08-04-2011 12:31 PM - edited 03-04-2019 01:11 PM
I'm looking for some basics for configuring BGP. I do have a couple docs on BGP, but apparently I'm missing something.
Here's my scenario:
Two sites: site1 and site2
Switches: Catalyst 3560s
Router:
2811 == 10.20.102.10
VLANs:
VLAN10 == 10.20.102.1 (primary data vlan)
VLAN4== 10.20.100.1 (san replication)
I am trying to create a new vlan and set it up to update via BGP. The traffic will replicate to site2, but I'll hold off on those details for the moment. As I understand, I would create the vlan as such:
switch(config)#vlan 4
switch(config-vlan)#exit
switch(config)#
Next, I would:
switch(config)#interface vlan4
switch(config-if)#ip address 10.20.100.1 255.255.255.0
etc...
I have setup an interface on the router:
int F0/0.100 == 10.20.100.10
For BGP, I've configured:
router bgp <as>
neighbor 10.20.100.10 remote-as 65342
address-family ipv4
neighbor 10.20.104.10 activate
network 10.20.100.0 mask 255.255.255.0
I've not added any static routing. Looking at examples in our own config, it doesn't appear to require it. The switch is a layer 3, yet, i can't ping the 10.20.100.10 address from the switch and I'm not sure why.
The question is how do I create a new vlan and set this network up so that it updates in bgp?
I'll bring in the site 2 info (which will have another vlan setup) when I can get this running/updating properly.
Been on here quite a bit lately;) Thanks for the help!
Message was edited by: Chris Hall
08-04-2011 12:37 PM
So you want to advertise vlan4 to the site 2 ?
On site1 router under your BGP config -
router bgp
network 10.20.100.0 mask 255.255.255.0
note this assumes you are not redistributing any IGP into BGP at site1. It also assumes if you do a "sh ip route" on the 2821 router there is a matching route ie. 10.20.100.0 255.255.255.0.
If you are not running a dynamic routing protoco between the 3560 and the 2821 then you will need to add this to -
ip route 10.20.100.0 255.255.255.0 <3560 next-hop>
Jon
08-04-2011 12:39 PM
Thick fingers hit the send too soon...more details coming...
08-04-2011 01:05 PM
I'll add to this that I can't ping the router (10.20.100.10) from the switch, nor can I ping the switch vlan (10.20.100.1) from the router. Here's a modified sh ip bgp from the switch:
*> 10.20.100.0/24 0.0.0.0 0 32768 i
* 10.20.104.10 0 0 65342 i
* 10.20.102.10 0 0 65342 i
* 10.20.102.0/24 10.20.104.10 0 0 65342 i
* 10.20.102.10 0 0 65342 i
*> 0.0.0.0 0 32768 i
* 10.20.104.0/24 10.20.104.10 0 0 65342 i
* 10.20.102.10 0 0 65342 i
*> 0.0.0.0 0 32768 i
And from the router:
* 10.20.100.0/24 10.20.104.1 0 0 2386 i
* 10.20.102.1 0 0 2386 i
*> 0.0.0.0 0 32768 i
* 10.20.102.0/24 10.20.104.1 0 0 2386 i
* 10.20.102.1 0 0 2386 i
*> 0.0.0.0 0 32768 i
*> 10.20.104.0/24 0.0.0.0 0 32768 i
* 10.20.104.1 0 0 2386 i
* 10.20.102.1 0 0 2386 i
08-04-2011 01:14 PM
I'll add to this that I can't ping the router (10.20.100.10) from the switch, nor can I ping the switch vlan (10.20.100.1) from the router. Here's a modified sh ip bgp from the switch:
Well BGP is fairly irrelevant at the moment Because if you can't ping between the switch and vlan if they are connected on the same subnet then BGP will never come up.
Are you running BGP on the switch ?
You need to check your trunk config on the switch the subinterface settings on the switch. Until you can ping we can't look at BGP.
Jon
08-04-2011 01:30 PM
Actually, logging into the router (10.20.102.10, with a sub-int IP address of 10.20.100.10), I am unable to ping the switch vlan 10.20.100.1 and vice versa. The switch is running bgp. Not sure what you're asking about switch subinterface settings. There isn't a subinterface....
08-04-2011 01:34 PM
Sorry i meant router.
Can you check the trunk link from the switch to the router and make sure your new vlan is allowed on the trunk ?
Jon
08-04-2011 01:44 PM
No worries. Thought it was my translation from tech to words....
The switch port config where the router plugs in:
description WAN Circuit
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
Currently, it's running/allowing 4 different vlans.
08-04-2011 01:45 PM
From the switch can you post "sh int trunk" and "sh vlan".
Can you also post the router config.
Just to be clear you cannot ping from the switch to the router using the IPs from the new subnet ?
Jon
08-04-2011 01:57 PM
>>
Just to be clear you cannot ping from the switch to the router using the IPs from the new subnet
>>
yes
Sh int trunk:
Gi0/1 on 802.1q trunking 10
Gi0/7 on 802.1q trunking 10
Gi0/15 on 802.1q trunking 10
Gi0/17 on 802.1q trunking 1
Gi0/18 on 802.1q trunking 10
Gi0/19 on 802.1q trunking 10
Gi0/21 on 802.1q trunking 10
Gi0/24 on 802.1q trunking 10
Gi0/25 on 802.1q trunking 10
Gi0/26 on 802.1q trunking 10
Gi0/28 on 802.1q trunking 10
Gi0/30 on 802.1q trunking 104
Gi0/31 on 802.1q trunking 10
Gi0/33 on 802.1q trunking 10
Gi0/34 on 802.1q trunking 10
Gi0/36 on 802.1q trunking 10
Gi0/37 on 802.1q trunking 10
Gi0/39 on 802.1q trunking 10
Gi0/40 on 802.1q trunking 10
Gi0/41 on 802.1q trunking 10
Gi0/42 on 802.1q trunking 10
Gi0/43 on 802.1q trunking 10
sh vlan:
1 default active Gi0/5, Gi0/6, Gi0/8, Gi0/10
Gi0/11, Gi0/12, Gi0/13, Gi0/14
Gi0/16, Gi0/20, Gi0/22, Gi0/27
Gi0/29, Gi0/32, Gi0/35, Gi0/38
Gi0/49, Gi0/51
2 IDS active
3 DMZ active
4 iSCSI active
5 Backup active
6 VMotion active
10 OPS_Data active Gi0/9, Gi0/23
104 VLAN0104 active
172 OPS_Voice active Gi0/2, Gi0/3, Gi0/4, Gi0/5
Gi0/6, Gi0/8, Gi0/9, Gi0/10
Gi0/11, Gi0/12, Gi0/13, Gi0/14
Gi0/16, Gi0/20, Gi0/22, Gi0/23
Gi0/27, Gi0/29, Gi0/32, Gi0/35
Gi0/38
Router config:
!
! Last configuration change at 13:30:16 EST Thu Aug 4 2011 by chall
! NVRAM config last updated at 13:30:18 EST Thu Aug 4 2011 by chall
!
version 12.4
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname RT00-2811-01
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 debugging
no logging console
enable secret 5 $1$Uj7n$/gpiBefkWvQI2iwOPfoe7.
!
no aaa new-model
clock timezone EST -5
clock summer-time EST recurring
ip wccp web-cache redirect-list 120
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name secfedbank.com
ip name-server 205.152.226.254
ip name-server 205.152.0.5
ip sla monitor 1
type echo protocol ipIcmpEcho 10.45.45.1 source-interface FastEthernet0/0.10
ip sla monitor schedule 1 life forever start-time now
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2105432603
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2105432603
revocation-check none
rsakeypair TP-self-signed-2105432603
!
