Thick fingers hit the send too soon...more details coming...

I'll add to this that I can't ping the router (10.20.100.10) from the switch, nor can I ping the switch vlan (10.20.100.1) from the router. Here's a modified sh ip bgp from the switch:

Well BGP is fairly irrelevant at the moment Because if you can't ping between the switch and vlan if they are connected on the same subnet then BGP will never come up.

Are you running BGP on the switch ?

You need to check your trunk config on the switch the subinterface settings on the switch. Until you can ping we can't look at BGP.

Jon

Actually, logging into the router (10.20.102.10, with a sub-int IP address of 10.20.100.10), I am unable to ping the switch vlan 10.20.100.1 and vice versa. The switch is running bgp. Not sure what you're asking about switch subinterface settings. There isn't a subinterface....

Sorry i meant router.

Can you check the trunk link from the switch to the router and make sure your new vlan is allowed on the trunk ?

Jon

No worries. Thought it was my translation from tech to words....

The switch port config where the router plugs in:

description WAN Circuit

switchport trunk encapsulation dot1q

switchport mode trunk

mls qos trust dscp

Currently, it's running/allowing 4 different vlans.

From the switch can you post "sh int trunk" and "sh vlan".

Can you also post the router config. 

Just to be clear you cannot ping from the switch to the router using the IPs from the new subnet ?

Jon

>>

Just to be clear you cannot ping from the switch to the router using the IPs from the new subnet

>>

yes

Sh int trunk:

Gi0/1       on               802.1q         trunking      10

Gi0/7       on               802.1q         trunking      10

Gi0/15      on               802.1q         trunking      10

Gi0/17      on               802.1q         trunking      1

Gi0/18      on               802.1q         trunking      10

Gi0/19      on               802.1q         trunking      10

Gi0/21      on               802.1q         trunking      10

Gi0/24      on               802.1q         trunking      10

Gi0/25      on               802.1q         trunking      10

Gi0/26      on               802.1q         trunking      10

Gi0/28      on               802.1q         trunking      10

Gi0/30      on               802.1q         trunking      104

Gi0/31      on               802.1q         trunking      10

Gi0/33      on               802.1q         trunking      10

Gi0/34      on               802.1q         trunking      10

Gi0/36      on               802.1q         trunking      10

Gi0/37      on               802.1q         trunking      10

Gi0/39      on               802.1q         trunking      10

Gi0/40      on               802.1q         trunking      10

Gi0/41      on               802.1q         trunking      10

Gi0/42      on               802.1q         trunking      10

Gi0/43      on               802.1q         trunking      10

sh vlan:

1    default                          active    Gi0/5, Gi0/6, Gi0/8, Gi0/10

                                                Gi0/11, Gi0/12, Gi0/13, Gi0/14

                                                Gi0/16, Gi0/20, Gi0/22, Gi0/27

                                                Gi0/29, Gi0/32, Gi0/35, Gi0/38

                                                Gi0/49, Gi0/51

2    IDS                              active

3    DMZ                              active

4    iSCSI                            active

5    Backup                           active

6    VMotion                          active

10   OPS_Data                         active    Gi0/9, Gi0/23

104  VLAN0104                         active

172  OPS_Voice                        active    Gi0/2, Gi0/3, Gi0/4, Gi0/5

                                                Gi0/6, Gi0/8, Gi0/9, Gi0/10

                                                Gi0/11, Gi0/12, Gi0/13, Gi0/14

                                                Gi0/16, Gi0/20, Gi0/22, Gi0/23

                                                Gi0/27, Gi0/29, Gi0/32, Gi0/35

                                                Gi0/38

Router config:

!

! Last configuration change at 13:30:16 EST Thu Aug 4 2011 by chall

! NVRAM config last updated at 13:30:18 EST Thu Aug 4 2011 by chall

!

version 12.4

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname RT00-2811-01

!

boot-start-marker

boot-end-marker

!

logging buffered 32000 debugging

no logging console

enable secret 5 $1$Uj7n$/gpiBefkWvQI2iwOPfoe7.

!

no aaa new-model

clock timezone EST -5

clock summer-time EST recurring

ip wccp web-cache redirect-list 120

!

!

ip cef

!

!

no ip bootp server

no ip domain lookup

ip domain name secfedbank.com

ip name-server 205.152.226.254

ip name-server 205.152.0.5

ip sla monitor 1

type echo protocol ipIcmpEcho 10.45.45.1 source-interface FastEthernet0/0.10

ip sla monitor schedule 1 life forever start-time now

!

voice-card 0

no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

crypto pki trustpoint TP-self-signed-2105432603

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2105432603

revocation-check none

rsakeypair TP-self-signed-2105432603

!

!

crypto pki certificate chain TP-self-signed-2105432603

certificate self-signed 01

  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32313035 34333236 3033301E 170D3038 30353231 30323136

  31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31303534

  33323630 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B35A 3AB46162 379144AE 24923FA4 BC263CEF EE6956E9 0BAD15EC 428795FE

  6CD29BF5 453D0D2B 223BAAC9 C7737337 7CB8A3FB 4F46CC4B 81391004 F218159D

  BAD172A9 1F13747F 89F32806 583B9F8C C6BE72CF E02393A9 52B6ED2E C7002A6A

  CB33B650 5A965B69 F21345A3 E99A1F06 D6DDF77D 5E18EBCD F955B3A8 3BA151B2

  A0090203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603

  551D1104 1F301D82 1B525430 302D3238 31312D30 312E7365 63666564 62616E6B

  2E636F6D 301F0603 551D2304 18301680 142ACDDC 6AF8C469 E5D285AF DEEAA249

  383B80B5 17301D06 03551D0E 04160414 2ACDDC6A F8C469E5 D285AFDE EAA24938

  3B80B517 300D0609 2A864886 F70D0101 04050003 81810042 54F8188B 8EBDA319

  C0B76D85 AD4F05F1 5804BD0B 19EB6C72 11575565 FC4F61FA 7D80D2FA 20A3565E

  C19C5903 FCB215D4 CBAB12F6 4D4A4D35 29D5AD58 72112742 3912E23D 3C36D386

  F6D81943 F37A5C5F 36146C78 328EB9E3 2839C466 B5DEBF8F 696B0C8A BE001E36

  B34D06C8 E725CED4 E9D5C953 30C702B4 39479E68 CC8568

  quit

username chall privilege 15 secret 5 $1$vTdG$ZZYz.bJ/JFRoyclTqFO980

username wjerrell privilege 15 password 7 096C59034B554147

username twessel privilege 15 password 7 00240711550B5C5E

username sready privilege 15 password 7 072F325E1D594852

username att privilege 15 password 7 13061E010803

!

!

!

track 1 rtr 1 reachability

!

class-map match-any Business_Ingress

match access-group 130

class-map match-any Business_Data

match ip dscp af21

match access-group 130

class-map match-any Voice

match  dscp ef

match access-group name Voice-Traffic

class-map match-any Voice_Ingress

match access-group name Voice-Traffic

!

!

policy-map Voice-Traffic

class Voice

  bandwidth 2500

class Business_Data

  bandwidth 3000

class class-default

  fair-queue

  random-detect dscp-based

policy-map QOS_INGRESS_LAN

class Business_Ingress

  set ip dscp af21

class Voice_Ingress

  set ip dscp ef

!

!

!

!

interface FastEthernet0/0

no ip address

ip flow ingress

ip flow egress

ip route-cache flow

duplex auto

speed auto

service-policy input QOS_INGRESS_LAN

!

interface FastEthernet0/0.10

description Data Network

encapsulation dot1Q 10

ip address 10.20.102.10 255.255.255.0

no ip redirects

ip accounting output-packets

ip wccp web-cache redirect in

ip flow ingress

!

interface FastEthernet0/0.100

description SAN Replication

encapsulation dot1Q 100

ip address 10.20.100.10 255.255.255.0

no ip redirects

ip accounting output-packets

ip wccp web-cache redirect in

ip flow ingress

!

interface FastEthernet0/0.104

encapsulation dot1Q 104

ip address 10.20.104.10 255.255.255.0

no ip redirects

ip accounting output-packets

ip wccp web-cache redirect in

ip flow ingress

!

interface FastEthernet0/0.172

description Voice Network

encapsulation dot1Q 172

ip address 172.20.102.2 255.255.255.0

ip helper-address 10.20.102.4

ip helper-address 10.20.102.5

no ip redirects

ip accounting output-packets

ip flow ingress

ip flow egress

no cdp enable

!

interface FastEthernet0/1

no ip address

duplex full

speed 100

service-policy output Voice-Traffic

!

interface FastEthernet0/1.22

description Operations - AT&T - 42.KQGN.400006

encapsulation dot1Q 22

ip address 192.168.0.102 255.255.255.252

no ip redirects

ip accounting output-packets

ip nbar protocol-discovery

ip flow ingress

ip flow egress

!

router bgp 65342

bgp log-neighbor-changes

neighbor 10.20.100.1 remote-as 2386

neighbor 10.20.102.1 remote-as 2386

neighbor 10.20.104.1 remote-as 2386

neighbor 192.168.0.101 remote-as 6389

!

address-family ipv4

  neighbor 10.20.100.1 activate

  neighbor 10.20.102.1 activate

  neighbor 10.20.104.1 activate

  neighbor 192.168.0.101 activate

  no auto-summary

  no synchronization

  network 10.20.100.0 mask 255.255.255.0

  network 10.20.102.0 mask 255.255.255.0

  network 10.20.104.0 mask 255.255.255.0

  network 10.255.102.0 mask 255.255.255.0

  network 172.20.102.0 mask 255.255.255.0

  network 192.168.0.100 mask 255.255.255.252

exit-address-family

!

ip forward-protocol nd

ip route 10.15.1.0 255.255.255.0 10.20.102.125 track 1

ip route 10.15.1.0 255.255.255.0 10.20.128.16 4

ip route 10.45.45.1 255.255.255.255 10.20.102.125 permanent

ip route 170.209.0.2 255.255.255.254 10.20.102.12

ip route 170.209.0.2 255.255.255.255 10.20.102.12 permanent

ip route 170.209.0.3 255.255.255.255 10.20.102.12 permanent

ip route 192.168.0.0 255.255.255.0 192.168.0.101

Chris

As in yes you cannot ping ?

Anyway your new vlan is vlan 4, is that right ? If so on your router -

interface FastEthernet0/0.100

description SAN Replication

encapsulation dot1Q 100

ip address 10.20.100.10 255.255.255.0

no ip redirects

ip accounting output-packets

ip wccp web-cache redirect in

ip flow ingress

you need to change the line in bold to -

encapsulation dot1q 4  <-- the number must match the vlan number

note you can leave the actual interface as fa0/0.100 as this doesn't have to match the vlan number.

Jon

Ah, how a second set of eyes can see things one cannot! Ping from router to 10.20.100.1 (switch) == success, but can't hit the router from the switch. I will add a static route to the switch, but what I've see about BGP is that BGP eliminates the need for them. I'm sure this switch is layer 3, but if it was it wouldn't have problems updating bgp routes. Thoughts?

Do a "sh ip route" on the switch and post results. If it is running BGP it is acting as L3 switch.

Not sure why you cannot ping the switch from the router though ?

Perhaps you could post config of the switch just to be sure ?

Jon

sh ip route:

sw00-3560-01#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 208.61.216.1 to network 0.0.0.0

     170.209.0.0/32 is subnetted, 2 subnets

S       170.209.0.3 [1/0] via 10.20.102.12

S       170.209.0.2 [1/0] via 10.20.102.12

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

S       172.16.1.0/27 [1/0] via 10.20.128.10

B       172.16.1.0/24 [20/0] via 10.20.102.10, 7w0d

     172.21.0.0/32 is subnetted, 1 subnets

B       172.21.0.214 [20/0] via 10.20.102.10, 7w0d

     172.20.0.0/24 is subnetted, 14 subnets

B       172.20.140.0 [20/0] via 10.20.102.10, 3w2d

B       172.20.142.0 [20/0] via 10.20.102.10, 7w0d

B       172.20.128.0 [20/0] via 10.20.102.10, 7w0d

B       172.20.132.0 [20/0] via 10.20.102.10, 4w1d

B       172.20.134.0 [20/0] via 10.20.102.10, 7w0d

B       172.20.122.0 [20/0] via 10.20.102.10, 7w0d

B       172.20.124.0 [20/0] via 10.20.102.10, 6w2d

B       172.20.126.0 [20/0] via 10.20.102.10, 5w1d

B       172.20.112.0 [20/0] via 10.20.102.10, 7w0d

B       172.20.114.0 [20/0] via 10.20.102.10, 7w0d

B       172.20.118.0 [20/0] via 10.20.102.10, 1w2d

B       172.20.105.0 [20/0] via 10.20.102.10, 4w6d

B       172.20.110.0 [20/0] via 10.20.102.10, 5w2d

C       172.20.102.0 is directly connected, Vlan172

     172.25.0.0/32 is subnetted, 2 subnets

B       172.25.68.214 [20/0] via 10.20.102.10, 5w1d

B       172.25.0.214 [20/0] via 10.20.102.10, 7w0d

     172.27.0.0/32 is subnetted, 1 subnets

B       172.27.36.214 [20/0] via 10.20.102.10, 7w0d

     208.61.216.0/24 is variably subnetted, 2 subnets, 2 masks

S       208.61.216.1/32 [1/0] via 10.20.102.195

B       208.61.216.0/27 [200/0] via 208.61.216.1, 7w0d

     192.168.4.0/30 is subnetted, 2 subnets

B       192.168.4.252 [20/0] via 10.20.102.10, 7w0d

B       192.168.4.248 [20/0] via 10.20.102.10, 7w0d

     10.0.0.0/24 is subnetted, 33 subnets

S       10.15.1.0 [1/0] via 10.20.102.125

S       10.20.10.0 [1/0] via 10.20.102.195

B       10.20.126.0 [20/0] via 10.20.102.10, 5w1d

B       10.20.124.0 [20/0] via 10.20.102.10, 6w2d

B       10.20.122.0 [20/0] via 10.20.102.10, 7w0d

B       10.20.118.0 [20/0] via 10.20.102.10, 1w2d

B       10.20.117.0 [20/0] via 10.20.102.10, 1w2d

B       10.20.114.0 [20/0] via 10.20.102.10, 7w0d

B       10.20.112.0 [20/0] via 10.20.102.10, 7w0d

B       10.20.110.0 [20/0] via 10.20.102.10, 5w2d

B       10.255.132.0 [20/0] via 10.20.102.10, 4w1d

B       10.255.134.0 [20/0] via 10.20.102.10, 7w0d

S       10.255.128.0 [1/0] via 10.20.102.10

C       10.20.104.0 is directly connected, Vlan104

B       10.20.105.0 [20/0] via 10.20.102.10, 4w6d

C       10.20.102.0 is directly connected, Vlan10

B       10.255.140.0 [20/0] via 10.20.102.10, 3w2d

C       10.20.100.0 is directly connected, Vlan4

B       10.255.142.0 [20/0] via 10.20.102.10, 7w0d

B       10.255.118.0 [20/0] via 10.20.102.10, 1w2d

B       10.255.112.0 [20/0] via 10.20.102.10, 7w0d

B       10.255.114.0 [20/0] via 10.20.102.10, 7w0d

B       10.255.124.0 [20/0] via 10.20.102.10, 6w2d

B       10.255.122.0 [20/0] via 10.20.102.10, 7w0d

B       10.20.142.0 [20/0] via 10.20.102.10, 7w0d

B       10.20.140.0 [20/0] via 10.20.102.10, 3w2d

C       10.255.102.0 is directly connected, Vlan1

B       10.20.134.0 [20/0] via 10.20.102.10, 7w0d

B       10.20.132.0 [20/0] via 10.20.102.10, 4w1d

B       10.255.110.0 [20/0] via 10.20.102.10, 5w2d

B       10.255.105.0 [20/0] via 10.20.102.10, 4w6d

B       10.20.130.0 [20/0] via 10.20.102.10, 18:59:25

B       10.20.128.0 [20/0] via 10.20.102.10, 7w0d

     192.168.0.0/30 is subnetted, 5 subnets

B       192.168.0.104 [20/0] via 10.20.102.10, 3w2d

B       192.168.0.100 [20/0] via 10.20.102.10, 7w0d

B       192.168.0.76 [20/0] via 10.20.102.10, 7w0d

B       192.168.0.28 [20/0] via 10.20.102.10, 5w1d

B       192.168.0.20 [20/0] via 10.20.102.10, 4w1d

     192.168.1.0/26 is subnetted, 4 subnets

B       192.168.1.64 [20/0] via 10.20.102.10, 7w0d

B       192.168.1.0 [20/0] via 10.20.102.10, 7w0d

B       192.168.1.192 [20/0] via 10.20.102.10, 5w1d

B       192.168.1.128 [20/0] via 10.20.102.10, 7w0d

B*   0.0.0.0/0 [200/0] via 208.61.216.1, 18:19:17

S    192.168.0.0/21 [1/0] via 10.20.102.10

config:

!

hostname sw00-3560-01

!

boot-start-marker

boot-end-marker

!

logging buffered 32000 warnings

no logging console

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

authentication mac-move permit

ip subnet-zero

ip routing

!

!

no ip domain-lookup

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 90 10

mls qos srr-queue input threshold 1 8 16

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 67 33

mls qos srr-queue input cos-map queue 1 threshold 2 1

mls qos srr-queue input cos-map queue 1 threshold 3 0

mls qos srr-queue input cos-map queue 2 threshold 1 2

mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7

mls qos srr-queue input cos-map queue 2 threshold 3 3 5

mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3 32

mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23

mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48

mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56

mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output cos-map queue 1 threshold 3 5

mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 2 4

mls qos srr-queue output cos-map queue 4 threshold 2 1

mls qos srr-queue output cos-map queue 4 threshold 3 0

mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 2 138 138 92 400

mls qos queue-set output 1 threshold 3 36 77 100 318

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 10 10 26 54

mls qos queue-set output 2 buffers 16 6 17 61

mls qos

!

crypto pki trustpoint TP-self-signed-3629491072

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3629491072

revocation-check none

rsakeypair TP-self-signed-3629491072

!

!

crypto pki certificate chain TP-self-signed-3629491072

certificate self-signed 01

  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33363239 34393130 3732301E 170D3933 30333031 30303031

  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323934

  39313037 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BF69 82BE978F D381C12C EE436B71 24568322 5E7049F6 7DE9FF83 545C58E8

  8D1FB06E CE5915AD C53F6F63 18745958 2F5E3226 B05C40F8 FE03E510 B115EC21

  30939871 C020749C 39F7B7BB C909774A B55DC7C2 A553EC2E B5EBE5C4 C364A791

  DF3603B1 18D9C639 3983A8DB DFA18DBA E3C6408F 7C07D51E D7DF2604 139633EA

  01850203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603

  551D1104 1F301D82 1B737730 302D3335 36302D30 312E7365 63666564 62616E6B

  2E636F6D 301F0603 551D2304 18301680 14F193BB B14DAE04 43346821 925588A0

  D66F5E80 9F301D06 03551D0E 04160414 F193BBB1 4DAE0443 34682192 5588A0D6

  6F5E809F 300D0609 2A864886 F70D0101 04050003 81810095 759B7D01 71A6D648

  0348181B 4F136C6B F18DBFF5 00689425 7D8B2F4F C641A4F6 7EDDB586 9DBDA9A4

  02237380 ABCD054E 2B51972F D60CBF29 0328BA8F B1B8C61A EC15510F 5143CB53

  F6B48D6B 94871F37 B75B1690 E47BA522 44BAEC38 8F00CC68 1D53AA1E 0378AD0B

  ADA17592 EF17506D 159B6DD5 16E59954 2226C8FB F32BE8

  quit

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

spanning-tree vlan 1,10,172 priority 8192

!

!

!

errdisable recovery cause psecure-violation

!

vlan internal allocation policy ascending

!

!

!

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

no ip mroute-cache

shutdown

!

interface GigabitEthernet0/1

description Vendor Phone

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/2

description Shoretel T1

switchport access vlan 172

switchport mode access

mls qos trust dscp

!

interface GigabitEthernet0/3

description Shoretel 60/12

switchport access vlan 172

switchport mode access

mls qos trust dscp

!

interface GigabitEthernet0/4

description Shoretel 60/12

switchport access vlan 172

switchport mode access

switchport voice vlan 172

mls qos trust dscp

!

interface GigabitEthernet0/5

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

switchport port-security mac-address 0010.4907.69ff

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/7

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security mac-address 0004.5f86.9f2d

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/9

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust dscp

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet0/10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security mac-address 0011.0aec.90b0

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/11

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.8041

switchport port-security mac-address 001c.c49b.14ce

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust dscp

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet0/12

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 4

switchport port-security mac-address 0010.4908.7c5d

switchport port-security mac-address 001b.78c1.f14a

switchport port-security mac-address 001c.2570.d3b2

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust dscp

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet0/13

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/14

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

switchport port-security mac-address 0010.4908.92cf

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/15

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/16

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/17

description WAN Circuit

switchport trunk encapsulation dot1q

switchport mode trunk

mls qos trust dscp

!

interface GigabitEthernet0/18

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/19

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/20

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/21

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

switchport port-security mac-address 0010.490e.a74d

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/22

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/23

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/24

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/25

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

spanning-tree portfast

!

interface GigabitEthernet0/26

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security mac-address 0020.6b5e.69e4

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/27

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/28

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/29

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/30

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/31

description WS00IT03C

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/32

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/33

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/34

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/35

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/36

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.80c5

switchport port-security mac-address 001b.78c1.ab3a

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/37

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.8086

switchport port-security mac-address 001e.0b69.f12e

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/38

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/39

description ws00it05

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/40

description ww00it04

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/41

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.8014

switchport port-security mac-address 001e.0b67.4bbd

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/42

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.7faa

switchport port-security mac-address 001c.c49b.26b4

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/43

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security mac-address 0014.3896.f6b3

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/44

description ws00it02b

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/45

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.80c4

switchport port-security mac-address 0016.35a3.e83c

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/46

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/47

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/48

description SW00-2960-01

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/49

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet0/50

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/51

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/52

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface TenGigabitEthernet0/1

!

interface TenGigabitEthernet0/2

!

interface Vlan1

description OPS_Switch_Mgmt

ip address 10.255.102.1 255.255.255.0

no ip redirects

!

interface Vlan4

description iSCSI/Replication

ip address 10.20.100.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

interface Vlan10

description OPS_Data_Network

ip address 10.20.102.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

interface Vlan104

description Workstation Network

ip address 10.20.104.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

interface Vlan172

description OPS_Voice_Network

ip address 172.20.102.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

router bgp 2386

bgp log-neighbor-changes

neighbor 10.20.100.10 remote-as 65342

neighbor 10.20.102.10 remote-as 65342

neighbor 10.20.104.10 remote-as 65342

neighbor 208.61.216.1 remote-as 2386

!

address-family ipv4

  neighbor 10.20.100.10 activate

  neighbor 10.20.102.10 activate

  neighbor 10.20.102.10 default-originate route-map Check-Internet

  neighbor 10.20.104.10 activate

  neighbor 208.61.216.1 activate

  neighbor 208.61.216.1 prefix-list 10 out

  no auto-summary

  no synchronization

  network 10.15.1.0 mask 255.255.255.0

  network 10.20.10.0 mask 255.255.255.0

  network 10.20.100.0 mask 255.255.255.0

  network 10.20.102.0 mask 255.255.255.0

  network 10.20.104.0 mask 255.255.255.0

  network 10.255.102.0 mask 255.255.255.0

  network 172.20.102.0 mask 255.255.255.0

exit-address-family

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.20.102.10 201

ip route 10.15.1.0 255.255.255.0 10.20.102.125

ip route 10.15.1.0 255.255.255.0 10.20.128.16 255

ip route 10.20.10.0 255.255.255.0 10.20.102.195

ip route 10.255.128.0 255.255.255.0 10.20.102.10

ip route 170.209.0.2 255.255.255.255 10.20.102.12 permanent

ip route 170.209.0.3 255.255.255.255 10.20.102.12 permanent

ip route 172.16.1.0 255.255.255.224 10.20.128.10

ip route 192.168.0.0 255.255.248.0 10.20.102.10

ip route 208.61.216.1 255.255.255.255 10.20.102.195

!

no ip http server

ip http authentication local

ip http secure-server

!

!

ip prefix-list 10 seq 1 deny 10.20.0.0/16

ip prefix-list 10 seq 2 deny 172.20.0.0/16

!

ip prefix-list 11 seq 1 deny 208.61.216.0/24

ip sla enable reaction-alerts

access-list 5 permit 0.0.0.0

access-list 6 permit 208.61.216.1

access-list 10 permit 10.20.0.0 0.0.255.255

access-list 10 permit 172.20.0.0 0.0.255.255

route-map Check-Internet permit 10

match ip address 5

match ip next-hop 6

!

!

snmp-server community sfbnet RO

snmp-server location Ops

snmp-server enable traps port-security

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server enable traps errdisable

snmp-server host 10.20.102.15 sfbnet

snmp ifmib ifindex persist

!

^C

!

line con 0

line vty 0 4

login local

length 0

line vty 5 15

login local

!

ntp clock-period 36029050

ntp server 10.20.102.10

end

Christopher

Well it's definitely routing.

One very confusing thing. Why are you peering to each of the router subinterfaces ? You only need to peer on one subinterface and then advertise routes.

What is the point of peering to the same device on 3 separate interfaces ?

Jon