14.1 erratta and a question

Please check the solution and the questions for a mismatch on what interfaces are in what VRFs.  I think there is a mistake on the wording of VLAN 76 and VLAN 6& should be placed in VPN_A and VPN_B. (disrespectfully) [:P]

 

Contrast above (in soultion ) to the other section where it asks you to assign VPN_A and VPN B  Loopbacks 172.16.x.x and 192.168.x.x (respectfully)

 

the first example is irrespective of order (in soultion) and the second one is more logical and VPN_A gets loop 172 and VPN_B gets 192.

 

It is a simple mistake/juxtaposition but it also can throw you off when looking at the solution and trying to figure out why your static route is different.

 

I also wanted to ask: How coudl we make R6 send a ping to Loop Back 172 from the VPN_B source address?  How do we create routes between VRFs on the same box?  Doe we need to point to the global RT and then have a route to the VRF and vice versa?  Of course the SW1 loopback would already have the static route to the R6 gateway and the VRF would then need to figure out how to get the ping back to tthe other VRF. 

 

Can we run EIGRP between the different VRFs?  I am very GREEN on VRFs.

 

 

Comments

  • i just logged in here... to open the same thread, verification on R6 went through well, but inter-vrf verification is not working.

    What i can understand for this verification. packets from sw1 are sent to R6 using static route, and then R6 send those packets back to Sw1 to corresponding VRF, and a ping reply is assumed to follow the same path but in reverse direction.

    But alas.. its not working... i am in doubt that MPLS section was ever checked by staff with practically doing it in lab.

  • I will have the author take a look at this as well.

    Thanks for the notification guys.

  • do your ping from SW1.

     

    Advice on R6:

     

    ip route vrf VPN_A (loopback created for VPN_B on SW1 mask) interface fa0/0.Y 155.1.Y.7

     

    Y = 76 or 67 and is in the other VRF on R6 aka "VPN_B"

    So I made things work once I accounted for the different configurations.  One thing that I was hoping could be added to the task is the ability to validate from R6.

    I can post the R6 and sw1 configs later when I pull up a rack  tomorrow, if you woudl like them.

  • Please post your configs when ever you got time.

     

    Thanks again for your helping posts.

     

    Best Regards,

     

    Nadeem Rafi

  • The two commands are displayed below.. BTW, with the verfification command on SW1:  (notice how i name the Loopbacks with a "descriptive number", thi shelps me keep things straight.)

     


    Rack6SW1#ping vrf VPN_A 192.168.7.7 source loopback 172

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.7.7, timeout is 2 seconds:
    Packet sent with a source address of 172.16.7.7
    .!!!!
    Success rate is 80 percent (4/5), round-trip min/avg/max = 1/4/9 ms
    Rack6SW1#
    Rack6SW1#
    Rack6SW1#
    Rack6SW1#sho run
    Building configuration...

    Current configuration : 4506 bytes
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Rack6SW1
    !
    boot-start-marker
    boot-end-marker
    !
    enable password cisco
    !
    no aaa new-model
    system mtu routing 1500
    vtp domain cisco
    vtp mode transparent
    ip subnet-zero
    ip routing
    no ip domain-lookup
    !
    !
    ip vrf VPN_A
     rd 100:76
    !
    ip vrf VPN_B
     rd 100:67
    !
    !
    !
    crypto pki trustpoint TP-self-signed-3804774016
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-3804774016
     revocation-check none
     rsakeypair TP-self-signed-3804774016
    !
    !
    crypto pki certificate chain TP-self-signed-3804774016
     certificate self-signed 01
      30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 33383034 37373430 3136301E 170D3933 30333031 30303039
      33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38303437
      37343031 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100CE95 5FC65F8C 402A8001 6A534F61 FBDB23B6 AD93F3C5 489E44DC 31DDAB79
      D2AA6F6E 6BAA907C D2FD2AFD 45A4A310 92975EB7 C9FCDFAF 9FAB3F81 F65293CC
      6336B386 43566ED0 0676467A A1A06FCC 6235AB8A 3B8A86A0 5080C41F 137FB798
      55B28864 FC1C9DE2 0975169E EFE3FFF0 C5AABA53 A7028D21 3926567E 53D098E6
      4C7D0203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603
      551D1104 0D300B82 09526163 6B365357 312E301F 0603551D 23041830 16801490
      6A168483 67A9B5BD A6C58F9F 8FD12950 77E34B30 1D060355 1D0E0416 0414906A
      16848367 A9B5BDA6 C58F9F8F D1295077 E34B300D 06092A86 4886F70D 01010405
      00038181 008B7323 3F3C8E60 E4D3FC67 E54D17CB 620C6B63 96FE4404 4F6A0CD7
      50CA1BA2 1E43FEFF 4F3001E4 BE41A2FB 1C97D968 A25EE73A 54D8E791 284F2C62
      512E5027 78F2CE7F 1E3C4B6C BF13535B C636E18F 4A022D1A 155989EE 8224A28E
      885545ED 3C758897 EF71A399 BF2E38F0 0D011372 66457D0E 616ACB11 EE6EB411
      786874B8 0B
      quit
    !
    !
    !
    !
    !
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    vlan 7-10,22,43,58,67,76,79,146
    !
    !
    !
    !
    interface Loopback0
     ip address 150.6.7.7 255.255.255.0
    !
    interface Loopback172
     ip vrf forwarding VPN_A
     ip address 172.16.7.7 255.255.255.0
    !
    interface Loopback192
     ip vrf forwarding VPN_B
     ip address 192.168.7.7 255.255.255.0
    !
    interface FastEthernet0/1
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
     no switchport
     ip address 155.6.37.7 255.255.255.0
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
     switchport access vlan 58
     switchport mode access
     spanning-tree portfast
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/14
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/15
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/16
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/17
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/18
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/19
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/20
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/21
     switchport trunk encapsulation dot1q
     switchport mode trunk
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
     no ip address
     shutdown
    !
    interface Vlan7
     ip address 155.6.7.7 255.255.255.0
    !
    interface Vlan67
     ip vrf forwarding VPN_B
     ip address 155.6.67.7 255.255.255.0
    !
    interface Vlan76
     ip vrf forwarding VPN_A
     ip address 155.6.76.7 255.255.255.0
    !
    interface Vlan79
     ip address 155.6.79.7 255.255.255.0
    !
    ip classless
    ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.6.76.6
    ip route vrf VPN_B 0.0.0.0 0.0.0.0 155.6.67.6
    ip http server
    ip http secure-server
    !
    !
    !
    control-plane
    !
    !
    line con 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous level 0 limit 20
    line vty 0 4
     password cisco
     login
    line vty 5 15
     password cisco
     login
    !
    end
                                             



    ==============

     mpls ip
    !
    interface FastEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface Serial0/0/0
     ip address 54.6.1.6 255.255.255.0
     encapsulation frame-relay
     frame-relay map ip 54.6.1.254 101 broadcast
     no frame-relay inverse-arp
    !
    router ospf 1
     router-id 150.6.6.6
     log-adjacency-changes
     network 0.0.0.0 255.255.255.255 area 0
    !
    ip forward-protocol nd
    ip route vrf VPN_A 192.168.7.0 255.255.255.0 FastEthernet0/0.67 155.6.67.7
    ip route vrf VPN_B 172.16.7.0 255.255.255.0 FastEthernet0/0.76 155.6.76.7
    no ip http server
    no ip http secure-server
    !
    !
    !
    access-list 10 permit 150.6.0.0 0.0.255.255
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
     exec-timeout 0 0
     privilege level 15
     logging synchronous level 0 limit 20
    line aux 0
     exec-timeout 0 0
     privilege level 15
    line vty 0 4
     password cisco
     login
    !
    scheduler allocate 20000 1000
    end

Sign In or Register to comment.