!
crypto pki certificate chain TP-self-signed-2105432603
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32313035 34333236 3033301E 170D3038 30353231 30323136
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31303534
33323630 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B35A 3AB46162 379144AE 24923FA4 BC263CEF EE6956E9 0BAD15EC 428795FE
6CD29BF5 453D0D2B 223BAAC9 C7737337 7CB8A3FB 4F46CC4B 81391004 F218159D
BAD172A9 1F13747F 89F32806 583B9F8C C6BE72CF E02393A9 52B6ED2E C7002A6A
CB33B650 5A965B69 F21345A3 E99A1F06 D6DDF77D 5E18EBCD F955B3A8 3BA151B2
A0090203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B525430 302D3238 31312D30 312E7365 63666564 62616E6B
2E636F6D 301F0603 551D2304 18301680 142ACDDC 6AF8C469 E5D285AF DEEAA249
383B80B5 17301D06 03551D0E 04160414 2ACDDC6A F8C469E5 D285AFDE EAA24938
3B80B517 300D0609 2A864886 F70D0101 04050003 81810042 54F8188B 8EBDA319
C0B76D85 AD4F05F1 5804BD0B 19EB6C72 11575565 FC4F61FA 7D80D2FA 20A3565E
C19C5903 FCB215D4 CBAB12F6 4D4A4D35 29D5AD58 72112742 3912E23D 3C36D386
F6D81943 F37A5C5F 36146C78 328EB9E3 2839C466 B5DEBF8F 696B0C8A BE001E36
B34D06C8 E725CED4 E9D5C953 30C702B4 39479E68 CC8568
quit
username chall privilege 15 secret 5 $1$vTdG$ZZYz.bJ/JFRoyclTqFO980
username wjerrell privilege 15 password 7 096C59034B554147
username twessel privilege 15 password 7 00240711550B5C5E
username sready privilege 15 password 7 072F325E1D594852
username att privilege 15 password 7 13061E010803
!
!
!
track 1 rtr 1 reachability
!
class-map match-any Business_Ingress
match access-group 130
class-map match-any Business_Data
match ip dscp af21
match access-group 130
class-map match-any Voice
match dscp ef
match access-group name Voice-Traffic
class-map match-any Voice_Ingress
match access-group name Voice-Traffic
!
!
policy-map Voice-Traffic
class Voice
bandwidth 2500
class Business_Data
bandwidth 3000
class class-default
fair-queue
random-detect dscp-based
policy-map QOS_INGRESS_LAN
class Business_Ingress
set ip dscp af21
class Voice_Ingress
set ip dscp ef
!
!
!
!
interface FastEthernet0/0
no ip address
ip flow ingress
ip flow egress
ip route-cache flow
duplex auto
speed auto
service-policy input QOS_INGRESS_LAN
!
interface FastEthernet0/0.10
description Data Network
encapsulation dot1Q 10
ip address 10.20.102.10 255.255.255.0
no ip redirects
ip accounting output-packets
ip wccp web-cache redirect in
ip flow ingress
!
interface FastEthernet0/0.100
description SAN Replication
encapsulation dot1Q 100
ip address 10.20.100.10 255.255.255.0
no ip redirects
ip accounting output-packets
ip wccp web-cache redirect in
ip flow ingress
!
interface FastEthernet0/0.104
encapsulation dot1Q 104
ip address 10.20.104.10 255.255.255.0
no ip redirects
ip accounting output-packets
ip wccp web-cache redirect in
ip flow ingress
!
interface FastEthernet0/0.172
description Voice Network
encapsulation dot1Q 172
ip address 172.20.102.2 255.255.255.0
ip helper-address 10.20.102.4
ip helper-address 10.20.102.5
no ip redirects
ip accounting output-packets
ip flow ingress
ip flow egress
no cdp enable
!
interface FastEthernet0/1
no ip address
duplex full
speed 100
service-policy output Voice-Traffic
!
interface FastEthernet0/1.22
description Operations - AT&T - 42.KQGN.400006
encapsulation dot1Q 22
ip address 192.168.0.102 255.255.255.252
no ip redirects
ip accounting output-packets
ip nbar protocol-discovery
ip flow ingress
ip flow egress
!
router bgp 65342
bgp log-neighbor-changes
neighbor 10.20.100.1 remote-as 2386
neighbor 10.20.102.1 remote-as 2386
neighbor 10.20.104.1 remote-as 2386
neighbor 192.168.0.101 remote-as 6389
!
address-family ipv4
neighbor 10.20.100.1 activate
neighbor 10.20.102.1 activate
neighbor 10.20.104.1 activate
neighbor 192.168.0.101 activate
no auto-summary
no synchronization
network 10.20.100.0 mask 255.255.255.0
network 10.20.102.0 mask 255.255.255.0
network 10.20.104.0 mask 255.255.255.0
network 10.255.102.0 mask 255.255.255.0
network 172.20.102.0 mask 255.255.255.0
network 192.168.0.100 mask 255.255.255.252
exit-address-family
!
ip forward-protocol nd
ip route 10.15.1.0 255.255.255.0 10.20.102.125 track 1
ip route 10.15.1.0 255.255.255.0 10.20.128.16 4
ip route 10.45.45.1 255.255.255.255 10.20.102.125 permanent
ip route 170.209.0.2 255.255.255.254 10.20.102.12
ip route 170.209.0.2 255.255.255.255 10.20.102.12 permanent
ip route 170.209.0.3 255.255.255.255 10.20.102.12 permanent
ip route 192.168.0.0 255.255.255.0 192.168.0.101
08-04-2011 02:02 PM
Chris
As in yes you cannot ping ?
Anyway your new vlan is vlan 4, is that right ? If so on your router -
interface FastEthernet0/0.100
description SAN Replication
encapsulation dot1Q 100
ip address 10.20.100.10 255.255.255.0
no ip redirects
ip accounting output-packets
ip wccp web-cache redirect in
ip flow ingress
you need to change the line in bold to -
encapsulation dot1q 4 <-- the number must match the vlan number
note you can leave the actual interface as fa0/0.100 as this doesn't have to match the vlan number.
Jon
08-05-2011 05:21 AM
Ah, how a second set of eyes can see things one cannot! Ping from router to 10.20.100.1 (switch) == success, but can't hit the router from the switch. I will add a static route to the switch, but what I've see about BGP is that BGP eliminates the need for them. I'm sure this switch is layer 3, but if it was it wouldn't have problems updating bgp routes. Thoughts?
08-05-2011 05:24 AM
Do a "sh ip route" on the switch and post results. If it is running BGP it is acting as L3 switch.
Not sure why you cannot ping the switch from the router though ?
Perhaps you could post config of the switch just to be sure ?
Jon
08-05-2011 05:36 AM
sh ip route:
sw00-3560-01#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 208.61.216.1 to network 0.0.0.0
170.209.0.0/32 is subnetted, 2 subnets
S 170.209.0.3 [1/0] via 10.20.102.12
S 170.209.0.2 [1/0] via 10.20.102.12
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.1.0/27 [1/0] via 10.20.128.10
B 172.16.1.0/24 [20/0] via 10.20.102.10, 7w0d
172.21.0.0/32 is subnetted, 1 subnets
B 172.21.0.214 [20/0] via 10.20.102.10, 7w0d
172.20.0.0/24 is subnetted, 14 subnets
B 172.20.140.0 [20/0] via 10.20.102.10, 3w2d
B 172.20.142.0 [20/0] via 10.20.102.10, 7w0d
B 172.20.128.0 [20/0] via 10.20.102.10, 7w0d
B 172.20.132.0 [20/0] via 10.20.102.10, 4w1d
B 172.20.134.0 [20/0] via 10.20.102.10, 7w0d
B 172.20.122.0 [20/0] via 10.20.102.10, 7w0d
B 172.20.124.0 [20/0] via 10.20.102.10, 6w2d
B 172.20.126.0 [20/0] via 10.20.102.10, 5w1d
B 172.20.112.0 [20/0] via 10.20.102.10, 7w0d
B 172.20.114.0 [20/0] via 10.20.102.10, 7w0d
B 172.20.118.0 [20/0] via 10.20.102.10, 1w2d
B 172.20.105.0 [20/0] via 10.20.102.10, 4w6d
B 172.20.110.0 [20/0] via 10.20.102.10, 5w2d
C 172.20.102.0 is directly connected, Vlan172
172.25.0.0/32 is subnetted, 2 subnets
B 172.25.68.214 [20/0] via 10.20.102.10, 5w1d
B 172.25.0.214 [20/0] via 10.20.102.10, 7w0d
172.27.0.0/32 is subnetted, 1 subnets
B 172.27.36.214 [20/0] via 10.20.102.10, 7w0d
208.61.216.0/24 is variably subnetted, 2 subnets, 2 masks
S 208.61.216.1/32 [1/0] via 10.20.102.195
B 208.61.216.0/27 [200/0] via 208.61.216.1, 7w0d
192.168.4.0/30 is subnetted, 2 subnets
B 192.168.4.252 [20/0] via 10.20.102.10, 7w0d
B 192.168.4.248 [20/0] via 10.20.102.10, 7w0d
10.0.0.0/24 is subnetted, 33 subnets
S 10.15.1.0 [1/0] via 10.20.102.125
S 10.20.10.0 [1/0] via 10.20.102.195
B 10.20.126.0 [20/0] via 10.20.102.10, 5w1d
B 10.20.124.0 [20/0] via 10.20.102.10, 6w2d
B 10.20.122.0 [20/0] via 10.20.102.10, 7w0d
B 10.20.118.0 [20/0] via 10.20.102.10, 1w2d
B 10.20.117.0 [20/0] via 10.20.102.10, 1w2d
B 10.20.114.0 [20/0] via 10.20.102.10, 7w0d
B 10.20.112.0 [20/0] via 10.20.102.10, 7w0d
B 10.20.110.0 [20/0] via 10.20.102.10, 5w2d
B 10.255.132.0 [20/0] via 10.20.102.10, 4w1d
B 10.255.134.0 [20/0] via 10.20.102.10, 7w0d
S 10.255.128.0 [1/0] via 10.20.102.10
C 10.20.104.0 is directly connected, Vlan104
B 10.20.105.0 [20/0] via 10.20.102.10, 4w6d
C 10.20.102.0 is directly connected, Vlan10
B 10.255.140.0 [20/0] via 10.20.102.10, 3w2d
C 10.20.100.0 is directly connected, Vlan4
B 10.255.142.0 [20/0] via 10.20.102.10, 7w0d
B 10.255.118.0 [20/0] via 10.20.102.10, 1w2d
B 10.255.112.0 [20/0] via 10.20.102.10, 7w0d
B 10.255.114.0 [20/0] via 10.20.102.10, 7w0d
B 10.255.124.0 [20/0] via 10.20.102.10, 6w2d
B 10.255.122.0 [20/0] via 10.20.102.10, 7w0d
B 10.20.142.0 [20/0] via 10.20.102.10, 7w0d
B 10.20.140.0 [20/0] via 10.20.102.10, 3w2d
C 10.255.102.0 is directly connected, Vlan1
B 10.20.134.0 [20/0] via 10.20.102.10, 7w0d
B 10.20.132.0 [20/0] via 10.20.102.10, 4w1d
B 10.255.110.0 [20/0] via 10.20.102.10, 5w2d
B 10.255.105.0 [20/0] via 10.20.102.10, 4w6d
B 10.20.130.0 [20/0] via 10.20.102.10, 18:59:25
B 10.20.128.0 [20/0] via 10.20.102.10, 7w0d
192.168.0.0/30 is subnetted, 5 subnets
B 192.168.0.104 [20/0] via 10.20.102.10, 3w2d
B 192.168.0.100 [20/0] via 10.20.102.10, 7w0d
B 192.168.0.76 [20/0] via 10.20.102.10, 7w0d
B 192.168.0.28 [20/0] via 10.20.102.10, 5w1d
B 192.168.0.20 [20/0] via 10.20.102.10, 4w1d
192.168.1.0/26 is subnetted, 4 subnets
B 192.168.1.64 [20/0] via 10.20.102.10, 7w0d
B 192.168.1.0 [20/0] via 10.20.102.10, 7w0d
B 192.168.1.192 [20/0] via 10.20.102.10, 5w1d
B 192.168.1.128 [20/0] via 10.20.102.10, 7w0d
B* 0.0.0.0/0 [200/0] via 208.61.216.1, 18:19:17
S 192.168.0.0/21 [1/0] via 10.20.102.10
config:
!
hostname sw00-3560-01
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 warnings
no logging console
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
ip routing
!
!
no ip domain-lookup
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-3629491072
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3629491072
revocation-check none
rsakeypair TP-self-signed-3629491072
!
!
crypto pki certificate chain TP-self-signed-3629491072
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363239 34393130 3732301E 170D3933 30333031 30303031
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323934
39313037 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BF69 82BE978F D381C12C EE436B71 24568322 5E7049F6 7DE9FF83 545C58E8
8D1FB06E CE5915AD C53F6F63 18745958 2F5E3226 B05C40F8 FE03E510 B115EC21
30939871 C020749C 39F7B7BB C909774A B55DC7C2 A553EC2E B5EBE5C4 C364A791
DF3603B1 18D9C639 3983A8DB DFA18DBA E3C6408F 7C07D51E D7DF2604 139633EA
01850203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B737730 302D3335 36302D30 312E7365 63666564 62616E6B
2E636F6D 301F0603 551D2304 18301680 14F193BB B14DAE04 43346821 925588A0
D66F5E80 9F301D06 03551D0E 04160414 F193BBB1 4DAE0443 34682192 5588A0D6
6F5E809F 300D0609 2A864886 F70D0101 04050003 81810095 759B7D01 71A6D648
0348181B 4F136C6B F18DBFF5 00689425 7D8B2F4F C641A4F6 7EDDB586 9DBDA9A4
02237380 ABCD054E 2B51972F D60CBF29 0328BA8F B1B8C61A EC15510F 5143CB53
F6B48D6B 94871F37 B75B1690 E47BA522 44BAEC38 8F00CC68 1D53AA1E 0378AD0B
ADA17592 EF17506D 159B6DD5 16E59954 2226C8FB F32BE8
quit
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1,10,172 priority 8192
!
!
!
errdisable recovery cause psecure-violation
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
description Vendor Phone
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/2
description Shoretel T1
switchport access vlan 172
switchport mode access
mls qos trust dscp
!
interface GigabitEthernet0/3
description Shoretel 60/12
switchport access vlan 172
switchport mode access
mls qos trust dscp
!
interface GigabitEthernet0/4
description Shoretel 60/12
switchport access vlan 172
switchport mode access
switchport voice vlan 172
mls qos trust dscp
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
switchport port-security mac-address 0010.4907.69ff
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security mac-address 0004.5f86.9f2d
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security mac-address 0011.0aec.90b0
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.8041
switchport port-security mac-address 001c.c49b.14ce
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 4
switchport port-security mac-address 0010.4908.7c5d
switchport port-security mac-address 001b.78c1.f14a
switchport port-security mac-address 001c.2570.d3b2
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
switchport port-security mac-address 0010.4908.92cf
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/17
description WAN Circuit
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
!
interface GigabitEthernet0/18
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
switchport port-security mac-address 0010.490e.a74d
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
spanning-tree portfast
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security mac-address 0020.6b5e.69e4
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/28
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/29
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/30
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/31
description WS00IT03C
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/32
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/33
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/34
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/35
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/36
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.80c5
switchport port-security mac-address 001b.78c1.ab3a
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/37
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.8086
switchport port-security mac-address 001e.0b69.f12e
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/38
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/39
description ws00it05
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/40
description ww00it04
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/41
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.8014
switchport port-security mac-address 001e.0b67.4bbd
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/42
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.7faa
switchport port-security mac-address 001c.c49b.26b4
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/43
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security mac-address 0014.3896.f6b3
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/44
description ws00it02b
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/45
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.80c4
switchport port-security mac-address 0016.35a3.e83c
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/47
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/48
description SW00-2960-01
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/49
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
!
interface GigabitEthernet0/50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/51
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface TenGigabitEthernet0/1
!
interface TenGigabitEthernet0/2
!
interface Vlan1
description OPS_Switch_Mgmt
ip address 10.255.102.1 255.255.255.0
no ip redirects
!
interface Vlan4
description iSCSI/Replication
ip address 10.20.100.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
interface Vlan10
description OPS_Data_Network
ip address 10.20.102.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
interface Vlan104
description Workstation Network
ip address 10.20.104.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
interface Vlan172
description OPS_Voice_Network
ip address 172.20.102.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
router bgp 2386
bgp log-neighbor-changes
neighbor 10.20.100.10 remote-as 65342
neighbor 10.20.102.10 remote-as 65342
neighbor 10.20.104.10 remote-as 65342
neighbor 208.61.216.1 remote-as 2386
!
address-family ipv4
neighbor 10.20.100.10 activate
neighbor 10.20.102.10 activate
neighbor 10.20.102.10 default-originate route-map Check-Internet
neighbor 10.20.104.10 activate
neighbor 208.61.216.1 activate
neighbor 208.61.216.1 prefix-list 10 out
no auto-summary
no synchronization
network 10.15.1.0 mask 255.255.255.0
network 10.20.10.0 mask 255.255.255.0
network 10.20.100.0 mask 255.255.255.0
network 10.20.102.0 mask 255.255.255.0
network 10.20.104.0 mask 255.255.255.0
network 10.255.102.0 mask 255.255.255.0
network 172.20.102.0 mask 255.255.255.0
exit-address-family
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.20.102.10 201
ip route 10.15.1.0 255.255.255.0 10.20.102.125
ip route 10.15.1.0 255.255.255.0 10.20.128.16 255
ip route 10.20.10.0 255.255.255.0 10.20.102.195
ip route 10.255.128.0 255.255.255.0 10.20.102.10
ip route 170.209.0.2 255.255.255.255 10.20.102.12 permanent
ip route 170.209.0.3 255.255.255.255 10.20.102.12 permanent
ip route 172.16.1.0 255.255.255.224 10.20.128.10
ip route 192.168.0.0 255.255.248.0 10.20.102.10
ip route 208.61.216.1 255.255.255.255 10.20.102.195
!
no ip http server
ip http authentication local
ip http secure-server
!
!
ip prefix-list 10 seq 1 deny 10.20.0.0/16
ip prefix-list 10 seq 2 deny 172.20.0.0/16
!
ip prefix-list 11 seq 1 deny 208.61.216.0/24
ip sla enable reaction-alerts
access-list 5 permit 0.0.0.0
access-list 6 permit 208.61.216.1
access-list 10 permit 10.20.0.0 0.0.255.255
access-list 10 permit 172.20.0.0 0.0.255.255
route-map Check-Internet permit 10
match ip address 5
match ip next-hop 6
!
!
snmp-server community sfbnet RO
snmp-server location Ops
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps errdisable
snmp-server host 10.20.102.15 sfbnet
snmp ifmib ifindex persist
!
^C
!
line con 0
line vty 0 4
login local
length 0
line vty 5 15
login local
!
ntp clock-period 36029050
ntp server 10.20.102.10
end
08-05-2011 05:43 AM
Christopher
Well it's definitely routing.
One very confusing thing. Why are you peering to each of the router subinterfaces ? You only need to peer on one subinterface and then advertise routes.
What is the point of peering to the same device on 3 separate interfaces ?
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide