VRF static route 与VRF ospf

要求：

1、PC1 能与sales 网络通讯；

2、PC2 能与production 网络通讯；

3、PC1 不能访问producton,PC2 不能访问sales;

使用vrf 功能实现；

实际：

PC1 的192.168.1.10能访问10.1.1.1 但是不能访问10.2.2.2；

PC2 的192.168.1.10能访问10.2.2.2 但是不能访问10.1.1.1；

组网图：

配置命令：

LSW1:

vlan batch 10 20

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20
#

R1:

interface GigabitEthernet0/0/0
 ip address 10.0.13.1 255.255.255.0 

#
interface LoopBack0
 ip address 10.1.1.1 255.255.255.255 

#
ip route-static 192.168.1.0 255.255.255.0 10.0.13.3

R2:

interface GigabitEthernet0/0/0
 ip address 10.0.23.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
 ip address 10.2.2.2 255.255.255.255 
#
ospf 1 
 area 0.0.0.0 
  network 10.0.23.0 0.0.0.255 
  network 10.2.2.2 0.0.0.0

R4:

interface GigabitEthernet0/0/0
 ip binding vpn-instance sales
 ip address 10.0.13.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance production
 ip address 10.0.23.3 255.255.255.0 

#
interface GigabitEthernet0/0/2.10
 dot1q termination vid 10
 ip binding vpn-instance sales
 ip address 192.168.1.254 255.255.255.0 
 arp broadcast enable
#
interface GigabitEthernet0/0/2.20
 dot1q termination vid 20
 ip binding vpn-instance production
 ip address 192.168.1.254 255.255.255.0 
 arp broadcast enable

# 
ospf 1 router-id 10.3.3.3 vpn-instance production
 area 0.0.0.0 
  network 10.0.23.0 0.0.0.255 
  network 10.3.3.3 0.0.0.0 
  network 192.168.1.0 0.0.0.255 
#
ip route-static vpn-instance sales 10.0.13.0 255.255.255.0 10.0.13.1
ip route-static vpn-instance sales 10.1.1.1 255.255.255.255 10.0.13.1