Re: Learned Default Route under VRF with DHCP & VRF/Static Inter

Joseph.Cram · ‎11-15-2006

Hey All,

I'm trying to create a simple VRF for my DMVPN spoke to differentiate Private and Public routing (I want the effective default route for internal hosts to transit my DMVPN for a non-split tunneling effect... I know how to do this with a route-map, but it seems that using a VRF should be cleaner).

I have followed the FVRF example based at:

http://www.cisco.com/en/US/products/ps6660/products_white_paper0900aecd8034be03.shtml

The goal is for 172.30.* to route across my DMVPN and 192.168.* to act like a non-VPN aware Hotspot/GuestNet with direct local internet access.

I have everything working except two things:

- My public interface is set to DHCP. It is not importing the dhcp-provided public default route into the VRF routing table. I don't see it in the global routing table either. If I statically add this default route to my public VRF everything comes up. This isn't an acceptable workaround. Am I missing some sort of import command under the VRF?

- I would like to have 2 static PAT's from the DHCP'd interface back to two hosts on the HotSpot subnet. I don't seem to be able to use the VRF tag at the end of the static nat statement when the interface is used as a global. The static P-Nat statements you see below worked prior to the VRF implementation.

I'm pretty sure that I wouldn't have these issues with an IVRF solution, however I prefer to keep my internal networks in the global routing table so that VRF's do not have to be specified when using commands such as show ip route.

I'm running 12.4.9T1 on an 1811

My overall config is pretty big, but here are the important parts for the VRF:

ip vrf public

rd 100:1

interface Tunnel0

bandwidth 1000

ip address 172.30.x.x.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication DMVPN

ip nhrp map multicast 66.189.xxx.xxx

ip nhrp map 172.30.250.1 66.189.xxx.xxx

ip nhrp network-id 172030250

ip nhrp holdtime 360

ip nhrp nhs 172.30.250.1

ip ospf message-digest-key 1 md5 mykey

ip ospf network broadcast

ip ospf cost 50

ip ospf priority 0

delay 1000

cdp enable

tunnel source FastEthernet0

tunnel mode gre multipoint

tunnel key xxx

tunnel vrf public

tunnel protection ipsec profile DMVPN

interface FastEthernet0

bandwidth 384

bandwidth receive 6000

ip vrf forwarding public

ip address dhcp

ip access-group EXTERNAL-ACL in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip nat enable

ip inspect IOSFW out

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no cdp enable

service-policy output shaper

interface BVI10

ip address 172.30.240.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

interface BVI20

ip vrf forwarding public

ip address 192.168.240.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip nat inside source list NAT interface FastEthernet0 vrf public overload

ip nat inside source static tcp 192.168.240.11 23 interface FastEthernet0 23

ip nat inside source static tcp 192.168.240.9 80 interface FastEthernet0 80

Joseph.Cram · ‎11-18-2006

FYI - I found the solution to the ROUTE issue. It's a bug.

CSCsd20055 Bug Details

Headline DHCP client with FVRF not installing default route in VRF

Product IOS

Feature DHCP Components Duplicate of

Severity 3 Severity help Status Resolved Status help

First Found-in Version 12.4 All affected versions First Fixed-in Version 12.4(9.10), 12.4(9.10)T Version help

Release Notes

DHCP (DMVPN) client not installing default route if physical interface is assigned to a VRF (virtual routing and forwarding) table.

Workaround:

Manually configure static default route (in VRF).

Learned Default Route under VRF with DHCP & VRF/Static Interface Pat?