thanks Giuseppe

Here is the salesoffice router config, plz tell which routes to add

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service sequence-numbers

!

hostname SO#Q1

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

dot11 syslog

ip cef

!

!

!

!

ip name-server 172.16.45.150

ip name-server 172.16.45.151

!

multilink bundle-name authenticated

!

!

voice-card 0

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key passkey123 address 62.238.x.x

crypto isakmp keepalive 10

!

crypto ipsec security-association lifetime seconds 86400

!

crypto ipsec transform-set transform esp-3des esp-md5-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer 62.238.x.x

set transform-set transform

match address ACL

!

archive

log config

  hidekeys

!

interface tunnel19

description TUNNEL to HQ-INTERNET-BACKUP

bandwidth 1544

ip address 172.20.1.233 255.255.255.252

ip mtu 1400

shutdown

tunnel source 92.47.x.x

tunnel destination 62.238.x.x

!

interface FastEthernet0/0

description WAN-Port

ip address 172.16.3.77 255.255.255.248

ip flow ingress

ip flow egress

duplex auto

speed auto

!

interface FastEthernet0/1

description LAN-PORT

  ip address 172.16.45.1 255.255.254.0

ip flow ingress

ip flow egress

duplex auto

speed auto

interface Serial0/1/0

no ip address

ip flow ingress

ip flow egress

encapsulation frame-relay IETF

frame-relay lmi-type q933a

!

interface Serial0/1/0.25 point-to-point

ip address 92.47.x.x 255.255.255.252

snmp trap link-status

frame-relay interface-dlci 22

crypto map mymap

!

!

interface Vlan1

no ip address

!

router ospf 2

log-adjacency-changes

redistribute static

network 172.16.0.0 0.0.255.255 area 0

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial0/1/0.25

ip route 172.16.100.0 255.255.255.0 172.16.3.78

ip route 172.16.101.0 255.255.255.0 172.16.3.78

ip route 172.16.103.0 255.255.255.0 172.16.3.78

ip route 172.16.103.0 255.255.254.0 tunnel19 200

ip access-list extended ACL

permit ip 172.16.45.0 0.0.0.255 172.16.100.0 0.0.0.255

permit ip 172.16.45.0 0.0.0.255 172.16.101.0 0.0.0.255

permit ip 172.16.45.0 0.0.0.255 172.16.103.0 0.0.1.255

Hi Saquib,

as Giuseppe already said, BGP is a kind of mandatory protocol for MPLS. The whole infrastructure can work properly as long as the ip reachability is satisfied.. Nevertheless, BGP in its different configurations, can to encode many different MPLS information in its updates providing many features that the static routing can't really realise. If you have Core routers pointin to some external ISP(s) you can even avoid BGP sessions as giuseppe was explaining above but if you have MPLS inside your infrastructure you have not really so much choice.... For the GRE tunnel.... just take it away and play with metric and administrative distance.

Hope it helps

Alessio

Alessio / Giuseppe,

looking at the config just removing GRE tunnel and adding higher metric didnt help, can you guide what I am missing more

thanks in advance

ST

HI there,

i would say two things... the first is to add the subnet option to redistribute static below OSPF process

the second is that you are still advertising over the tunnel the network (although with static route

Can't you advertise that link in Ospf and the to change the metric/administrative distance ? Remember that metric is intra-domain and administrative distance is inter-domain...

As a suggestion only i would be more specific when you advertise your route because otherwise you loose control and everything becoms more difficult. If you send me the topology you desire to accomplish i can study a config to propose you.

This should be the command but the idea is called floating static route. If the primary static route goes down this second route with bigger administrative distance will come into play, a bit like you did with the tunnel 19 but with a simple static route

http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080093d6e.shtml

let me/us know

HTH

Alessio

thank u for supporting, i attached the current setup layout.

primary path for sales-office19 reaching HQ should be via IPSEC VPN and if internet is down then traffic should pass over mpls cloud

let me know if more information is needed

thanks

ST

Hi Saquib,

try this:

p route 0.0.0.0 0.0.0.0  172.16.3.78

ip route 172.16.100.0 255.255.255.0  Serial0/1/0.25  (longest match is preferred)

ip route 172.16.101.0 255.255.255.0  Serial0/1/0.25

ip route 172.16.103.0 255.255.255.0  Serial0/1/0.25

or this:

ip route 0.0.0.0 0.0.0.0 Serial0/1/0.25

ip route 172.16.100.0 255.255.255.0 172.16.3.78 200

ip route 172.16.101.0 255.255.255.0 172.16.3.78 200

ip route 172.16.103.0 255.255.255.0 172.16.3.78 200

Why do you advertise /23 in the static route?

Since it is MPLS VPN layer 2, can't you run OSPF between Office Sales 19 and Office sales 1?

Remeber to change the redistribution command in

redistribute static subnets

Let me know,

Alessio

PS: why are you using OSPF? Wouldn't you prefer to encapsulate different vlan on FastEthernet subinterfaces? and then just static routing? it would be cool if you could run OSPF over the entire WAN!!!

Alessio, let me clear some  points

Data Provider had given BGP config for Sales office 1 and internally we got ospf  but for Sales Office 19 they provided static route config. If you see the initial post it address these query.

If I get you correctly from my original posted config , i would remove the following

no interface tunnel19

no router ospf 2

no ip route 0.0.0.0 0.0.0.0 Serial0/1/0.25

no ip route 172.16.100.0 255.255.255.0 172.16.3.78

no ip route 172.16.101.0 255.255.255.0 172.16.3.78

no ip route 172.16.103.0 255.255.255.0 172.16.3.78

no ip route 172.16.103.0 255.255.254.0 tunnel19 200

/23 is incorrect, it should be /24

after removing the above, will add the static routes you provided

what  you mentioned in 'PS' - not clear. can u help with sample config example

many thanks

ST

Hi Saquib,

just a step at the time ....

no ip route 0.0.0.0 0.0.0.0 Serial0/1/0.25

no ip route 172.16.100.0 255.255.255.0 172.16.3.78

no ip route 172.16.101.0 255.255.255.0 172.16.3.78

no ip route 172.16.103.0 255.255.255.0 172.16.3.78

no ip route 172.16.103.0 255.255.254.0 tunnel19 200

!

ip route 0.0.0.0 0.0.0.0  172.16.3.78

!(longest match is preferred)

ip route 172.16.100.0 255.255.255.0  Serial0/1/0.25 

ip route 172.16.101.0 255.255.255.0  Serial0/1/0.25

ip route 172.16.103.0 255.255.255.0  Serial0/1/0.25

!

no int tunnel 19

!

end

!

or if it does not work this:

ip route 0.0.0.0 0.0.0.0 Serial0/1/0.25

ip route 172.16.100.0 255.255.255.0 172.16.3.78 200

ip route 172.16.101.0 255.255.255.0 172.16.3.78 200

ip route 172.16.103.0 255.255.255.0 172.16.3.78 200

!

no int tunnel 19

!

end

!

by now leave OSPF in place because i didn't really get why you are using it. It would be great to have the partial routing table:

show ip route static

before and after the changes.  Check this solution before implementing it because i miss some info. I am quite sure anyway that this change can help you.

I think this could work. For the PS i wrote down, i was only thinking that since you can run OSPF as CE-PE protocol, you could manage just one area 0 connecting all your core network offices. But it is very demanding in terms of implementation. Ignore it.