cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
15
Helpful
5
Replies

2 Vlan on single port, running on BGP ospf, other vlan no internet

henrybarriga
Level 1
Level 1

Hi All, Just need help.. also I'm beginner on this. Im running Cisco3850 over BGP and OSPF on my lab.

 

I create Vlan11,12 and 13 for port11,12 and 13 with /30 IP address for my router - This running over bgp and ospf.

Now i created another Vlan111,112 and 113 /30 ip address on the same port for my Point to Point antenna.

The Problem is the Vlan 111,112 and 113 has no internet. anyone can help me on this? anything that i missed on this config? i really appreciate on your respose.

 

Please see my running config below.

 

interface Loopback0

 ip address 10.1.1.1 255.255.255.255

 ip ospf dead-interval 20

 ip ospf hello-interval 5

!

interface Port-channel1

 no switchport

 ip address 172.31.254.2 255.255.255.252

 ip ospf network point-to-point

 ip ospf dead-interval 20

 ip ospf hello-interval 5

!

interface GigabitEthernet0/0

 vrf forwarding Mgmt-vrf

 ip address 10.254.254.254 255.255.255.0

 negotiation auto

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

 switchport trunk allowed vlan 11,111

 switchport mode trunk

!

interface GigabitEthernet1/0/12

 switchport trunk allowed vlan 12,112

 switchport mode trunk

!

interface GigabitEthernet1/0/13

 switchport trunk allowed vlan 13,113

 switchport mode trunk

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

 description *po1 lacp to ccr*

 no switchport

 no ip address

 channel-group 1 mode active

 lacp rate fast

!

interface GigabitEthernet1/0/21

 description *po1 lacp to ccr*

 no switchport

 no ip address

 channel-group 1 mode active

 lacp rate fast

!

interface GigabitEthernet1/0/22

 description *po1 lacp to ccr*

 no switchport

 no ip address

 channel-group 1 mode active

 lacp rate fast

!

interface GigabitEthernet1/0/23

 description *po1 lacp to ccr*

 no switchport

 no ip address

 channel-group 1 mode active

 lacp rate fast

!

interface GigabitEthernet1/0/24

 description *po1 lacp to ccr*

 no switchport

 no ip address

 channel-group 1 mode active

 lacp rate fast

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface TenGigabitEthernet1/1/1

!

interface TenGigabitEthernet1/1/2

!

interface TenGigabitEthernet1/1/3

!

interface TenGigabitEthernet1/1/4

!

interface Vlan1

 no ip address

!

interface Vlan11

 description *nat core link*

 ip address 172.16.11.1 255.255.255.252

 ip ospf network point-to-point

 ip ospf dead-interval 20

 ip ospf hello-interval 5

!

interface Vlan12

 description *R2 link*

 ip address 172.16.12.1 255.255.255.252

 ip ospf network point-to-point

 ip ospf dead-interval 20

 ip ospf hello-interval 5

!

interface Vlan13

 description *R3 link*

 ip address 172.16.13.1 255.255.255.252

 ip ospf network point-to-point

 ip ospf dead-interval 20

 ip ospf hello-interval 5

!

interface Vlan111

 ip address 172.16.111.1 255.255.255.252

!

interface Vlan112

 ip address 172.16.112.1 255.255.255.252

!

interface Vlan113

 ip address 172.16.113.1 255.255.255.252

!

router ospf 1

 router-id 10.1.1.1

 network 10.0.0.254 0.0.0.0 area 0

 network 10.1.1.1 0.0.0.0 area 0

 network 172.16.11.0 0.0.0.3 area 0

 network 172.16.12.0 0.0.0.3 area 0

 network 172.16.13.0 0.0.0.3 area 0

 network 172.31.254.0 0.0.0.3 area 0

!

router bgp 65000

 bgp router-id 10.1.1.1

 bgp log-neighbor-changes

 neighbor 10.0.0.0 remote-as 65000

 neighbor 10.0.0.0 update-source Loopback0

 neighbor 10.0.0.1 remote-as 65000

 neighbor 10.0.0.1 update-source Loopback0

 neighbor 10.0.0.2 remote-as 65000

 neighbor 10.0.0.2 update-source Loopback0

 neighbor 10.0.0.3 remote-as 65000

 neighbor 10.0.0.3 update-source Loopback0

 !

 address-family ipv4

  neighbor 10.0.0.0 activate

  neighbor 10.0.0.0 route-reflector-client

  neighbor 10.0.0.1 activate

  neighbor 10.0.0.1 route-reflector-client

  neighbor 10.0.0.2 activate

  neighbor 10.0.0.2 route-reflector-client

  neighbor 10.0.0.3 activate

  neighbor 10.0.0.3 route-reflector-client

 exit-address-family

!


2 Accepted Solutions

Accepted Solutions

Henry

There are things about your environment that I do not understand. For example I do not see any default route in your config. Are you learning a default route? If so from what? Also I see BGP but all peers are in the same AS, so are IBGP. Is there any external BGP?

One thing I do notice is that you are running OSPF on the subnets for 11, 12, and 13 but not for 111, 112, and 113. I would suggest running OSPF for the new vlans/subnets and see if it makes any difference.

Another guess at the issue would be possible issues about address translation. You tell us that NAT is done by Mikrotik. Is it possible that Mikrotik has translation logic for the original subnets but not for the new subnets?

HTH

Rick

View solution in original post

JimWicks
Level 1
Level 1

When you say "no internet" I think you mean you want to advertize the routes via BGP (because as one of the previous replies has stated, the "Internet" does not care about private address ranges - and just because you are advertizing to a BGP peer does not mean that this peer must be part of the "Internet".

 

To get the VLAN111,112,113 advertized to your BGP peers then probably simplest option is to advertize the subnets in BGP under your ipv4 address-family

"network 172.16.111.0 255.255.255.252"

"network 172.16.112.0 255.255.255.252"

"network 172.16.113.0 255.255.255.252"


or you should be able to redistribute these subnets as they are directly-connected

ip access-list extended redistribute-subnets

   permit 172.16.111.0 0.0.0.3

   permit 172.16.112.0 0.0.0.3

   permit 172.16.113.0 0.0.0.3

route-map redistribute-connected

   match ip address redistribute-subnets

router bgp 65000

   address-family ipv4 unicast

     redistriibute connected route-map redistribute-connected


Using either of the above methods, you should then see the routes sent in BGP to your peer-devices and if they can reach 10.1.1.1 then you should be good.

 

View solution in original post

5 Replies 5

Hello

Your OP shows addressing that is not public routable, as such you would require a rtr to perfrom network translation so you internal subnets to be able to reach the internet.

 

How do you reach the internet at present from this network?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello Paul, Thanks for your reply.

 

I'm using this 3850 for my core, and loopback 10.0.0.0 is my Mikrotik NAT, and 10.0.0.1,10.0.0.2, and so on are my client-side routers which they are connected to the internet.

Network design:

Mikrotik NAT >> Cisco 3850>> Vlan11,12,13 to client side. my only concern is Vlan111,112 and 113 has no internet.

 

someone said I add Bgp advertise subnet and I don't know how to do it

 

Henry

Henry

There are things about your environment that I do not understand. For example I do not see any default route in your config. Are you learning a default route? If so from what? Also I see BGP but all peers are in the same AS, so are IBGP. Is there any external BGP?

One thing I do notice is that you are running OSPF on the subnets for 11, 12, and 13 but not for 111, 112, and 113. I would suggest running OSPF for the new vlans/subnets and see if it makes any difference.

Another guess at the issue would be possible issues about address translation. You tell us that NAT is done by Mikrotik. Is it possible that Mikrotik has translation logic for the original subnets but not for the new subnets?

HTH

Rick

JimWicks
Level 1
Level 1

When you say "no internet" I think you mean you want to advertize the routes via BGP (because as one of the previous replies has stated, the "Internet" does not care about private address ranges - and just because you are advertizing to a BGP peer does not mean that this peer must be part of the "Internet".

 

To get the VLAN111,112,113 advertized to your BGP peers then probably simplest option is to advertize the subnets in BGP under your ipv4 address-family

"network 172.16.111.0 255.255.255.252"

"network 172.16.112.0 255.255.255.252"

"network 172.16.113.0 255.255.255.252"


or you should be able to redistribute these subnets as they are directly-connected

ip access-list extended redistribute-subnets

   permit 172.16.111.0 0.0.0.3

   permit 172.16.112.0 0.0.0.3

   permit 172.16.113.0 0.0.0.3

route-map redistribute-connected

   match ip address redistribute-subnets

router bgp 65000

   address-family ipv4 unicast

     redistriibute connected route-map redistribute-connected


Using either of the above methods, you should then see the routes sent in BGP to your peer-devices and if they can reach 10.1.1.1 then you should be good.

 

Henry

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: