I need help in configuring the network (BGP & 2 ISP) - Page 2

florinmarian · ‎05-24-2023

Greetings, friends!
After noticing that in this community there really are people willing to help and teach you, I come again with some problems to which I hope I will find an answer (either directly or indirectly).

Let me describe my resources:
- The Cisco WS-4948E switch
- ASN AS57XXX
- Subnets 188.241.XXX.0/24, 188.241.YYY.0/24 and 2a0e:8f02:XXXX::/48 respectively
- ISP A, which does not support BGP session, having the IP address 192.168.1.XXX configured on the switch, unable to give up the router provided by the ISP
- ISP B which supports BGP session, having the IP address 10.192.63.XXX configured on the switch, without having any public IP address or any intermediate device between the switch and the ISP

What I want:
1. How should the network be divided into vlans knowing that I connect the ports GigabitEthernet1/1 and GigabitEthernet1/2 to the router of the first ISP, GigabitEthernet1/3 to the 2nd ISP and I want to allow the other ports of the switch to be considered consumers that can only have IP addresses from the 3 subnets listed above (so the Switch should serve as a gateway with the IPs 188.241.XXX.1, 188.241.YYY.1, 2a0e :8f02:XXXX::1)?
2. In what way can the 2 ISPs be used knowing that one allows BGP session, the other does not but the one that does not allow BGP session still does not filter the IPs?

Configuration examples would be welcome because it's the first time I'm interacting with a Cisco switch.

Thank you!

MHM Cisco World · ‎05-26-2023

I write some note and two command you can use to check the connectivity
telnet and debug

florinmarian · ‎05-26-2023

Hello!

In the end I managed to establish the BGP connection via IPv6 with RCS RDS and announce the /48 route through it, but the problem I am facing now is that from the client using the IP address 2a0e:8f02:XXXX::2 with the gateway -ul 2a0e:8f02:XXXX::1 I get timeout when I try to send pings to the internet.
That client is connected to GigabitEthernet1/48.
Thank you!

Commands used after factory reset:

vlan 200
name RCS&RDS
!
vlan 300
name Clients
!
interface GigabitEthernet1/3
description Connection to RCS&RDS Router
switchport mode access
switchport access vlan 200
no shutdown
!
interface range GigabitEthernet1/4 - 48
description Consumer Ports
switchport mode access
switchport access vlan 300
!
interface range TenGigabitEthernet1/49 - 52
description Consumer Ports
switchport mode access
switchport access vlan 300
!
interface vlan 200
description Conexiune RCSRDS
ip address 10.XXX.63.19 255.255.255.248
ipv6 address 2a02:2f08:XXXX::2/126
no shutdown
!
interface vlan 300
description Conexiune Servere
no shutdown
ipv6 address 2a0e:8f02:XXXX::1/64
!
ipv6 unicast-routing
!
router bgp 57403
bgp router-id 10.XXX.63.19
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2a02:2f08:XXXX::1 remote-as 8708
address-family ipv6
neighbor 2a02:2f08:XXXX::1 activate
network 2a0e:8f02:XXXX::/48
exit-address-family
end

MHM Cisco World · ‎05-27-2023

Good to know that' so you now receive both ipv6 and ipv4 from isp'

The access to internet need you receive defualt route from ISP.

florinmarian · ‎05-27-2023

Those are the routes I received and it's strange because I requested /48 and I see just /64 but anyway, even with /64 my IP is not accessible from other networks.

*May 26 23:38:02.635: BGP IPv6: Walker update route ::/127
*May 26 23:38:02.635: BGP IPv6: Walker update route 2A02:2F08:FFF::2/128
*May 26 23:38:02.635: BGP IPv6: Walker update route 2A02:2F08:FFF::/126
*May 26 23:38:02.635: BGP IPv6: Walker update route 2A0E:8F02:F04F::1/128
*May 26 23:38:02.635: BGP IPv6: Walker update route 2A0E:8F02:F04F::/64
*May 26 23:38:02.635: BGP IPv6: Walker update route FE80::/10
*May 26 23:38:02.635: BGP IPv6: Walker update route FF00::/8

MHM Cisco World · ‎05-27-2023

are there any FW in-between ?

florinmarian · ‎05-27-2023

No, just default ACLs which cannot be deleted. The switch is directly connected to ISP's ONT.

This is actually full configuration of the switch:

Switch#show running-config
Building configuration...

Current configuration : 7807 bytes
!
! Last configuration change at 00:03:01 UTC Sat May 27 2023
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Switch
!
boot-start-marker
boot system flash bootflash:cat4500e-entservicesk9-mz.152-4.E10a.bin
boot-end-marker
!
!
vrf definition mgmtVrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
ipv6 unicast-routing
vtp mode transparent
!
!
power redundancy-mode redundant
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 100
 name Orange
!
vlan 200
 name RCS&RDS
!
vlan 300
 name Clients
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet1
 vrf forwarding mgmtVrf
 no ip address
 speed auto
 duplex auto
!
interface GigabitEthernet1/1
 description Connection to Orange Router
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/2
 description Connection to Orange Router
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/3
 description Connection to RCS&RDS Router
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet1/4
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/5
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/6
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/7
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/8
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/9
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/10
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/11
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/12
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/13
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/14
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/15
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/16
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/17
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/18
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/19
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/20
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/21
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/22
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/23
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/24
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/25
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/26
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/27
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/28
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/29
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/30
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/31
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/32
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/33
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/34
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/35
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/36
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/37
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/38
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/39
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/40
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/41
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/42
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/43
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/44
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/45
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/46
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/47
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface GigabitEthernet1/48
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface TenGigabitEthernet1/49
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface TenGigabitEthernet1/50
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface TenGigabitEthernet1/51
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface TenGigabitEthernet1/52
 description Consumer Ports
 switchport access vlan 300
 switchport mode access
!
interface Vlan1
 no ip address
!
interface Vlan100
 description Conexiune Orange
 ip address 192.168.1.2 255.255.255.0
!
interface Vlan200
 description Conexiune RCSRDS
 ip address 10.192.63.19 255.255.255.248
 ipv6 address 2A02:2F08:FFF::2/126
!
interface Vlan300
 description Conexiune Servere
 no ip address
 ipv6 address 2A0E:8F02:F04F::1/64
!
router bgp 57403
 bgp router-id 10.192.63.19
 no bgp fast-external-fallover
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 bgp maxas-limit 50
 neighbor 2A02:2F08:FFF::1 remote-as 8708
 !
 address-family ipv4
  no neighbor 2A02:2F08:FFF::1 activate
 exit-address-family
 !
 address-family ipv6
  network 2A0E:8F02:F04F::/48
  neighbor 2A02:2F08:FFF::1 activate
  neighbor 2A02:2F08:FFF::1 soft-reconfiguration inbound
  neighbor 2A02:2F08:FFF::1 maximum-prefix 250000
 exit-address-family
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
line con 0
 stopbits 1
line vty 0 4
 login
!
!
end

MHM Cisco World · ‎05-27-2023

you must connect ISP, it not BGP issue the IP (IPv4 or IPv6) is not reachable.

florinmarian · ‎05-27-2023

It seems to be also a vlan issue because I found this:

Switch#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       a - Application
B   ::/0 [20/0]
     via FE80::D161, Vlan200
C   2A02:2F08:FFF::/126 [0/0]
     via Vlan200, directly connected
L   2A02:2F08:FFF::2/128 [0/0]
     via Vlan200, receive
C   2A0E:8F02:F04F::/64 [0/0]
     via Vlan300, directly connected
L   2A0E:8F02:F04F::1/128 [0/0]
     via Vlan300, receive
L   FF00::/8 [0/0]
     via Null0, receive
Switch#ping fe80::d161
Output Interface: vlan200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::D161, timeout is 2 seconds:
Packet sent with a source address of FE80::C671:FEFF:FE8C:7D3F%Vlan200
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms
Switch#ping fe80::d161
Output Interface: vlan300
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::D161, timeout is 2 seconds:
Packet sent with a source address of FE80::C671:FEFF:FE8C:7D3F%Vlan300
.....
Success rate is 0 percent (0/5)
Switch#ping ipv6 ipv6.google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A00:1450:4001:806::200E, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/48/52 ms
Switch#

MHM Cisco World · ‎05-27-2023

VLAN200 is success
VLAN300 is failed ?
show ip inter brief <<- check if SVI of VLAN is UP
show vlan <<- check if VLAN is add to VLAN DB

NOTE:- if you dont advertise the IP of VLAN's to ISP then you Need NAT overload to interface connect your SW to ISP