected
redistribute static
exit-address-family
!
address-family ipv4 vrf FIRE-VRF
redistribute connected
redistribute static
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 192.168.100.0 255.255.255.0 Vlan100
ip route vrf BMCS-VRF 0.0.0.0 0.0.0.0 192.168.100.1
02-08-2017 10:04 PM
They are in different VRFs. If you want them to talk place them in the same VRF.
02-12-2017 09:23 PM
Hi all.
I put the in the same VRF but once I do that, then switch cannot ping the 172.17.1.x range which is the management VLAN (MGMT-VRF).
Can someone advise of any command that will allow access from any vrf to any vrf?
Thank you
02-12-2017 09:24 PM
The whole point of VRFs is to prevent that kind of communication. If that is what you really want, then remove all the VRFs.
02-12-2017 09:27 PM
We need this for temporary access from remote location until all networks are setup. Once networks are up it will be removed. VRF's will need to remain as it's part of the design configuration.
02-08-2017 10:42 PM
You configure VRF MGMT-VRF as follows:
ip vrf MGMT-VRF
rd 301:1
interface Vlan301
description MGMT-VRF
ip address 172.17.1.1 255.255.255.0
VRF BMCS-VRF:
ip vrf BMCS-VRF
rd 302:1
route-target export 302:1
route-target import 305:1
interface Vlan100
description "Temporary
ip vrf forwarding BMCS-VRF
ip address 192.168.100.211 255.255.255.0
They belong to different VRFs. It must not work. But why can you reach all other 172.17.x.y/24 networks from VRF FIRE-VRF except 172.17.1.y? Because of the configuration of VRF FIRE-VRF where you're using the same route-targets as for VRF BMCS-VRF:
ip vrf FIRE-VRF
rd 305:1
route-target export 305:1
route-target import 302:1
Why don't you put these SVIs to the same VRF?
02-08-2017 11:24 PM
Change them to same vrf or do the route-leaking between VRFs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide