01-19-2023 10:35 AM
Hi, Could someone clarify this config, am i missing something stupid??
Essentially i'm connecting to my ISP's NTU - BGP Config is needed.
BGP is up, but no traffic will pass through due to it being a Direct Internet Circuit and private ranges can't be routed on it.
interface Loopback0
ip address *Public IP* 255.255.255.255
ip nat outside
!
interface GigabitEthernet0/0/0
ip address *Local-BGP-IP* 255.255.255.254
negotiation auto
!
interface GigabitEthernet0/1/0
switchport mode access
!
interface GigabitEthernet0/1/1
switchport mode access
!
interface GigabitEthernet0/1/2
switchport mode access
!
interface GigabitEthernet0/1/3
switchport mode access
!
interface ATM0/2/0
no ip address
atm oversubscribe factor 2
no atm enable-ilmi-trap
!
interface Ethernet0/2/0
no ip address
no negotiation auto
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
ip nat inside
no autostate
!
router bgp 64901
bgp router-id 172.16.1.241
bgp log-neighbor-changes
network *Public IP* mask 255.255.255.255
neighbor *Neighbor-BGP-IP* remote-as 64900
neighbor *Neighbor-BGP-IP* ttl-security hops 1
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip nat inside source list 101 interface Loopback0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
ip access-list extended 101
permit ip 172.16.1.0 0.0.0.255 any
Thanks you
01-19-2023 11:05 AM
High level i do not see any reason this was not working
other than one route i suspect - ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 (check to ISP side IP address instead of inteface)
ip route 0.0.0.0 0.0.0.0 x.x.x.x
still issue
post show ip route , show ip arp, show nat trans
01-19-2023 11:33 AM
Changed the ip route to IP instead of interface, no change.
See below show ip route, show ip arp & show ip nat translation.
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is *Neighbor-BGP-IP* to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via *Neighbor-BGP-IP*
*BGP-Subnet* is variably subnetted, 2 subnets, 2 masks
C *Neighbor-BGP-IP/31* is directly connected, GigabitEthernet0/0/0
L *Local-BGP-IP*/32 is directly connected, GigabitEthernet0/0/0
*Public-IP-Subnet* is subnetted, 1 subnets
C *Public-IP* is directly connected, Loopback0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.1.0/24 is directly connected, Vlan1
L 172.16.1.1/32 is directly connected, Vlan1
Router#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet *Neighbor-BGP-IP* 1 d46a.3507.f810 ARPA GigabitEthernet0/0/0
Internet *Local-BGP-IP - 7061.7b2f.4500 ARPA GigabitEthernet0/0/0
Internet 172.16.1.1 - 7061.7b2f.4574 ARPA Vlan1
Router#show ip nat translation
Total number of translations: 0
Cheers
01-20-2023 07:25 AM
I agree that a static default route using the outbound Ethernet interface can have problems. Changing it to use an IP address is good, but did not fix the problem. So we need to look further. I question the use of loopback 0 with a Public IP address. And configuring address translation using the loopback address is problematic. Usually address translation using an interface will use the outbound interface. But loopback 0 can not be the outbound interface. The easy solution would be to change the nat to use G0/0/0.
The configuration suggests that the original poster has both a Public /31 subnet and a Public /32 address. Is that the case? If you want to do nat using the /32 then configure a pool with the /32 and configure nat to use the pool.
I would comment on another aspect of the configuration. Your nat uses an extended access list which specifies the destination as any. I have seen situations where using nat with a permit any has caused issues. I see no benefit in using an extended acl here and suggest that you change it to a standard acl.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide