12-11-2012 06:49 AM - edited 03-07-2019 10:32 AM
hi!
I am trying to set up a vrf for guest networks and am having issues on one of the switches.
A quick overview (since I dont really know what i am doing )
we have two sites that are connected via lanex. each site has a 3750.
The only internet connectivity is the remote site (so all the users at the local site route out through the remote site to get to the internet)
I need to make a guest network at the local site using our current infrastructure but it cannot have any access to our network resources.
I have created a vlan here (vl166) and on the remote switch
ip vrf TRAINING
didnt do any route distribution
then added "ip vrf forwarding TRAINTING" and readded the ip to the vlan interface
gave it an ip address of 172.16.166.1
did the exact same thing on the remote switch but with interface address of .2
enabled ospf on both switches.... router ospf 3 vrf TRAINING
I cant ping from one interface to the other... when I try pinging from the remote switch I get :
CISCO3750MCI-1#ping vrf TRAINING 172.16.166.1
% VRF does not have a usable source address
CISCO3750MCI-1#show ip vrf interfaces TRAINING
Interface IP-Address VRF Protocol
Vl16 172.16.16.2 TRAINING down
I cant see why the interface is down. Nothing in the logs (even when I do no shut... it just accepts the command but doesnt come up)
Thoughts?
Thhanks
Drew
Solved! Go to Solution.
12-11-2012 09:01 AM
Hello Andrew,
check the list of permitted vlans on each end of the inter site link with
show interface type x/y trunk
or
show interface type x/y switchport
the new vlan may be missing on one side of the trunk, and if so this explains why the SVI is down.
Hope to help
Giuseppe
12-11-2012 07:02 AM
Hi,
Have you got any device connected to a access port in this VLAN or to a trunk port allowing this VLAN?
In the negative then its normal behaviour that the SVI is down.
Regards.
Alain
Don't forget to rate helpful posts.
12-11-2012 07:26 AM
Hi Alain,
If i do sho vl br I see...
VLAN Name Status Ports
---- -------------------------------- --------- --------------
1 default active Gi1/0/1, Gi1/012 Gi1/0/24,
116 TRAINING active
so I dont think it is being used. I had just created it yesterday afternoon.
12-11-2012 07:43 AM
Hi,
so there is no access ports in this vlan configured, create one and plug a host and your SVI will come up.
Regards.
Alain
Don't forget to rate helpful posts.
12-11-2012 08:14 AM
Thanks Alain but I dont think that is a possible solution. What would I plug into it? We are using the switches as routers in this case. There is nothing that needs to be in that vlan on the remote site. Any other ideas?
12-11-2012 08:31 AM
Hello Andrew,
as a minimum the Vlan 166 has to be permitted on the link between switches and the link between switches/sites has to become a L2 trunk carrying multiple Vlans including Vlan 166.
With VRF lite you need to build a complete end to end logical topology for the new VRF.
Each VRF needs one Vlan in each link and the way to multiplex Vlans is to use an L2 802.1Q trunk between multilayer switches.
Check the link between the two sites.
CAUTION: if a configuration change is needed you need to work carefully to avoid to isolate the two sites
Hope to help
Giuseppe
12-11-2012 08:56 AM
Thanks Giuseppe! I think we are ok for the link since there is already a functioning VRF between the two switches.
I am not quite sure why the vlan is down on one end but up on the other. I just tried recreating the vlan int and vrf ... didnt help lol
12-11-2012 09:01 AM
Hello Andrew,
check the list of permitted vlans on each end of the inter site link with
show interface type x/y trunk
or
show interface type x/y switchport
the new vlan may be missing on one side of the trunk, and if so this explains why the SVI is down.
Hope to help
Giuseppe
12-11-2012 10:24 AM
Thank Alain adn Giuseppe!!
Checked the trun port configs between the two switches and we were not allowing that vlan.
When you said check the list of permitted vlans a light went on in my head
That part works now .. now to get the rest going
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide