10-06-2015 06:49 AM - edited 03-05-2019 02:28 AM
I have a 2811 router that's directly connected to a a 3650 switch. The switch acts as the traffic cop for the local network. There's one network that I've added to BGP (along with a static route) that is not getting advertised to it's peer. I've done some initial troubleshooting per Cisco article:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/19345-bgp-noad.html#topic4
sh ip bgp neighbors does show that some routes are advertised, but not the one in question--172.16.1.0. I've attached a config below
Solved! Go to Solution.
10-06-2015 07:24 AM
Yes or you can add it to an existing acl that is being referenced, up to you really.
After you have done it you need to do -
"clear ip bgp 10.20.128.10 soft out"
and then do a -
"sh ip bgp neighbor 10.20.128.10 advertised-routes"
and you should see it being advertised.
Jon
10-06-2015 06:55 AM
Chris
I may be missing something obvious but you don't have a BGP network statement for that IP subnet in your configuration.
Jon
10-06-2015 07:02 AM
Hi Jon,
Sorry. Grabbed the wrong config..Try this:
!
! Last configuration change at 16:47:08 EDT Mon Oct 5 2015 by chall
! NVRAM config last updated at 08:35:36 EDT Thu Oct 1 2015 by sready
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname SW11-3560-01
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 warnings
no logging console
!
username chall privilege 15 secret 5 $1$IEv5$nAtQe4Zgy10/QocwxoJlg1
username twessel privilege 15 password 7 096C5A1E4855404A
username sready privilege 15 password 7 12391605415B5D53
username att privilege 15 password 7 05080F1C2243
username mblystone privilege 15 password 7 12390815405B5A51
!
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
!
track 1 ip sla 1 reachability
delay down 20 up 60
authentication mac-move permit
ip subnet-zero
ip routing
no ip domain-lookup
ip domain-name securityfederalbank.com
!
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-1409162368
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1409162368
revocation-check none
rsakeypair TP-self-signed-1409162368
!
!
crypto pki certificate chain TP-self-signed-1409162368
certificate self-signed 01
3082025E 308201C7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343039 31363233 3638301E 170D3933 30333031 30303031
33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34303931
36323336 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BDDD 83AEA523 2827414E 1EBB3BBA 7C92931D 4E784032 80BF0FEF 04986F46
F632366D 6B401D71 7D9EDCA4 A0FFC382 AFC03A98 77B7D340 C361F839 8CF08C4F
1D463D7B DBE12407 A8FAA485 35EF8C9A 7A3098DD 2BC88588 2873DC2A F210408E
012DC61B 331653AD 583E4EA3 4975DAD0 43ECFA63 2D346C8A 6258DD34 4CCD89DC
B0710203 010001A3 81853081 82300F06 03551D13 0101FF04 05300301 01FF302F
0603551D 11042830 26822453 5731312D 33353630 2D30312E 73656375 72697479
66656465 72616C62 616E6B2E 636F6D30 1F060355 1D230418 30168014 829374CC
EB5CC26B ED132945 C2A78373 E9DEA9F2 301D0603 551D0E04 16041482 9374CCEB
5CC26BED 132945C2 A78373E9 DEA9F230 0D06092A 864886F7 0D010104 05000381
81001098 1FDEB5E0 CECB8CA8 6931EC51 2B89E66D 81AD9D56 646EE412 1A604769
DC983BD5 14BC31BF 34944E66 4BED79B1 9B9C08CD F2A80329 F0B39AE5 3F6150CA
D311A32D DAD0F1FE 21C9C008 106E8811 00F5A805 186ED988 DAEF7DCA EE289AD7
65AEE0C3 9AB35498 F6DF3874 DEAA2180 2740FB88 97040402 F20430F4 A8E3B16B 736C
quit
!
!
!
errdisable recovery cause psecure-violation
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1-3,10,172 priority 8192
!
vlan internal allocation policy ascending
!
!
!
!
interface Port-channel1
description Uplinks to 2960-1
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface Port-channel2
description Uplinks to 2960-2
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface GigabitEthernet0/1
description Uplink to 2960-1
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
spanning-tree portfast trunk
!
interface GigabitEthernet0/2
description Uplink to 2960-1
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
spanning-tree portfast trunk
!
interface GigabitEthernet0/3
description VM02 Network VMNIC0
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface GigabitEthernet0/4
description VM02 iSCSI VMNIC2
switchport access vlan 4
switchport mode access
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/5
description SAN
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
spanning-tree portfast
!
interface GigabitEthernet0/6
description DMZ Firewall Interface
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/7
description ws11mgr01
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4907.6a03
switchport port-security mac-address 001c.c49b.16ec
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/8
description Con to RT11-2811-01 WAN
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
!
interface GigabitEthernet0/9
description Uplink to 2960-2
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
spanning-tree portfast trunk
!
interface GigabitEthernet0/10
description Uplink to 2960-2
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
spanning-tree portfast trunk
!
interface GigabitEthernet0/11
description Fedline
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/12
description SAN
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/13
description VM01 VMNIC3 iSCSI
switchport access vlan 4
switchport mode access
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/14
description jConnect outside int
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
description iSensor Mgt Port
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/16
description Centurion outside int
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
spanning-tree portfast
!
interface GigabitEthernet0/17
description jConnect inside 0/2
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet0/18
description F/W inside int
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/19
description Firewall outside int
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/20
description iSensor outside int
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/21
description VM01 Network VMNIC1
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/22
description VM01 Network VMNIC4
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
mls qos trust dscp
!
interface GigabitEthernet0/23
description Con to SG Switch
switchport access vlan 172
switchport mode access
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/24
description Con to SG T1
switchport access vlan 172
switchport mode access
switchport voice vlan 172
spanning-tree portfast
!
interface GigabitEthernet0/25
description Con to Switch2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/26
description Con to Switch3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/28
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
description WCOLA_Switch_Mgmt
ip address 10.255.128.1 255.255.255.0
no ip redirects
!
interface Vlan3
description DMZ
no ip address
no ip redirects
!
interface Vlan4
description iSCSI/Replication
ip address 10.20.130.1 255.255.255.0
ip helper-address 10.20.128.3
no ip redirects
!
interface Vlan10
description WCOLA_Data_Network
ip address 10.20.128.1 255.255.255.0
ip helper-address 10.20.128.3
ip helper-address 10.20.128.4
no ip redirects
!
interface Vlan131
description iSCSI Network
ip address 10.20.131.1 255.255.255.0
!
interface Vlan172
description WCOLA_Voice_Network
ip address 172.20.128.1 255.255.255.0
ip helper-address 10.20.128.3
ip helper-address 10.20.128.4
no ip redirects
!
router bgp 2386
no bgp log-neighbor-changes
neighbor 10.20.128.110 remote-as 65213
neighbor 12.96.115.65 remote-as 2386
!
address-family ipv4
neighbor 10.20.128.110 activate
neighbor 10.20.128.110 route-map DefaultRoute out
neighbor 12.96.115.65 activate
no auto-summary
no synchronization
network 10.15.1.0 mask 255.255.255.0
network 10.20.11.0 mask 255.255.255.0
network 10.20.117.0 mask 255.255.255.0
network 10.20.128.0 mask 255.255.255.0
network 10.20.130.0 mask 255.255.255.0
network 10.23.24.0 mask 255.255.255.0
network 10.49.49.0 mask 255.255.255.0
network 10.49.128.0 mask 255.255.255.0
network 10.100.102.0 mask 255.255.255.0
network 10.255.128.0 mask 255.255.255.0
network 170.209.0.2 mask 255.255.255.255
network 170.209.0.3 mask 255.255.255.255
network 172.16.1.0 mask 255.255.255.0
network 172.20.128.0 mask 255.255.255.0
exit-address-family
!
ip classless
ip route 10.15.1.0 255.255.255.0 10.20.128.110 track 1
ip route 10.23.24.0 255.255.255.0 10.20.128.110 track 1
ip route 10.49.128.0 255.255.255.0 10.20.128.110 track 1
ip route 10.15.1.0 255.255.255.0 10.20.128.16 10
ip route 10.20.11.0 255.255.255.0 10.20.128.195
ip route 10.23.24.0 255.255.255.0 10.20.128.16 10
ip route 10.49.128.0 255.255.255.0 10.20.128.16 10
ip route 10.100.102.0 255.255.255.0 10.20.128.2
ip route 10.255.0.0 255.255.0.0 10.20.128.110
ip route 12.94.186.84 255.255.255.252 10.20.128.195
ip route 12.96.115.65 255.255.255.255 10.20.128.195
ip route 170.209.0.2 255.255.255.255 10.20.128.12
ip route 170.209.0.2 255.255.255.255 10.20.128.195
ip route 170.209.0.3 255.255.255.255 10.20.128.12
ip route 170.209.0.3 255.255.255.255 10.20.128.195
ip route 172.16.1.0 255.255.255.0 10.20.128.195
ip http server
ip http authentication local
no ip http secure-server
!
!
!
ip prefix-list 10 seq 1 deny 10.20.0.0/16
ip prefix-list 10 seq 2 deny 172.20.0.0/16
ip prefix-list 10 seq 5 permit 0.0.0.0/0
ip sla 1
icmp-echo 10.45.45.1 source-ip 10.20.128.1
timeout 1000
threshold 500
frequency 3
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
access-list 5 permit 0.0.0.0
access-list 10 permit 10.255.128.0 0.0.0.255
access-list 15 permit 10.20.130.0 0.0.0.255
access-list 20 permit 172.20.128.0 0.0.0.255
access-list 25 permit 12.96.115.64 0.0.0.25
access-list 30 permit 10.20.11.0 0.0.0.255
access-list 35 permit 10.15.1.0 0.0.0.255
access-list 40 permit 10.100.102.0 0.0.0.255
access-list 45 permit 10.20.117.0 0.0.0.255
access-list 50 permit 10.49.49.0 0.0.0.255
access-list 55 permit 10.23.24.0 0.0.0.255
access-list 60 permit 10.49.128.0 0.0.0.255
route-map DefaultRoute permit 10
match ip address 5 10 20 25 15 30 35 40 45 50 55 60
set as-path prepend 2386 2386 2386
!
route-map JConnect permit 15
match ip address 35 50 55 60
set local-preference 50
set weight 0
!
!
snmp-server community sfbnet RO
snmp-server location West Columbia
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps errdisable
snmp-server host 10.20.102.15 sfbnet
!
banner motd ^C
******************************************************************************
THIS SYSTEM IS FOR THE USE OF AUTHORIZED USERS ONLY! INDIVIDUALS USING
THIS COMPUTER SYSTEM WITHOUT AUTHORITY, OR IN EXCESS OF THEIR AUTHORITY,
ARE SUBJECT TO DISCIPLINARY ACTION. ANYONE USING THIS SYSTEM EXPRESSLY
CONSENTS TO MONITORING. BY ACCESSING THIS SYSTEM, YOU ARE ACCEPTING
RESPONSIBILITY FOR ALL OF YOUR ACTIONS. THIS SYSTEM IS THE PROPERTY OF
SECURITY FEDERAL BANK.
******************************************************************************
^C
!
line con 0
line vty 0 4
password 7 0822455D0A16
login local
length 0
transport input telnet ssh
transport output telnet ssh
line vty 5 15
password 7 14141B180F0B
login local
transport input telnet ssh
transport output telnet ssh
!
ntp clock-period 36029046
ntp server 10.20.102.141
end
10-06-2015 07:10 AM
Which neighbor are you trying to advertise it to ?
If it is 10.20.128.110 then you have a filter applied to outbound advertisements and you haven't included that IP subnet in your route map configuration.
Can you clarify ?
Jon
10-06-2015 07:20 AM
Yep. It's the 10.20.128.110. I didn't build the original config, so I didn't know about the filter...still learning. That would be the RouteMap DefaultRoute? So it would seem that I need to do an access-list 65 permit 172.16.1.0 0.0.0.255 and add 65 to the match ip address. Sound about right?
Thanks,
Chris
10-06-2015 07:24 AM
Yes or you can add it to an existing acl that is being referenced, up to you really.
After you have done it you need to do -
"clear ip bgp 10.20.128.10 soft out"
and then do a -
"sh ip bgp neighbor 10.20.128.10 advertised-routes"
and you should see it being advertised.
Jon
10-06-2015 07:27 AM
Worked like a charm. Thanks!
10-06-2015 07:56 AM
-
10-06-2015 07:22 AM
Config change....
conf t
access-list 65 permit 172.16.1.0 0.0.0.255
route-map DefaultRoute permit 10
match ip address 5 10 20 25 15 30 35 40 45 50 55 60 65
set as-path prepend 2386 2386 2386
end
wr
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide