Cisco VRF Configuration issue
Trying to get VRF forwarding on an interface in Cisco IOS 15.4. We currently have a router with 15.2 and have no trouble with it:
interface FastEthernet0/0/3
switchport access vlan 3
ip vrf forwarding INTERNAL
no ip address
But when I try to configure this on the 15.4 router, I get an error:
Test(config)#int f0/1/3
Test(config-if)#ip vrf forwarding INTERNAL
^
% Invalid input detected at '^' marker.
Test(config-if)#
IP vrf isn't an option:
Test(config-if)#ip ?
Interface IP configuration subcommands:
address Set the IP address of an interface
admission Apply Network Admission Control
auth-proxy Apply authentication proxy
ddns Configure dynamic DNS
device IP device tracking
dhcp Configure DHCP parameters for this interface
igmp IGMP interface commands
rsvp RSVP Interface Commands
Test(config-if)#ip
I do have vrf configured in the global:
ip vrf INTERNAL
description Trusted Network
rd xxxxx:10
!
ip vrf INTERNET
description Internet Traffic
rd xxxxx:20
inter-as-hybrid
Any ideas what I'm missing here?
interface FastEthernet0/0/3
switchport access vlan 3
ip vrf forwarding INTERNAL
no ip address
But when I try to configure this on the 15.4 router, I get an error:
Test(config)#int f0/1/3
Test(config-if)#ip vrf forwarding INTERNAL
^
% Invalid input detected at '^' marker.
Test(config-if)#
IP vrf isn't an option:
Test(config-if)#ip ?
Interface IP configuration subcommands:
address Set the IP address of an interface
admission Apply Network Admission Control
auth-proxy Apply authentication proxy
ddns Configure dynamic DNS
device IP device tracking
dhcp Configure DHCP parameters for this interface
igmp IGMP interface commands
rsvp RSVP Interface Commands
Test(config-if)#ip
I do have vrf configured in the global:
ip vrf INTERNAL
description Trusted Network
rd xxxxx:10
!
ip vrf INTERNET
description Internet Traffic
rd xxxxx:20
inter-as-hybrid
Any ideas what I'm missing here?
ASKER
Thanks, but neither are an available command for an interface. But in my 15.2 router, I do have ip vrf forwarding on interfaces
What feature set do you have installed on the 15.4 router? Is it the same as the 15.2?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the 15.2 router: c2900-universalk9-mz.SPA.1
the 15.4 router: c1900-universalk9-mz.SPA.1
I can't enter just no switchport on the interface, but I can do no switchport access vlan 3
but it still doesn't give me a vrf option:
Test(config-if)#int f0/1/3
Test(config-if)#ip vrf ?
% Unrecognized command
Test(config-if)#ip ?
Interface IP configuration subcommands:
address Set the IP address of an interface
admission Apply Network Admission Control
auth-proxy Apply authentication proxy
ddns Configure dynamic DNS
device IP device tracking
dhcp Configure DHCP parameters for this interface
igmp IGMP interface commands
rsvp RSVP Interface Commands
Test(config-if)#ip
the 15.4 router: c1900-universalk9-mz.SPA.1
I can't enter just no switchport on the interface, but I can do no switchport access vlan 3
but it still doesn't give me a vrf option:
Test(config-if)#int f0/1/3
Test(config-if)#ip vrf ?
% Unrecognized command
Test(config-if)#ip ?
Interface IP configuration subcommands:
address Set the IP address of an interface
admission Apply Network Admission Control
auth-proxy Apply authentication proxy
ddns Configure dynamic DNS
device IP device tracking
dhcp Configure DHCP parameters for this interface
igmp IGMP interface commands
rsvp RSVP Interface Commands
Test(config-if)#ip
VRF availability depends on license type.What is your license type?
show license
show license detail
show license feature
show license all
show license right-to-use
show license
show license detail
show license feature
show license all
show license right-to-use
ASKER
Test#sho license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: NtwkEssSuitek9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: hseck9
Index 7 Feature: mgmt-plug-and-play
Index 8 Feature: mgmt-lifecycle
Index 9 Feature: mgmt-assurance
Index 10 Feature: mgmt-onplus
Index 11 Feature: mgmt-compliance
Test#
Test#
Test#
Test#
Test#sho license detail
Index: 1 Feature: NtwkEssSuitek9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 2
Store Name: Built-In License Storage
Index: 2 Feature: datak9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 1
Store Name: Built-In License Storage
Index: 3 Feature: ios-ips-update Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 3
Store Name: Built-In License Storage
Index: 4 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 0
Store Name: Primary License Storage
Index: 5 Feature: securityk9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 1
Store Name: Primary License Storage
Index: 6 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 0
Store Name: Built-In License Storage
Test#sho license feature
Feature name Enforcement Evaluation Subscription Enabled RightToUse
ipbasek9 no no no yes no
securityk9 yes yes no yes yes
datak9 yes yes no no yes
NtwkEssSuitek9 yes yes no no yes
ios-ips-update yes yes yes no yes
hseck9 yes no no no no
mgmt-plug-and-play yes no no no no
mgmt-lifecycle yes no no no no
mgmt-assurance yes no no no no
mgmt-onplus yes no no no no
mgmt-compliance yes no no no no
Feature name Enforcement Evaluation Subscription Enabled RightToUse
Test#sho license all
License Store: Primary License Storage
StoreIndex: 0 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 1 Feature: securityk9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
License Store: Built-In License Storage
StoreIndex: 0 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
StoreIndex: 1 Feature: datak9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
StoreIndex: 2 Feature: NtwkEssSuitek9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
StoreIndex: 3 Feature: ios-ips-update Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Test# sho license right
Test# sho license right-to-use
% No RightToUse Licenses are Active !!
Test#
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 2 Feature: securityk9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Index 3 Feature: datak9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: NtwkEssSuitek9
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 5 Feature: ios-ips-update
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 6 Feature: hseck9
Index 7 Feature: mgmt-plug-and-play
Index 8 Feature: mgmt-lifecycle
Index 9 Feature: mgmt-assurance
Index 10 Feature: mgmt-onplus
Index 11 Feature: mgmt-compliance
Test#
Test#
Test#
Test#
Test#sho license detail
Index: 1 Feature: NtwkEssSuitek9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 2
Store Name: Built-In License Storage
Index: 2 Feature: datak9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 1
Store Name: Built-In License Storage
Index: 3 Feature: ios-ips-update Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 3
Store Name: Built-In License Storage
Index: 4 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 0
Store Name: Primary License Storage
Index: 5 Feature: securityk9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 1
Store Name: Primary License Storage
Index: 6 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Store Index: 0
Store Name: Built-In License Storage
Test#sho license feature
Feature name Enforcement Evaluation Subscription Enabled RightToUse
ipbasek9 no no no yes no
securityk9 yes yes no yes yes
datak9 yes yes no no yes
NtwkEssSuitek9 yes yes no no yes
ios-ips-update yes yes yes no yes
hseck9 yes no no no no
mgmt-plug-and-play yes no no no no
mgmt-lifecycle yes no no no no
mgmt-assurance yes no no no no
mgmt-onplus yes no no no no
mgmt-compliance yes no no no no
Feature name Enforcement Evaluation Subscription Enabled RightToUse
Test#sho license all
License Store: Primary License Storage
StoreIndex: 0 Feature: ipbasek9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
StoreIndex: 1 Feature: securityk9 Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
License Store: Built-In License Storage
StoreIndex: 0 Feature: securityk9 Version: 1.0
License Type: EvalRightToUse
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
StoreIndex: 1 Feature: datak9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
StoreIndex: 2 Feature: NtwkEssSuitek9 Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
StoreIndex: 3 Feature: ios-ips-update Version: 1.0
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
Period used: 0 minute 0 second
License Count: Non-Counted
License Priority: None
Test# sho license right
Test# sho license right-to-use
% No RightToUse Licenses are Active !!
Test#
Looks like IPBASE may not be sufficient. See if you can enable the datak9 License that I see listed.
I can't enter just no switchport on the interface, but I can do no switchport access vlan 3Not sure for 1900, but IPbase may or may not be enough depending on your needs (For multi-VRF should be OK).
Multiprotocol Label Switching VPN and Multi-Virtual Route Forwarding Support for the Cisco Integrated Services Routers Family of Access RoutersBut, VRF is L3 technology, if port is in L2 mode VRF should not be configurable. Try to configure VRF on some of routed interfaces/subinterfaces on device.
Any update?
ASKER
No luck as of yet. However, since my physical interface refers to vlan3, and vlan3 does have ip vrf forwarding INTERNAL, will that still work? I would love to just plug it in and see, but that isn't an option right now.
interface FastEthernet0/1/3
switchport access vlan 3
no ip address
!
interface Vlan3
ip vrf forwarding INTERNAL
ip address x.x.x.x 255.255.255.0
!
The current 15.2 router interface has vrf forwarding on it:
interface FastEthernet0/0/3
switchport access vlan 3
ip vrf forwarding INTERNAL
no ip address
interface Vlan3
ip vrf forwarding INTERNAL
ip address x.x.x.x 255.255.255.0
interface FastEthernet0/1/3
switchport access vlan 3
no ip address
!
interface Vlan3
ip vrf forwarding INTERNAL
ip address x.x.x.x 255.255.255.0
!
The current 15.2 router interface has vrf forwarding on it:
interface FastEthernet0/0/3
switchport access vlan 3
ip vrf forwarding INTERNAL
no ip address
interface Vlan3
ip vrf forwarding INTERNAL
ip address x.x.x.x 255.255.255.0
ASKER
Forgot to mention that yes, I can add vrf forwarding to regular routed interfaces
You should be able to add to any routed port or vlan svi.
vrf forwarding
or
vrf member