Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
1
Replies

CE BGP question

The_guroo_2
Level 2
Level 2

‎10-15-2012 05:09 AM - edited ‎03-04-2019 05:51 PM

Guys we have to provide a solution with limited resource (hardware) we have a ASA firewall , 3750 switch and a packetshaper.

ASA -----> packet shaper------> 3750

The issue is that customer has asked us to have port-channel from ASA to 3750......packet shaper has only one inside port.......

3750 has to do EBGP with service provider and for that service provider has allocated /30 already (cant get change)

I was thinking to have a vlan 10 on 3750 (assign ip eg 10.1.1.1/29)  assign 10.1.1.2/29 to firewall port-channel and ....packet shaper inside cable should plug into vlan 10 (its layer 2 packetshaper).....

the main issue is packet shaper outside cable and how to do BGP......keepimng in mind we have /30 from service provider..........it will be static routing between firewall and switch....i can get my head around the flow to and from BGP to ASA treversing packetshaper

can someone plz help

Secondly i am not sure i can give a 10.1.1.2/29 to layer 3 port channel on ASA as it will be layer 2 port-channel on swicth how does that work or am i fine ??

Thanks heaps

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-15-2012 05:46 AM

Hello The_guroo.

>> The issue is that customer has asked us to have port-channel from ASA to 3750......packet shaper has only one inside port...

Or you get a second L2 packetshaper or you go with a single link ASA - PS - C3750, shaping on only one member link of a two links etherchannel makes little sense.

The packet shaper is layer2 so it does not cause any problems to addressing. The public /30 has to be used on the WAN link, this leads to use a private IP subnet between ASA and C3750.

It would be better to use a dynamic routing protocol between ASA and C3750 as they are not directly connected and you cannot trust packet shaper to be able to torn down one port if the other side is down.

Alternatively you can use reliable static routing with object tracking but you should check availabiity of the feature on both devices.

>> Secondly i am not sure i can give a 10.1.1.2/29 to layer 3 port channel on ASA as it will be layer 2 port-channel on swicth how does that work or am i fine ??

This can be done you will terminate L3 on SVI vlan 10 on C3750 switch side.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card