Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21502
Views
5
Helpful
8
Replies

Guest VRF issues

Go to solution
Andrew Cormier
Level 1
Level 1

‎12-11-2012 06:49 AM - edited ‎03-07-2019 10:32 AM

hi!

I am trying to set up a vrf for guest networks and am having issues on one of the switches.

A quick overview (since I dont really know what i am doing )

we have two sites that are connected via lanex. each site has a 3750.

The only internet connectivity is the remote site (so all the users at the local site route out through the remote site to get to the internet)

I need to make a guest network at the local site using our current infrastructure but it cannot have any access to our network resources.

I have created a vlan here (vl166) and on the remote switch

ip vrf TRAINING

didnt do any route distribution

then added "ip vrf forwarding TRAINTING" and readded the ip to the vlan interface

gave it an ip address of 172.16.166.1

did the exact same thing on the remote switch but with interface address of .2

enabled ospf on both switches.... router ospf 3 vrf TRAINING

I cant ping from one interface to the other... when I try pinging from the remote switch I get :

CISCO3750MCI-1#ping vrf TRAINING 172.16.166.1

% VRF does not have a usable source address

CISCO3750MCI-1#show ip vrf interfaces TRAINING

Interface              IP-Address      VRF                              Protocol

Vl16                   172.16.16.2     TRAINING                        down

I cant see why the interface is down. Nothing in the logs (even when I do no shut... it just accepts the command but doesnt come up)

Thoughts?

Thhanks

Drew

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Andrew Cormier

‎12-11-2012 09:01 AM

Hello Andrew,

check the list of permitted vlans on each end of the inter site link with

show interface type x/y trunk

or

show interface type x/y switchport

the new vlan may be missing on one side of the trunk, and if so this explains why the SVI is down.

Hope to help

Giuseppe

View solution in original post

8 Replies 8

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎12-11-2012 07:02 AM

Hi,

Have you got any device connected to a access port in this VLAN or to a trunk port allowing this VLAN?

In the negative then its normal behaviour that the SVI is down.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Andrew Cormier
Level 1
Level 1
In response to cadet alain

‎12-11-2012 07:26 AM

Hi Alain,

If i do sho vl br I see...

VLAN Name                             Status    Ports

---- -------------------------------- --------- --------------

1    default                          active    Gi1/0/1, Gi1/012  Gi1/0/24,                                    

116   TRAINING                 active

so I dont think it is being used. I had just created it yesterday afternoon.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Andrew Cormier

‎12-11-2012 07:43 AM

Hi,

so there is no access ports in this vlan configured, create one and plug a host and your SVI will come up.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Andrew Cormier
Level 1
Level 1
In response to cadet alain

‎12-11-2012 08:14 AM

Thanks Alain but I dont think that is a possible solution. What would I plug into it? We are using the switches as routers in this case.  There is nothing that needs to be in that vlan on the remote site. Any other ideas?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Andrew Cormier

‎12-11-2012 08:31 AM

Hello Andrew,

as a minimum the Vlan 166 has to be permitted on the link between switches and the link between switches/sites has to become a L2 trunk carrying multiple Vlans including Vlan 166.

With VRF lite you need to build a complete end to end logical topology for the new VRF.

Each VRF needs one Vlan in each link and the way to multiplex Vlans is to use an L2 802.1Q trunk between multilayer switches.

Check the link between the two sites.

CAUTION: if a configuration change is needed you need to work carefully to avoid to isolate the two sites

Hope to help

Giuseppe

0 Helpful

Go to solution
Andrew Cormier
Level 1
Level 1
In response to Giuseppe Larosa

‎12-11-2012 08:56 AM

Thanks Giuseppe! I think we are ok for the link since there is already a functioning VRF between the two switches.

I am not quite sure why the vlan is down on one end but up on the other. I just tried recreating the vlan int and vrf ... didnt help lol

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Andrew Cormier

‎12-11-2012 09:01 AM

Hello Andrew,

check the list of permitted vlans on each end of the inter site link with

show interface type x/y trunk

or

show interface type x/y switchport

the new vlan may be missing on one side of the trunk, and if so this explains why the SVI is down.

Hope to help

Giuseppe

Go to solution
Andrew Cormier
Level 1
Level 1
In response to Giuseppe Larosa

‎12-11-2012 10:24 AM

Thank Alain adn Giuseppe!!

Checked the trun port configs between the two switches and we were not allowing that vlan.

When you said check the list of permitted vlans a light went on in my head

That part works now .. now to get the rest going

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card