Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
3
Replies

ISR - CPE Config

matthewharrison
Level 1
Level 1

‎01-19-2023 10:35 AM

Hi, Could someone clarify this config, am i missing something stupid??

Essentially i'm connecting to my ISP's NTU - BGP Config is needed.

BGP is up, but no traffic will pass through due to it being a Direct Internet Circuit and private ranges can't be routed on it.

interface Loopback0
ip address *Public IP* 255.255.255.255
ip nat outside
!
interface GigabitEthernet0/0/0
ip address *Local-BGP-IP* 255.255.255.254
negotiation auto
!
interface GigabitEthernet0/1/0
switchport mode access
!
interface GigabitEthernet0/1/1
switchport mode access
!
interface GigabitEthernet0/1/2
switchport mode access
!
interface GigabitEthernet0/1/3
switchport mode access
!
interface ATM0/2/0
no ip address
atm oversubscribe factor 2
no atm enable-ilmi-trap
!
interface Ethernet0/2/0
no ip address
no negotiation auto
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
ip nat inside
no autostate
!
router bgp 64901
bgp router-id 172.16.1.241
bgp log-neighbor-changes
network *Public IP* mask 255.255.255.255
neighbor *Neighbor-BGP-IP* remote-as 64900
neighbor *Neighbor-BGP-IP* ttl-security hops 1
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip nat inside source list 101 interface Loopback0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
ip access-list extended 101
permit ip 172.16.1.0 0.0.0.255 any

Thanks you

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-19-2023 11:05 AM

High level i do not see any reason this was not working

other than one route i suspect - ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 (check to ISP side IP address instead of inteface)

ip route 0.0.0.0 0.0.0.0 x.x.x.x

still issue

post show ip route , show ip arp, show nat trans

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

matthewharrison
Level 1
Level 1
In response to balaji.bandi

‎01-19-2023 11:33 AM

Changed the ip route to IP instead of interface, no change.

See below show ip route, show ip arp & show ip nat translation.

Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is *Neighbor-BGP-IP* to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via *Neighbor-BGP-IP*
*BGP-Subnet* is variably subnetted, 2 subnets, 2 masks
C *Neighbor-BGP-IP/31* is directly connected, GigabitEthernet0/0/0
L *Local-BGP-IP*/32 is directly connected, GigabitEthernet0/0/0
*Public-IP-Subnet* is subnetted, 1 subnets
C *Public-IP* is directly connected, Loopback0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.1.0/24 is directly connected, Vlan1
L 172.16.1.1/32 is directly connected, Vlan1

Router#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet *Neighbor-BGP-IP* 1 d46a.3507.f810 ARPA GigabitEthernet0/0/0
Internet *Local-BGP-IP - 7061.7b2f.4500 ARPA GigabitEthernet0/0/0
Internet 172.16.1.1 - 7061.7b2f.4574 ARPA Vlan1

Router#show ip nat translation
Total number of translations: 0

Cheers

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to matthewharrison

‎01-20-2023 07:25 AM

I agree that a static default route using the outbound Ethernet interface can have problems. Changing it to use an IP address is good, but did not fix the problem. So we need to look further. I question the use of loopback 0 with a Public IP address. And configuring address translation using the loopback address is problematic. Usually address translation using an interface will use the outbound interface. But loopback 0 can not be the outbound interface. The easy solution would be to change the nat to use G0/0/0.

The configuration suggests that the original poster has both a Public /31 subnet and a Public /32 address. Is that the case? If you want to do nat using the /32 then configure a pool with the /32 and configure nat to use the pool.

I would comment on another aspect of the configuration. Your nat uses an extended access list which specifies the destination as any. I have seen situations where using nat with a permit any has caused issues. I see no benefit in using an extended acl here and suggest that you change it to a standard acl.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card