cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6307
Views
5
Helpful
4
Replies

VRF Aware System Message Logging - which VRF interface is used as the source-interface?

bgfl-tech
Level 1
Level 1

When you have multiple interfaces in the same VRF as the VRF used for 'logging host n.n.n.n vrf xxxx' which interface is used as the source interface?

I've just upgraded a 3750 from 12.2(44)SE6 to 12.2.(55)SE1 and syslogging to an external server has stopped working. 12.2(44)SE6 accepted the command 'logging source-interface loopback50' where loopback 50 was in the VRF. However that command is now not accepted by 12.2.(55)SE1 which gives the message 'Interface Loopback50 is not in the global table'.

Including the loopback address there are 5 other vlan interfaces in the same VRF with one currently administratively disabled.

The 'sh logging' command displays 'link down' which I assume is a reference to the disabled vlan which coincidently has the 'lowest' IP address:-

Logging to n.n.n.n  (corp) (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link down)

How do I bring the 'link up'? Do I have to remove the disabled vlan? Any other suggestions?

regards

Matthew

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Matt,

I tested this with 12.2(52)SE and it works fine.

I created a vrf called "test" and also created interface lo50

Here are the configs:

loopback intergace in vrf test

C3750-E(config-if)#do sh run int lo50   
Building configuration...

Current configuration : 67 bytes
!
interface Loopback50
ip vrf forwarding test
no ip address
end

here is vrf config

ip vrf test
route-target export 100:101
route-target import 100:101
!

and here is the looging info

C3750-E(config)#do sh run | inc logging
logging source-interface Loopback50
logging host 1.1.1.1 vrf test
C3750-E(config)#

Your issue may be related to an IOS bug

HTH

Reza

View solution in original post

4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

Matt,

I tested this with 12.2(52)SE and it works fine.

I created a vrf called "test" and also created interface lo50

Here are the configs:

loopback intergace in vrf test

C3750-E(config-if)#do sh run int lo50   
Building configuration...

Current configuration : 67 bytes
!
interface Loopback50
ip vrf forwarding test
no ip address
end

here is vrf config

ip vrf test
route-target export 100:101
route-target import 100:101
!

and here is the looging info

C3750-E(config)#do sh run | inc logging
logging source-interface Loopback50
logging host 1.1.1.1 vrf test
C3750-E(config)#

Your issue may be related to an IOS bug

HTH

Reza

Reza, thank you for your reply but using 12.2(55)SE1 IP Services on a WS-C3750-48PS-E doesn't show the same behaviour?

I have the following interfaces which are all 'up' and 'up' apart from vlan50 which is admin down:-

!
interface Loopback50
description xxxxxxxxxxxx
ip vrf forwarding corp
ip address 10.9.255.228 255.255.255.255
!

.....

!
interface Vlan10
description xxxxxxxxxxxxxxxxxxxx
ip vrf forwarding corp
ip address 10.76.160.1 255.255.255.0
ip helper-address 10.64.64.58
ip helper-address 10.79.0.112
!
interface Vlan50
description xxxxxxxxxxxxxxx
ip vrf forwarding corp
ip address 10.9.1.161 255.255.255.240
shutdown
!
interface Vlan700
description xxxxxxxxxxxxxxxxx
ip vrf forwarding corp
ip address 10.51.64.1 255.255.252.0
ip helper-address 10.64.64.58
ip helper-address 10.79.0.112
!
interface Vlan2474
description xxxxxxxxxxxxxxxxx
ip address 10.10.32.57 255.255.255.252
!
interface Vlan2475
description xxxxxxxxxxxxxxxxxxxx
ip address 10.10.32.53 255.255.255.252
!
interface Vlan3573
description xxxxxxxxxxxxxxxxxxxxxx
ip vrf forwarding corp
ip address 10.132.252.89 255.255.255.252
!
interface Vlan3574
description xxxxxxxxxxxxxxxxxxxxxx
ip vrf forwarding corp
ip address 10.132.252.85 255.255.255.252
!

and the following 'logging' config:-

logging host 10.110.29.2 vrf corp

but show logging shows this:-

Trap logging: level informational, 3959 message lines logged
        Logging to 10.110.29.2  (corp) (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link down),
              0 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled

If I try to set the loopback address as the source-address for logging I get this:-

NROF862_V1145(config)#logging source-interface loopback 50
Interface Loopback50 is not in the global table

I can change the logging source-address to one of the 'global' management interfaces:-

logging source-interface Vlan2474

but this has no affect on the 'link down' status using 'sh logging'?

Its a strange one and something I'd like to get to the bottom of before I undertake any more IOS upgrades.

regards

Matthew

If anyone's interested this turned out to be the following bug:-

CSCtg11547
VRF aware syslogging not sending messages to server on 3750/3560
Externally found minor (Sev4) bug: V-Verified
 
This bug is responsible for this problem and will cause the ‘show log’ to show ‘link down’ for each VRF destination entry. The bug is going to be fixed in 12.2(58)SE which is going to be released this month (expected to be released next week).

For V1 3560 and 3750 we need to wait fior the next rebuild of 12.2(55), SE4 coming later in the Summer (as support for V1 switches has been removed from 12.2(58))

Have you tried this 

logging source-interface Loopback50 vrf corp
logging host 10.110.29.2 vrf corp

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: