cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
939
Views
0
Helpful
8
Replies
Highlighted

BGP not advertising routes

I have a 2811 router that's directly connected to a a 3650 switch. The switch acts as the traffic cop for the local network. There's one network that I've added to BGP (along with a static route) that is not getting advertised to it's peer. I've done some initial troubleshooting per Cisco article: 

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/19345-bgp-noad.html#topic4

 

sh ip bgp neighbors does show that some routes are advertised, but not the one in question--172.16.1.0. I've attached a config below

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Yes or you can add it to an existing acl that is being referenced, up to you really.

After you have done it you need to do -

"clear ip bgp 10.20.128.10 soft out" 

and then do a  -

"sh ip bgp neighbor 10.20.128.10 advertised-routes"

and you should see it being advertised.

Jon

View solution in original post

8 REPLIES 8
Highlighted
Hall of Fame Guru

Chris

I may be missing something obvious but you don't have a BGP network statement for that IP subnet in your configuration.  

Jon

Highlighted

Hi Jon,

Sorry. Grabbed the wrong config..Try this:

 

!
! Last configuration change at 16:47:08 EDT Mon Oct 5 2015 by chall
! NVRAM config last updated at 08:35:36 EDT Thu Oct 1 2015 by sready
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname SW11-3560-01
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 warnings
no logging console
!
username chall privilege 15 secret 5 $1$IEv5$nAtQe4Zgy10/QocwxoJlg1
username twessel privilege 15 password 7 096C5A1E4855404A
username sready privilege 15 password 7 12391605415B5D53
username att privilege 15 password 7 05080F1C2243
username mblystone privilege 15 password 7 12390815405B5A51
!
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
!
track 1 ip sla 1 reachability
 delay down 20 up 60
authentication mac-move permit
ip subnet-zero
ip routing
no ip domain-lookup
ip domain-name securityfederalbank.com
!
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-1409162368
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1409162368
 revocation-check none
 rsakeypair TP-self-signed-1409162368
!
!
crypto pki certificate chain TP-self-signed-1409162368
 certificate self-signed 01
  3082025E 308201C7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31343039 31363233 3638301E 170D3933 30333031 30303031 
  33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34303931 
  36323336 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100BDDD 83AEA523 2827414E 1EBB3BBA 7C92931D 4E784032 80BF0FEF 04986F46 
  F632366D 6B401D71 7D9EDCA4 A0FFC382 AFC03A98 77B7D340 C361F839 8CF08C4F 
  1D463D7B DBE12407 A8FAA485 35EF8C9A 7A3098DD 2BC88588 2873DC2A F210408E 
  012DC61B 331653AD 583E4EA3 4975DAD0 43ECFA63 2D346C8A 6258DD34 4CCD89DC 
  B0710203 010001A3 81853081 82300F06 03551D13 0101FF04 05300301 01FF302F 
  0603551D 11042830 26822453 5731312D 33353630 2D30312E 73656375 72697479 
  66656465 72616C62 616E6B2E 636F6D30 1F060355 1D230418 30168014 829374CC 
  EB5CC26B ED132945 C2A78373 E9DEA9F2 301D0603 551D0E04 16041482 9374CCEB 
  5CC26BED 132945C2 A78373E9 DEA9F230 0D06092A 864886F7 0D010104 05000381 
  81001098 1FDEB5E0 CECB8CA8 6931EC51 2B89E66D 81AD9D56 646EE412 1A604769 
  DC983BD5 14BC31BF 34944E66 4BED79B1 9B9C08CD F2A80329 F0B39AE5 3F6150CA 
  D311A32D DAD0F1FE 21C9C008 106E8811 00F5A805 186ED988 DAEF7DCA EE289AD7 
  65AEE0C3 9AB35498 F6DF3874 DEAA2180 2740FB88 97040402 F20430F4 A8E3B16B 736C
  quit
!
!
!
errdisable recovery cause psecure-violation
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1-3,10,172 priority 8192
!
vlan internal allocation policy ascending
!
!
!
!
interface Port-channel1
 description Uplinks to 2960-1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
!
interface Port-channel2
 description Uplinks to 2960-2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
!
interface GigabitEthernet0/1
 description Uplink to 2960-1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
 spanning-tree portfast trunk
!
interface GigabitEthernet0/2
 description Uplink to 2960-1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
 spanning-tree portfast trunk
!
interface GigabitEthernet0/3
 description VM02 Network VMNIC0
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
!
interface GigabitEthernet0/4
 description VM02 iSCSI VMNIC2
 switchport access vlan 4
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
!
interface GigabitEthernet0/5
 description SAN
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 172
 spanning-tree portfast
!
interface GigabitEthernet0/6
 description DMZ Firewall Interface
 switchport access vlan 3
 switchport mode access
!
interface GigabitEthernet0/7
 description ws11mgr01
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 172
 switchport port-security maximum 3
 switchport port-security mac-address 0010.4907.6a03
 switchport port-security mac-address 001c.c49b.16ec
 mls qos trust dscp
 spanning-tree portfast
!
interface GigabitEthernet0/8
 description Con to RT11-2811-01 WAN
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface GigabitEthernet0/9
 description Uplink to 2960-2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
 spanning-tree portfast trunk
!
interface GigabitEthernet0/10
 description Uplink to 2960-2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
 spanning-tree portfast trunk
!
interface GigabitEthernet0/11
 description Fedline
 switchport access vlan 3
 switchport mode access
!
interface GigabitEthernet0/12
 description SAN
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/13
 description VM01 VMNIC3 iSCSI
 switchport access vlan 4
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
!
interface GigabitEthernet0/14
 description jConnect outside int
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/15
 description iSensor Mgt Port
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 mls qos trust dscp
 spanning-tree portfast
!
interface GigabitEthernet0/16
 description Centurion outside int
 switchport access vlan 2
 switchport mode access
 switchport port-security mac-address sticky
 spanning-tree portfast
!
interface GigabitEthernet0/17
 description jConnect inside 0/2
 switchport access vlan 10
 switchport trunk encapsulation dot1q
 switchport mode access
!
interface GigabitEthernet0/18
 description F/W inside int
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/19
 description Firewall outside int
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/20
 description iSensor outside int
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/21
 description VM01 Network VMNIC1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 172
 mls qos trust dscp
 spanning-tree portfast
!
interface GigabitEthernet0/22
 description VM01 Network VMNIC4
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport mode trunk
 mls qos trust dscp
!
interface GigabitEthernet0/23
 description Con to SG Switch
 switchport access vlan 172
 switchport mode access
 mls qos trust dscp
 spanning-tree portfast
!
interface GigabitEthernet0/24
 description Con to SG T1
 switchport access vlan 172
 switchport mode access
 switchport voice vlan 172
 spanning-tree portfast
!
interface GigabitEthernet0/25
 description Con to Switch2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/26
 description Con to Switch3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/27
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/28
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 description WCOLA_Switch_Mgmt
 ip address 10.255.128.1 255.255.255.0
 no ip redirects
!
interface Vlan3
 description DMZ
 no ip address
 no ip redirects
!
interface Vlan4
 description iSCSI/Replication
 ip address 10.20.130.1 255.255.255.0
 ip helper-address 10.20.128.3
 no ip redirects
!
interface Vlan10
 description WCOLA_Data_Network
 ip address 10.20.128.1 255.255.255.0
 ip helper-address 10.20.128.3
 ip helper-address 10.20.128.4
 no ip redirects
!
interface Vlan131
 description iSCSI Network
 ip address 10.20.131.1 255.255.255.0
!
interface Vlan172
 description WCOLA_Voice_Network
 ip address 172.20.128.1 255.255.255.0
 ip helper-address 10.20.128.3
 ip helper-address 10.20.128.4
 no ip redirects
!
router bgp 2386
 no bgp log-neighbor-changes
 neighbor 10.20.128.110 remote-as 65213
 neighbor 12.96.115.65 remote-as 2386
 !
 address-family ipv4
  neighbor 10.20.128.110 activate
  neighbor 10.20.128.110 route-map DefaultRoute out
  neighbor 12.96.115.65 activate
  no auto-summary
  no synchronization
  network 10.15.1.0 mask 255.255.255.0
  network 10.20.11.0 mask 255.255.255.0
  network 10.20.117.0 mask 255.255.255.0
  network 10.20.128.0 mask 255.255.255.0
  network 10.20.130.0 mask 255.255.255.0
  network 10.23.24.0 mask 255.255.255.0
  network 10.49.49.0 mask 255.255.255.0
  network 10.49.128.0 mask 255.255.255.0
  network 10.100.102.0 mask 255.255.255.0
  network 10.255.128.0 mask 255.255.255.0
  network 170.209.0.2 mask 255.255.255.255
  network 170.209.0.3 mask 255.255.255.255
  network 172.16.1.0 mask 255.255.255.0
  network 172.20.128.0 mask 255.255.255.0
 exit-address-family
!
ip classless
ip route 10.15.1.0 255.255.255.0 10.20.128.110 track 1
ip route 10.23.24.0 255.255.255.0 10.20.128.110 track 1
ip route 10.49.128.0 255.255.255.0 10.20.128.110 track 1
ip route 10.15.1.0 255.255.255.0 10.20.128.16 10
ip route 10.20.11.0 255.255.255.0 10.20.128.195
ip route 10.23.24.0 255.255.255.0 10.20.128.16 10
ip route 10.49.128.0 255.255.255.0 10.20.128.16 10
ip route 10.100.102.0 255.255.255.0 10.20.128.2
ip route 10.255.0.0 255.255.0.0 10.20.128.110
ip route 12.94.186.84 255.255.255.252 10.20.128.195
ip route 12.96.115.65 255.255.255.255 10.20.128.195
ip route 170.209.0.2 255.255.255.255 10.20.128.12
ip route 170.209.0.2 255.255.255.255 10.20.128.195
ip route 170.209.0.3 255.255.255.255 10.20.128.12
ip route 170.209.0.3 255.255.255.255 10.20.128.195
ip route 172.16.1.0 255.255.255.0 10.20.128.195
ip http server
ip http authentication local
no ip http secure-server
!
!
!
ip prefix-list 10 seq 1 deny 10.20.0.0/16
ip prefix-list 10 seq 2 deny 172.20.0.0/16
ip prefix-list 10 seq 5 permit 0.0.0.0/0
ip sla 1
 icmp-echo 10.45.45.1 source-ip 10.20.128.1
 timeout 1000
 threshold 500
 frequency 3
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
access-list 5 permit 0.0.0.0
access-list 10 permit 10.255.128.0 0.0.0.255
access-list 15 permit 10.20.130.0 0.0.0.255
access-list 20 permit 172.20.128.0 0.0.0.255
access-list 25 permit 12.96.115.64 0.0.0.25
access-list 30 permit 10.20.11.0 0.0.0.255
access-list 35 permit 10.15.1.0 0.0.0.255
access-list 40 permit 10.100.102.0 0.0.0.255
access-list 45 permit 10.20.117.0 0.0.0.255
access-list 50 permit 10.49.49.0 0.0.0.255
access-list 55 permit 10.23.24.0 0.0.0.255
access-list 60 permit 10.49.128.0 0.0.0.255
route-map DefaultRoute permit 10
 match ip address 5 10 20 25 15 30 35 40 45 50 55 60
 set as-path prepend 2386 2386 2386
!
route-map JConnect permit 15
 match ip address 35 50 55 60
 set local-preference 50
 set weight 0
!
!
snmp-server community sfbnet RO
snmp-server location West Columbia
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps errdisable
snmp-server host 10.20.102.15 sfbnet 
!
banner motd ^C
******************************************************************************
THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY!  INDIVIDUALS USING
THIS COMPUTER SYSTEM WITHOUT AUTHORITY, OR IN EXCESS OF THEIR AUTHORITY,
ARE SUBJECT TO DISCIPLINARY ACTION.  ANYONE USING THIS SYSTEM EXPRESSLY
CONSENTS TO MONITORING. BY ACCESSING THIS SYSTEM, YOU ARE ACCEPTING
RESPONSIBILITY FOR ALL OF YOUR ACTIONS.  THIS SYSTEM IS THE PROPERTY OF
SECURITY FEDERAL BANK.
******************************************************************************
^C
!
line con 0
line vty 0 4
 password 7 0822455D0A16
 login local
 length 0
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 password 7 14141B180F0B
 login local
 transport input telnet ssh
 transport output telnet ssh
!
ntp clock-period 36029046
ntp server 10.20.102.141
end

 

 

 

Highlighted

Which neighbor are you trying to advertise it to ?

If it is 10.20.128.110 then you have a filter applied to outbound advertisements and you haven't included that IP subnet in your route map configuration.

Can you clarify ?

Jon

Highlighted

Yep. It's the 10.20.128.110. I didn't build the original config, so I didn't know about the filter...still learning. That would be the RouteMap DefaultRoute? So it would seem that I need to do an access-list 65 permit 172.16.1.0 0.0.0.255 and add 65 to the match ip address. Sound about right?

 

Thanks,

Chris

Highlighted

Yes or you can add it to an existing acl that is being referenced, up to you really.

After you have done it you need to do -

"clear ip bgp 10.20.128.10 soft out" 

and then do a  -

"sh ip bgp neighbor 10.20.128.10 advertised-routes"

and you should see it being advertised.

Jon

View solution in original post

Highlighted

Worked like a charm. Thanks!

Highlighted

-

Highlighted

Config change....

 

conf t
access-list 65 permit 172.16.1.0 0.0.0.255

route-map DefaultRoute permit 10
match ip address 5 10 20 25 15 30 35 40 45 50 55 60 65
 set as-path prepend 2386 2386 2386

end
wr