03-06-2022 12:08 AM - last edited on 03-08-2022 10:30 AM by Translator
Hi All, Just need help.. also I'm beginner on this. Im running Cisco3850 over BGP and OSPF on my lab.
I create Vlan11,12 and 13 for port11,12 and 13 with /30 IP address for my router - This running over bgp and ospf.
Now i created another Vlan111,112 and 113 /30 ip address on the same port for my Point to Point antenna.
The Problem is the Vlan 111,112 and 113 has no internet. anyone can help me on this? anything that i missed on this config? i really appreciate on your respose.
Please see my running config below.
interface Loopback0
ip address 10.1.1.1 255.255.255.255
ip ospf dead-interval 20
ip ospf hello-interval 5
!
interface Port-channel1
no switchport
ip address 172.31.254.2 255.255.255.252
ip ospf network point-to-point
ip ospf dead-interval 20
ip ospf hello-interval 5
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.254.254.254 255.255.255.0
negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
switchport trunk allowed vlan 11,111
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk allowed vlan 12,112
switchport mode trunk
!
interface GigabitEthernet1/0/13
switchport trunk allowed vlan 13,113
switchport mode trunk
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
description *po1 lacp to ccr*
no switchport
no ip address
channel-group 1 mode active
lacp rate fast
!
interface GigabitEthernet1/0/21
description *po1 lacp to ccr*
no switchport
no ip address
channel-group 1 mode active
lacp rate fast
!
interface GigabitEthernet1/0/22
description *po1 lacp to ccr*
no switchport
no ip address
channel-group 1 mode active
lacp rate fast
!
interface GigabitEthernet1/0/23
description *po1 lacp to ccr*
no switchport
no ip address
channel-group 1 mode active
lacp rate fast
!
interface GigabitEthernet1/0/24
description *po1 lacp to ccr*
no switchport
no ip address
channel-group 1 mode active
lacp rate fast
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
!
interface Vlan11
description *nat core link*
ip address 172.16.11.1 255.255.255.252
ip ospf network point-to-point
ip ospf dead-interval 20
ip ospf hello-interval 5
!
interface Vlan12
description *R2 link*
ip address 172.16.12.1 255.255.255.252
ip ospf network point-to-point
ip ospf dead-interval 20
ip ospf hello-interval 5
!
interface Vlan13
description *R3 link*
ip address 172.16.13.1 255.255.255.252
ip ospf network point-to-point
ip ospf dead-interval 20
ip ospf hello-interval 5
!
interface Vlan111
ip address 172.16.111.1 255.255.255.252
!
interface Vlan112
ip address 172.16.112.1 255.255.255.252
!
interface Vlan113
ip address 172.16.113.1 255.255.255.252
!
router ospf 1
router-id 10.1.1.1
network 10.0.0.254 0.0.0.0 area 0
network 10.1.1.1 0.0.0.0 area 0
network 172.16.11.0 0.0.0.3 area 0
network 172.16.12.0 0.0.0.3 area 0
network 172.16.13.0 0.0.0.3 area 0
network 172.31.254.0 0.0.0.3 area 0
!
router bgp 65000
bgp router-id 10.1.1.1
bgp log-neighbor-changes
neighbor 10.0.0.0 remote-as 65000
neighbor 10.0.0.0 update-source Loopback0
neighbor 10.0.0.1 remote-as 65000
neighbor 10.0.0.1 update-source Loopback0
neighbor 10.0.0.2 remote-as 65000
neighbor 10.0.0.2 update-source Loopback0
neighbor 10.0.0.3 remote-as 65000
neighbor 10.0.0.3 update-source Loopback0
!
address-family ipv4
neighbor 10.0.0.0 activate
neighbor 10.0.0.0 route-reflector-client
neighbor 10.0.0.1 activate
neighbor 10.0.0.1 route-reflector-client
neighbor 10.0.0.2 activate
neighbor 10.0.0.2 route-reflector-client
neighbor 10.0.0.3 activate
neighbor 10.0.0.3 route-reflector-client
exit-address-family
!
Solved! Go to Solution.
03-06-2022 08:23 AM
Henry
There are things about your environment that I do not understand. For example I do not see any default route in your config. Are you learning a default route? If so from what? Also I see BGP but all peers are in the same AS, so are IBGP. Is there any external BGP?
One thing I do notice is that you are running OSPF on the subnets for 11, 12, and 13 but not for 111, 112, and 113. I would suggest running OSPF for the new vlans/subnets and see if it makes any difference.
Another guess at the issue would be possible issues about address translation. You tell us that NAT is done by Mikrotik. Is it possible that Mikrotik has translation logic for the original subnets but not for the new subnets?
03-07-2022 02:17 AM - last edited on 03-08-2022 10:34 AM by Translator
When you say "no internet" I think you mean you want to advertize the routes via BGP (because as one of the previous replies has stated, the "Internet" does not care about private address ranges - and just because you are advertizing to a BGP peer does not mean that this peer must be part of the "Internet".
To get the VLAN111,112,113 advertized to your BGP peers then probably simplest option is to advertize the subnets in BGP under your ipv4 address-family
"network 172.16.111.0 255.255.255.252"
"network 172.16.112.0 255.255.255.252"
"network 172.16.113.0 255.255.255.252"
or you should be able to redistribute these subnets as they are directly-connected
ip access-list extended redistribute-subnets
permit 172.16.111.0 0.0.0.3
permit 172.16.112.0 0.0.0.3
permit 172.16.113.0 0.0.0.3
route-map redistribute-connected
match ip address redistribute-subnets
router bgp 65000
address-family ipv4 unicast
redistriibute connected route-map redistribute-connected
Using either of the above methods, you should then see the routes sent in BGP to your peer-devices and if they can reach 10.1.1.1 then you should be good.
03-06-2022 02:58 AM
Hello
Your OP shows addressing that is not public routable, as such you would require a rtr to perfrom network translation so you internal subnets to be able to reach the internet.
How do you reach the internet at present from this network?
03-06-2022 03:22 AM
Hello Paul, Thanks for your reply.
I'm using this 3850 for my core, and loopback 10.0.0.0 is my Mikrotik NAT, and 10.0.0.1,10.0.0.2, and so on are my client-side routers which they are connected to the internet.
Network design:
Mikrotik NAT >> Cisco 3850>> Vlan11,12,13 to client side. my only concern is Vlan111,112 and 113 has no internet.
someone said I add Bgp advertise subnet and I don't know how to do it
Henry
03-06-2022 08:23 AM
Henry
There are things about your environment that I do not understand. For example I do not see any default route in your config. Are you learning a default route? If so from what? Also I see BGP but all peers are in the same AS, so are IBGP. Is there any external BGP?
One thing I do notice is that you are running OSPF on the subnets for 11, 12, and 13 but not for 111, 112, and 113. I would suggest running OSPF for the new vlans/subnets and see if it makes any difference.
Another guess at the issue would be possible issues about address translation. You tell us that NAT is done by Mikrotik. Is it possible that Mikrotik has translation logic for the original subnets but not for the new subnets?
03-07-2022 02:17 AM - last edited on 03-08-2022 10:34 AM by Translator
When you say "no internet" I think you mean you want to advertize the routes via BGP (because as one of the previous replies has stated, the "Internet" does not care about private address ranges - and just because you are advertizing to a BGP peer does not mean that this peer must be part of the "Internet".
To get the VLAN111,112,113 advertized to your BGP peers then probably simplest option is to advertize the subnets in BGP under your ipv4 address-family
"network 172.16.111.0 255.255.255.252"
"network 172.16.112.0 255.255.255.252"
"network 172.16.113.0 255.255.255.252"
or you should be able to redistribute these subnets as they are directly-connected
ip access-list extended redistribute-subnets
permit 172.16.111.0 0.0.0.3
permit 172.16.112.0 0.0.0.3
permit 172.16.113.0 0.0.0.3
route-map redistribute-connected
match ip address redistribute-subnets
router bgp 65000
address-family ipv4 unicast
redistriibute connected route-map redistribute-connected
Using either of the above methods, you should then see the routes sent in BGP to your peer-devices and if they can reach 10.1.1.1 then you should be good.
03-08-2022 07:30 AM
Henry
I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide