- Read Me First
- MPLS Virtual Private Networks
- Multiprotocol BGP MPLS VPN
- MPLS VPN OSPF PE and CE Support
- MPLS VPN Support for EIGRP Between PE and CE
- IPv6 VPN over MPLS
- Assigning an ID Number to an MPLS VPN
- Remote Access MPLS VPNs
- Multi-VRF Support
- Multi-VRF Selection Using Policy-Based Routing
- MPLS VPN VRF Selection Using Policy-Based Routing
- MPLS VPN Per VRF Label
- MPLS VPN per Customer Edge (CE) Label
- VRF Aware System Message Logging
- MPLS VPN Show Running VRF
- MPLS VPN Half-Duplex VRF
- MPLS VPN BGP Local Convergence
- MPLS VPN Route Target Rewrite
- MPLS VPN VRF CLI for IPv4 and IPv6 VPNs
- MPLS over GRE
- MPLS VPN 6VPE Support Over IP Tunnels
- IPv6 VRF Aware System Message Logging
- Finding Feature Information
- Prerequisites for VRF Aware System Message Logging
- Restrictions for VRF Aware System Message Logging
- Information About VRF Aware System Message Logging
- How to Configure and Verify VRF Aware System Message Logging
- Configuration Examples for VRF Aware System Message Logging
- Additional References
- Feature Information for VRF Aware System Message Logging
- Glossary
VRF Aware System Message Logging
The VRF Aware System Message Logging (Syslog) feature allows a device to send system logging (syslog) messages to a syslog server host connected through a Virtual Private Network (VPN) routing and forwarding (VRF) interface.
You can use logging information for network monitoring and troubleshooting. This feature extends this capability to network traffic connected through VRFs.
- Finding Feature Information
- Prerequisites for VRF Aware System Message Logging
- Restrictions for VRF Aware System Message Logging
- Information About VRF Aware System Message Logging
- How to Configure and Verify VRF Aware System Message Logging
- Configuration Examples for VRF Aware System Message Logging
- Additional References
- Feature Information for VRF Aware System Message Logging
- Glossary
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for VRF Aware System Message Logging
You must configure a Virtual Private Network (VPN) routing and forwarding (VRF) instance on a routing device and associate the VRF with an interface before you can configure the VRF Aware System Message Logging feature.
Restrictions for VRF Aware System Message Logging
You cannot specify a source address for virtual routing and forwarding (VRF) system logging messages. The VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF-aware system logging messages.
Information About VRF Aware System Message Logging
- VRF Aware System Message Logging Benefit
- VRF Aware System Message Logging on a Provider Edge Device in an MPLS VPN Network
- VRF Aware System Message Logging on a Customer Edge Device with VRF-Lite Configured
- Message Levels for Logging Commands
VRF Aware System Message Logging Benefit
A Virtual Private Network (VPN) routing and forwarding (VRF) instance is an extension of IP routing that provides multiple routing instances. A VRF provides a separate IP routing and forwarding table to each VPN. You must configure a VRF on a routing device before you configure the VRF Aware System Message Logging feature.
After you configure the VRF Aware System Message Logging feature on a routing device, the device can send syslog messages to a syslog host through a VRF interface. Then you can use logging messages to monitor and troubleshoot network traffic connected through a VRF. Without the VRF Aware System Message Logging feature on a routing device, you do not have this benefit; the routing device can send syslog messages to the syslog host only through the global routing table.
You can receive system logging messages through a VRF interface on any device where you can configure a VRF, that is:
On a provider edge (PE) device that is used with Multiprotocol Label Switching (MPLS) and multiprotocol Border Gateway Protocol (BGP) to provide a Layer 3 MPLS VPN network service.
On a customer edge (CE) device that is configured for VRF-Lite, which is a VRF implementation without multiprotocol BGP.
VRF Aware System Message Logging on a Provider Edge Device in an MPLS VPN Network
You can configure the VRF Aware System Message Logging feature on a provider edge (PE) device in a Layer 3 Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network. The PE device can then send syslog messages through a virtual routing and forwarding (VRF) interface to a syslog server located in the VPN.
The figure below shows an MPLS VPN network and the VRF Aware System Message Logging feature configured on a PE device associated with VRF VPN1. The PE device sends log messages through a VRF interface to a syslog server located in VPN1. You can display the messages from the syslog server on a terminal.
VRF Aware System Message Logging on a Customer Edge Device with VRF-Lite Configured
You can configure the VRF Aware System Message Logging feature on a customer edge (CE) device where you have configured the VRF-Lite feature. The CE device can then send syslog messages through a virtual routing and forwarding (VRF) interface to syslog servers in multiple Virtual Private Networks (VPNs). The CE device can be either a router or a switch.
The figure below shows the VRF Aware System Message Logging feature configured on a VRF-Lite CE device. The CE device can send VRF syslog messages to syslog servers in VPN1 or VPN2 or to servers in both VPN1 and VPN2. You can configure multiple VRFs on a VRF-Lite CE device, and the device can serve many customers.
Message Levels for Logging Commands
The table below lists message levels for logging commands that you can use when you configure the VRF Aware System Message Logging feature. Information provided by the table below includes keyword level names and numbers, their description, and the associated syslog definitions. You can use either the level keyword name or number with the logging trap level and logging buffered severity-level commands.
Level Name |
Level Number |
Description |
Syslog Definition |
---|---|---|---|
emergencies |
0 |
System unusable |
LOG_EMERG |
alerts |
1 |
Immediate action needed |
LOG_ALERT |
critical |
2 |
Critical conditions |
LOG_CRIT |
errors |
3 |
Error conditions |
LOG_ERR |
warnings |
4 |
Warning conditions |
LOG_WARNING |
notifications |
5 |
Normal but significant condition |
LOG_NOTICE |
informational |
6 |
Informational messages only |
LOG_INFO |
debugging |
7 |
Debugging messages |
LOG_DEBUG |
How to Configure and Verify VRF Aware System Message Logging
- Configuring a VRF on a Routing Device
- Associating a VRF with an Interface
- Configuring VRF Aware System Message Logging on a Routing Device
- Verifying VRF Aware System Message Logging Operation
Configuring a VRF on a Routing Device
Configuring a virtual routing and forwarding (VRF) instance on a routing device helps provides customer connectivity to a Virtual Private Network (VPN). The routing device can be a provider edge (PE) device connected to a Multiprotocol Label Switching (MPLS) VPN network or a customer edge (CE) device that is configured for VRF-Lite.
1.
enable
2.
configure terminal
3.
ip vrf
vrf-name
4.
rd
route-distinguisher
5.
route-target {import |
export |
both}
route-target-ext-community
6.
end
DETAILED STEPS
Associating a VRF with an Interface
Perform this task to associate a virtual routing and forwarding (VRF) instance with an interface. A VRF must be associated with an interface before you can forward Virtual Private Network (VPN) traffic.
Note | You cannot configure a source address for VRF system logging messages. The VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF-aware system logging messages. |
After configuring the VRF and associating it with an interface, you can configure the VRF Aware System Message Logging feature on the routing device.
1.
enable
2.
configure terminal
3.
interface
type
number
4.
ip vrf forwarding
vrf-name
5.
end
6.
copy running-config startup-config
DETAILED STEPS
Configuring VRF Aware System Message Logging on a Routing Device
Configure the VRF Aware System Message Logging feature on a routing device so that logging messages can be used to monitor and troubleshoot network traffic connected through VRF instances.
1.
enable
2.
configure terminal
3.
logging host {ip-address |
hostname} [vrf
vrf-name]
4.
logging trap
level
5.
logging facility
facility-type
6.
logging buffered [buffer-size |
severity-level]
7.
end
DETAILED STEPS
Verifying VRF Aware System Message Logging Operation
1.
enable
2.
show running-config | include logging
3.
show ip vrf interfaces
4.
show running-config [interface
type
number]
5.
ping vrf
vrf-name
target-ip-address
6.
exit
DETAILED STEPS
Configuration Examples for VRF Aware System Message Logging
- Example: Configuring a VRF on a Routing Device
- Example: Associating a VRF with an Interface
- Examples: Configuring VRF Aware System Message Logging on a Routing Device
Example: Configuring a VRF on a Routing Device
enable configure terminal ! ip vrf vpn1 rd 100:1 route-target both 100:1 end
Example: Associating a VRF with an Interface
enable configure terminal ! interface FastEthernet 0/0/0 ip vrf forwarding vpn1 end
Examples: Configuring VRF Aware System Message Logging on a Routing Device
The following example shows how to configure the VRF Aware System Message Logging feature on a routing device. The IP address of the syslog server host is 10.0.1.3 and the VRF is vpn1.
enable configure terminal ! logging host 10.0.1.3 vrf vpn1 logging trap debugging logging facility local6 logging buffered 10000 logging buffered debugging end
The following example shows how to turn off logging to the syslog server:
enable configure terminal ! no logging 10.0.1.3 end
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
MPLS and MPLS applications commands |
|
Concepts and tasks for configuring VRF-lite on a Catalyst 4500 switch |
“Configuring VRF-lite" chapter in the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide |
Concepts and tasks for configuring VRF Lite on ML-Series Ethernet cards |
“Configuring VRF-lite" chapter in the Ethernet Card Software Feature and Configuration Guide for the Cisco ONS 15454 SDH, ONS 15454, and ONS 15327 |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for VRF Aware System Message Logging
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
VRF Aware System Message Logging |
12.2(31)SB2 12.2(33)SRA 12.2(33)SXH 12.4(13) 15.1(1)SG Cisco IOS XE Release 2.2 Cisco IOS XE Release 3.3SG |
The VRF Aware System Message Logging feature allows a device to send syslog messages to a syslog server host connected through a VPN VRF interface. In Cisco IOS Release 12.2(31)SB2, this feature was introduced on the Cisco 10000 series routers. In Cisco IOS Release 12.2(33)SRA, this feature was integrated. In Cisco IOS Release 12.2(33)SXH, this feature was integrated. In Cisco IOS Release 12.4(13), this feature was integrated. In Cisco IOS Release 15.1(1)SG, this feature was integrated. In Cisco IOS XE Release 2.2, this feature was implemented on the Cisco ASR 1000 Series Aggregation Services Routers. In Cisco IOS XE Release 3.3SG, this feature was integrated. The following command was modified: logging host. |
Glossary
CE device—customer edge device. A device on the border between a VPN provider and a VPN customer that belongs to the customer.
LSR—label switching router. A device that forwards MPLS packets based on the value of a fixed-length label encapsulated in each packet.
MPLS—Multiprotocol Label Switching. A method for forwarding packets (frames) through a network. It enables devices at the edge of a network to apply labels to packets (frames). ATM switches or existing devices in the network core can switch packets according to the labels with minimal lookup overhead.
MPLS VPN—Multiprotocol Label Switching Virtual Private Network. An IP network infrastructure delivering private network services over a public infrastructure using a Layer 3 backbone. Using MPLS VPNs in a Cisco network provides the capability to deploy and administer scalable Layer 3 VPN backbone services including applications, data hosting network commerce, and telephony services to business customers.
PE device—provider edge device. A device on the border between a VPN provider and a VPN customer that belongs to the provider.
VPN—Virtual Private Network. A group of sites that, as the result of a set of administrative policies, are able to communicate with each other over a shared backbone network. A VPN is a secure IP-based network that shares resources on one or more physical networks. A VPN contains geographically dispersed sites that can communicate securely over a shared backbone. See also MPLS VPN.
VRF—VPN routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE device.