Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
948
Views
15
Helpful
10
Replies

static route between 2 office

Beaurr
Level 1
Level 1

‎06-09-2022 08:10 AM

hello,

 

I have to prepare the replacement of swich on one of our offices.

 

The main office (A) and B are connected with a VPN operator in MPLS. I don't have control over ISP routers.

Currently, on site B, there is only one subnet, no VLAN, and the PCs are in fixed IP.

 

Office B switches (old 2960) will be replaced by L3 switches (9200).

 

The core network is located on A, there is also a WIFI controller, our DHCP servers, our servers for the VoiP...

 

Currently, only one subnet is routed from site A to site B. On the main office (A), on  core switch, I have a static route.

 

ip route 10.60.133.0 255.255.255.0 10.39.6.20 ( 10.39.6.20 is the vrrp virtual IP on the router A, there are 2 routers, the main and a backup).

 

My goals are:

 

  • create 4 VLANs on office B
  • enable default routing
  • add a default route
  • create a VTP domain on B
  • add ip helper address to switch site B to DHCP (the 2 DHCP servers are on office A)
  • Ask our  provider to add static routes to their equipment

 

  • create 4 VLANs on office B  :

Vlan 10
Name DATA
Vlan 20
Name VoIP
Vlan 30
Name Wifi
Vlan 40
Name Tech
Interface Vlan10
Ip address 10.60.133.253 255.255.255.0
Interface Vlan20
Ip address 10.61.133.253 255.255.255.0
Interface Vlan30
Ip address 10.62.133.253 255.255.255.0
Interface Vlan40
Ip address 10.63.133.253 255.255.255.0

 

  • enable default routing : 

#ip routing

 

  • add a default route

#ip route 0.0.0.0 0.0.0.0 10.60.133.254

 

  • create a VTP domain on B

#VTP domain XXXXX
#Vtp mode server
#Vtp password XXX

 

  • ask to provider to add ( on the main router A) DHCP relay agent for  B (the 2 DHCP servers are on office A)

ip helper-address 10.39.1.224 ( first DHCP server)
ip helper-address 10.39.1.223 ( second DHCP server)

 

On the network core switch ( office A) :

 

  • add 3 static routes :

#ip route 10.61.133.0 255.255.255.0 10.39.6.20

#ip route 10.62.133.0 255.255.255.0 10.39.6.20

#ip route 10.63.133.0 255.255.255.0 10.39.6.20

#ip route 10.60.133.0 255.255.255.0 10.39.6.20  <== This one already exists, it's the one in production

 

Ask to the provider to add on the main router ( A) 3 static route :

 

ip route 10.61.133.0 255.255.255.0 10.61.133.254

ip route 10.62.133.0 255.255.255.0 10.61.133.254

ip route 10.63.133.0 255.255.255.0 10.61.133.254

 

here I'm not sure : 10.60.133.254  it's the BVI 1 LAN interface of the ISP router ( on office B).

I don't have control of it but I can visualize the interfaces ( BVI1 10.60.133.254 up ** LAN CLIENT **)

 

do I also have to ask to the provider to add the return routes on the office B router?

 

I put a file with a schema

 

Thanks.

 

 

 

 

 

Labels:
Preview file
156 KB
10 Replies 10

MHM Cisco World
VIP
VIP

‎06-09-2022 08:14 AM

are your VPN is L2VPN or L3VPN?

0 Helpful

Beaurr
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2022 09:49 AM

L3VPN

0 Helpful

MHM Cisco World
VIP
VIP
In response to Beaurr

‎06-09-2022 10:01 AM

""I don't have control over ISP routers.""

you mean Site-B edge router ?? Edge router must know the new VLAN IP.

0 Helpful

Beaurr
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2022 10:24 AM

On site A and B, ISP router / modem is connected to my switch (L3)

0 Helpful

MHM Cisco World
VIP
VIP
In response to Beaurr

‎06-09-2022 10:40 AM

I think you need NAT to old Subnet since you can not config the ISP router.
think about it ISP receive traffic for VLAN how it will forwarding ???

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/217419-configure-and-verify-nat-on-catalyst-900.html

0 Helpful

Beaurr
Level 1
Level 1
In response to MHM Cisco World

‎06-09-2022 10:52 AM

I can't configure the ISP router myself but I can ask them to add commands, routes etc...

MHM Cisco World
VIP
VIP
In response to Beaurr

‎06-09-2022 03:14 PM

that prefect, 

in Site-B
the link between the ISP and L3SW is trunk or router port ?



0 Helpful

Beaurr
Level 1
Level 1
In response to MHM Cisco World

‎06-10-2022 12:21 AM

Currently, on the switch, no trunk or access, just duplex full and speed 100.  But for now, there is only one subnet

 

And on the ISP router ( I managed to get the conf file)

 

interface GigabitEthernet 0/1
no ip address
bridge-group 1
description *** LAN CLIENT ***
service-policy input COS-IN
service-policy output REMARK-DSCP

MHM Cisco World
VIP
VIP
In response to Beaurr

‎06-10-2022 02:55 PM

Yes put bridge-group is use only with L2VPN not L3VPN?

0 Helpful

Beaurr
Level 1
Level 1
In response to MHM Cisco World

‎06-13-2022 12:51 AM

??

it's a L3VPN.

 

on the operator side, I don't know what's behind but the business name of the offer is "business VPN" it's a MPLS VPN.

In my case I have site A and B, but in reality, there are other sites C, D etc... A is the central site

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card