03-21-2019 02:23 AM
Hi,
I am relatively new to the Cisco world and have been tasked with setting up a BT MPLS network! Yipee!
I am in a position where I have the head office router configured, and a branch router able to ping our head office resources through our Watchguard firewall, progress!
I have now hit a stumbling block whereby I don't know how to allow branch office devices (only 1-2 desktop PC's and a VOIP phone) to connect to our head office resources.MPLS, BT, Routing, Subnets
Branch office routers are Cisco ISR 877VA's with 4 FA interfaces which I will be using to connect the various devices.
MPLS Dialler interface has been configured with an IP address of 10.1.2.1, this appears to be the only way I can announce the network into MPLS. If I set on loopback interfaces, I cannot get out to the head office router so I think this is the correct configuration, no assist or working configs from BT so working blind.
BT will only route the 10.1.2.0/24 subnet for this particular branch, if I try to use NAT, it will not carry across the MPLS network and gets dropped in the MPLS circuit.
If I try and set VLAN 1 (for the branch local network) to anything in the 10.x range, I get an "overlap" error message from the router.
So essentially, my local branch devices need to belong to the 10.1.2.x/24 network which is the same as the dialler interface network. Is this achievable?
BT are a nightmare to get hold of, let alone work with me on this allowed subnets, so my options are limited!
Any advise would be much appreciated. Please go easy on me, i'm new!
Solved! Go to Solution.
04-02-2019 02:16 AM - edited 04-02-2019 02:20 AM
Hello
martin.daley@eventura.com wrote:
Hi,
BT will only route the 10.1.2.0/24 subnet for this particular branch, if I try to use NAT, it will not carry across the MPLS network and gets dropped in the MPLS circuit.
If I try and set VLAN 1 (for the branch local network) to anything in the 10.x range, I get an "overlap" error message from the router.
So essentially, my local branch devices need to belong to the 10.1.2.x/24 network which is the same as the dialler inte
So if you cannot use NAT and you need to use this one subnet the only other way i can see it to bridge the connection between your wan/lan interfaces.
Example:
bridge 1 route ip
bridge 1 protocol ieee
bridge irb
int x/x
description WAN facing
no ip address
Bridge group 1
Int xxx
Description LAN
no ip address
Bridge group 1
Int bvi 1
ip address 10.0.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 BVI1 10.0.1.1
03-21-2019 05:45 AM
Doesn't sound right to me, BT should be able to advertise other subnets for you.
It doesn't sound like you are using BGP so they would need to know any additional subnet(s) you wanted advertised unless there is a limit to how many they are prepared to add static routes for.
An alternative is to use the 10.1.2.x IPs and NAT them to other internal IPs but you really shouldn't have to do that.
I agree it can be difficult to get hold of the right person in BT.
Jon
03-22-2019 07:02 AM
Martin,
BT should have provided you with the circuit details, so you could configure your router. If they limit it to a single /24 range, the way around it is to set your dialer interface as unnumbered and use the LAN interface's IP on it. But then you are still missing the dynamic routing details. What is your general situation? Is this supposed to be one branch of many existing ones? Is it a brand new one with no others online yet? Does BT host your servers?
04-02-2019 01:29 AM
Literally all BT Provide us with is the following handover details for each circuit (private info removed).
Company: XXXXXXXXX
Installation PSTN: XXXXXX
Product: IP Clear Super-fast STANDARDSimultaneous Provision: NO
Customer Site Address: XXXXXXX
VPN Number: VPNN90XXXX
Access ID: FDSL2XXXX
Circuit ID: IEUKXXXXXX
Bearer ID: BBEUXXXXXXXXXXX
Access Technology: FTTC
Access Speed/Upstream: 40 MBPS/10 MBPS
CoS Model: DSCP
EF class of service: 0 Kbits
AF class of service: AF1 0 Kbits AF2 0 Kbits AF3 0 Kbits AF4 0 Kbits
Promise Date: 01/04/19
PE Router IP: 81.XX.XX.XX
Routing Type : STATIC
Loop Back IP Address: 10.1.1.1
BGP AS Number:
Address Prefix: 10.1.1.0
Mask: 255.255.255.0
Username - XXXXXXXXXXXX@adslconnect.bt.com
Password - XXXXXXXXX
This particular MPLS configuration is around 100-150 branch sites which connect back to our internal head office infrastructure over the MPLS network. BT do not host our servers, they simply provide the connectivity back to HQ
The routing configuration is very simple, they just advise us to setup a 0.0.0.0 0.0.0.0 <PE IP>
They are adamant the other 253 addresses are "useable" by the LAN branch network but i really struggle to see how? Even when using IP unnumbered via a Loopback, we can't use the same interface on a dialer interface and a multiaccess interface can we?
BT's have said the following
The DSL and SFBB sites are configured as a /24 network with a loopback address in a static way.
For example, <branch site> SFBB is 10.1.7.0 / 255.255.255.0 with a router loopback of 10.1.7.254 meaning all of 10.1.7.x up to the router is useable.
03-22-2019 08:57 AM
Hello,
not sure if I have missed anything in this thread, but on a side note, if you have something like BT Clear IP, they usually want you to use a Loopback (for which they should have provided an IP address) which you then use for the Dialer interface. The entire thing woud look like below. Maybe you can post the configuration you currently have, and post the information that BT has provided:
interface Loopback0
ip address 192.168.100.1 255.255.255.255
!
interface Ethernet0
ip address 10.1.2.1 255.255.255.0
hold-queue 100 out
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
ip unnumbered Loopback0
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXX@XXXXXXXX.bt.com
ppp chap password 0 XXXXXXXXXX
ppp pap sent-username XXXXXXXXXX@XXXXXXXXXX.bt.com password 0 XXXXXXXXXXX
!
ip route 0.0.0.0 0.0.0.0 Dialer0
04-02-2019 01:35 AM
HI,
Thanks for the reply, I have a config very similar to the one provided but can't help but feel I am missing something. I think the last step is allowing the branch office to utilise the /24 subnet BT have provided to us but I can't see how this is possible when the /24 subnet provided is already bound to the dialler interface?
Perhaps the attached simplified topology diagram helps explains things a little better?
04-02-2019 01:44 AM - edited 04-02-2019 01:54 AM
the following allows my branch office router to ping head office resources. I cannot however get a PC sat on the lan interface of the branch office router (currently on ip unnumbered loopback1 10.1.1.1) to ping head office resources. I think due to the limitations of the ip unnumbered interface ad is not being supported on multi access interfaces perhaps??
Building configuration...
Current configuration : 2142 bytes
!
! Last configuration change at 16:31:05 UTC Mon Apr 1 2019
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXX
enable password XXXXXX
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VA-K9 sn FCZ222610XZ
!
!
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
!
interface Loopback2
no ip address
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
cdp enable
!
interface Ethernet0
bandwidth 40000
no ip address
ethernet oam mode passive
ethernet oam remote-loopback supported
ethernet oam
ethernet loopback permit external vlan 101
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
ethernet loopback permit external
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip unnumbered Loopback1
!
interface Dialer1
description Dialer Interface for MPLS
ip unnumbered Loopback1
ip virtual-reassembly in
ip virtual-reassembly out
encapsulation ppp
load-interval 30
dialer pool 1
ppp chap hostname AAXXXXXXXX@adslconnect.bt.com
ppp chap password 0 AAXXXXXXX
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 81.XXX.XXX.XXXX
!
!
snmp-server community w3ar3watching RO
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password XXXXXXXXXXXX
login
transport input none
!
scheduler allocate 20000 1000
!
end
03-22-2019 09:26 AM - edited 03-22-2019 09:27 AM
Hello
Surely BT are only for your transit network between your HQ and branch?
To enable you to communicate any and all other internal networks then you would possibly tunnel over this transit path ( bgp - igp? ) between HQ and Branch ?
04-02-2019 02:16 AM - edited 04-02-2019 02:20 AM
Hello
martin.daley@eventura.com wrote:
Hi,
BT will only route the 10.1.2.0/24 subnet for this particular branch, if I try to use NAT, it will not carry across the MPLS network and gets dropped in the MPLS circuit.
If I try and set VLAN 1 (for the branch local network) to anything in the 10.x range, I get an "overlap" error message from the router.
So essentially, my local branch devices need to belong to the 10.1.2.x/24 network which is the same as the dialler inte
So if you cannot use NAT and you need to use this one subnet the only other way i can see it to bridge the connection between your wan/lan interfaces.
Example:
bridge 1 route ip
bridge 1 protocol ieee
bridge irb
int x/x
description WAN facing
no ip address
Bridge group 1
Int xxx
Description LAN
no ip address
Bridge group 1
Int bvi 1
ip address 10.0.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 BVI1 10.0.1.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide