10-28-2019 04:48 PM
Im creating a ISIS-SPBM Fabric with our new VSP 8608 Core-Switches. For that i need to implement 4 different VRFs, that can only communicate via the Firewall. After having the configuration for VRF 0 completed i realized, that route redistribution between the nodes only works in VRF 0. As i tried to enable route redistribution in one of the other VRFs i got the error in the title:
switch4:1(config)#router vrf voice
switch4:1(router-vrf)#isis redistribute direct
Error: ISIS instance does not exist in VRF: "voice"
how to proceed here? do i need to create additional ISIS-Instances for the different VRFs? Is it possible to enable/assign an ISIS-Instance to additional VRFs? what about the BVLANs? Do i need one per VRF/ISIS-Instance? Same with virtual-ist?
running config:
#
# ISIS SPBM CONFIGURATION
#
router isis
spbm 1
spbm 1 nick-name 0.4d.b4
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 multicast enable
spbm 1 ip enable
spbm 1 smlt-virtual-bmac 00:00:00:00:00:34
spbm 1 smlt-peer-system-id 00db.face.0003
exit
#
# VIRTUAL IST CONFIGURATION
#
virtual-ist peer-ip 172.28.72.3 vlan 4053
#
# ISIS CONFIGURATION
#
router isis
sys-name "switch4"
ip-source-address 172.28.64.4
is-type l1
system-id 00db.face.0004
manual-area 10.01
exit
router isis enable
#
# OSPF CONFIGURATION - GlobalRouter
#
router ospf
exit
#
# OSPF CONFIGURATION - VRF
#
#
# IP REDISTRIBUTION CONFIGURATION - GlobalRouter
#
router isis
redistribute direct
redistribute direct enable
exit
#
# IP REDISTRIBUTION CONFIGURATION - VRF
#
Solved! Go to Solution.
10-28-2019 06:17 PM
You are almost there. The following is an example of how to redistribute direct and static routes in the vrf VOICE:
router vrf voice
isis redistribute static
isis redistribute static enable
isis redistribute direct
isis redistribute direct enable
exit
isis apply redistribute static vrf voice
isis apply redistribute direct vrf voice
I think it is the last part you are missing now.
(Naturally you will need to create the voice VRF on another switch and enable ipvpn on it as well to see the routes propagated)
Regarding IPVPN - this is not actually VPN as you know it. IPVPN is how we enable a “L3 VSN” which is what you are doing here.
Regarding the license - run the ‘show license’ command to see what is loaded. Without a license the system will allow you to use advanced features (licensed features) for a trial period of 60 days. Be aware that if you don’ t have the license you will lose that function after the trial expires and the system is reset.
10-28-2019 04:56 PM
Did you enable IPVPN on the vrf?
router vrf voice
ipvpn
I-sid <choose an I-sid value for the L3 VSN>
ipvpn enable
exit
You will need a premier license for this feature.