cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
943
Views
15
Helpful
10
Replies

static route between 2 office

Beaurr
Level 1
Level 1

hello,

 

I have to prepare the replacement of swich on one of our offices.

 

The main office (A) and B are connected with a VPN operator in MPLS. I don't have control over ISP routers.

Currently, on site B, there is only one subnet, no VLAN, and the PCs are in fixed IP.

 

Office B switches (old 2960) will be replaced by L3 switches (9200).

 

The core network is located on A, there is also a WIFI controller, our DHCP servers, our servers for the VoiP...

 

Currently, only one subnet is routed from site A to site B. On the main office (A), on  core switch, I have a static route.

 

ip route 10.60.133.0 255.255.255.0 10.39.6.20 ( 10.39.6.20 is the vrrp virtual IP on the router A, there are 2 routers, the main and a backup).

 

My goals are:

 

  • create 4 VLANs on office B
  • enable default routing
  • add a default route
  • create a VTP domain on B
  • add ip helper address to switch site B to DHCP (the 2 DHCP servers are on office A)
  • Ask our  provider to add static routes to their equipment

 

  • create 4 VLANs on office B  :

Vlan 10
Name DATA
Vlan 20
Name VoIP
Vlan 30
Name Wifi
Vlan 40
Name Tech
Interface Vlan10
Ip address 10.60.133.253 255.255.255.0
Interface Vlan20
Ip address 10.61.133.253 255.255.255.0
Interface Vlan30
Ip address 10.62.133.253 255.255.255.0
Interface Vlan40
Ip address 10.63.133.253 255.255.255.0

 

  • enable default routing : 

#ip routing

 

  • add a default route

#ip route 0.0.0.0 0.0.0.0 10.60.133.254

 

  • create a VTP domain on B

#VTP domain XXXXX
#Vtp mode server
#Vtp password XXX

 

  • ask to provider to add ( on the main router A) DHCP relay agent for  B (the 2 DHCP servers are on office A)

ip helper-address 10.39.1.224 ( first DHCP server)
ip helper-address 10.39.1.223 ( second DHCP server)

 

On the network core switch ( office A) :

 

  • add 3 static routes :

#ip route 10.61.133.0 255.255.255.0 10.39.6.20

#ip route 10.62.133.0 255.255.255.0 10.39.6.20

#ip route 10.63.133.0 255.255.255.0 10.39.6.20

#ip route 10.60.133.0 255.255.255.0 10.39.6.20  <== This one already exists, it's the one in production

 

Ask to the provider to add on the main router ( A) 3 static route :

 

ip route 10.61.133.0 255.255.255.0 10.61.133.254

ip route 10.62.133.0 255.255.255.0 10.61.133.254

ip route 10.63.133.0 255.255.255.0 10.61.133.254

 

here I'm not sure : 10.60.133.254  it's the BVI 1 LAN interface of the ISP router ( on office B).

I don't have control of it but I can visualize the interfaces ( BVI1 10.60.133.254 up ** LAN CLIENT **)

 

do I also have to ask to the provider to add the return routes on the office B router?

 

I put a file with a schema

 

Thanks.

 

 

 

 

 

10 Replies 10

are your VPN is L2VPN or L3VPN?

L3VPN

""I don't have control over ISP routers.""

you mean Site-B edge router ?? Edge router must know the new VLAN IP.

On site A and B, ISP router / modem is connected to my switch (L3)

I think you need NAT to old Subnet since you can not config the ISP router.
think about it ISP receive traffic for VLAN how it will forwarding ???

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/217419-configure-and-verify-nat-on-catalyst-900.html

I can't configure the ISP router myself but I can ask them to add commands, routes etc...

that prefect, 

in Site-B
the link between the ISP and L3SW is trunk or router port ?



Currently, on the switch, no trunk or access, just duplex full and speed 100.  But for now, there is only one subnet

 

And on the ISP router ( I managed to get the conf file)

 

interface GigabitEthernet 0/1
no ip address
bridge-group 1
description *** LAN CLIENT ***
service-policy input COS-IN
service-policy output REMARK-DSCP

Yes put bridge-group is use only with L2VPN not L3VPN?

??

it's a L3VPN.

 

on the operator side, I don't know what's behind but the business name of the offer is "business VPN" it's a MPLS VPN.

In my case I have site A and B, but in reality, there are other sites C, D etc... A is the central site

Review Cisco Networking for a $25 gift card