08-22-2022 07:16 AM - edited 08-23-2022 09:14 PM
Hi Everyone,
BGP (Wan Site) is the production internet which are working properly now.
We would like to
Please give any suggestion on it, if I'm incorrect on my configuration of static route and HSRP route to Wan site.
Thanks a lot.
Site A
BGP (WAN site)
interface GigabitEthernet1/1/1
description ISP-Core-SiteA_G1/1
no switchport
ip address 10.100.248.5 255.255.255.252
speed nonegotiate
interface GigabitEthernet2/1/1
description ISP-Core-SiteB_G2/4
no switchport
ip address 10.100.248.20 255.255.255.252
speed nonegotiate
interface Vlan221
ip address 221.126.192.100 255.255.255.240
router bgp 64990
bgp router-id 10.100.248.5
bgp log-neighbor-changes
bgp dampening 5 1900 2000 10
network 172.24.44.0 mask 255.255.255.192
network 221.126.192.100 mask 255.255.255.240
network 221.126.192.112 mask 255.255.255.240
neighbor 10.100.248.1 remote-as 65303
neighbor 10.100.248.1 route-map PRIORITY_REDIST out
neighbor 10.100.248.9 remote-as 65303
neighbor 10.100.248.9 route-map PRIORITY_REDIST out
ip access-list standard VL172
10 permit 172.24.33.0 0.0.0.63
20 permit 172.24.44.0 0.0.0.63
ip access-list standard VL221
10 permit 221.126.192.96 0.0.0.15
ip access-list standard VL222
10 permit 221.126.192.112 0.0.0.15
ip access-list standard 1
10 permit 221.126.192.96 0.0.0.15
20 permit 172.24.33.0 0.0.0.63
30 permit 172.24.44.0 0.0.0.63
40 deny any log
ip access-list standard 2
10 permit 221.126.192.96 0.0.0.15
20 deny any log
30 permit 221.126.192.112 0.0.0.15
route-map PRIORITY_REDIST permit 10
match ip address VL172
route-map PRIORITY_REDIST permit 20
match ip address VL221
route-map PRIORITY_REDIST permit 30
match ip address VL222
set as-path prepend 64990 64990
Static route intervlan 172 (Primary and Secondary IP subnet)
ip route 172.24.44.0 255.255.255.192 172.24.33.2
HSRP with VRF
ip route 172.24.33.0 255.255.255.192 221.126.192.100
ip route 172.24.44.0 255.255.255.192 221.126.192.100
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.5
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.20
int Vlan172
vrf forwarding PBL
ip address 172.24.44.2 255.255.255.192 secondary
ip address 172.24.33.2 255.255.255.192
standby 0 ip 172.24.33.3
standby 0 ip 172.24.44.3 secondary
standby 0 priority 120
standby 0 preempt
standby 0 track 1 decrement 20
interface GigabitEthernet1/1/1
description ISP-Core-SiteA_G1/1
vrf forwarding PBL
no switchport
ip address 10.100.248.5 255.255.255.252
speed nonegotiate
interface GigabitEthernet2/1/1
description ISP-Core-SiteB_G2/4
vrf forwarding PBL
no switchport
ip address 10.100.248.20 255.255.255.252
speed nonegotiate
Site B
BGP (WAN site)
interface GigabitEthernet1/1/1
description ISP-Core-SiteB_Gi2/6
no switchport
ip address 10.100.248.15 255.255.255.252
speed nonegotiate
interface GigabitEthernet2/1/1
description ISP-Core-SiteA_Gi1/2
no switchport
ip address 10.100.248.30 255.255.255.252
speed nonegotiate
interface Vlan222
ip address 221.126.192.112 255.255.255.240
router bgp 64990
bgp router-id 10.100.248.15
bgp log-neighbor-changes
bgp dampening 5 1900 2000 10
network 172.24.33.0 mask 255.255.255.192
network 172.24.44.0 mask 255.255.255.192
network 221.126.192.100 mask 255.255.255.240
network 221.126.192.112 mask 255.255.255.240
neighbor 10.100.248.5 remote-as 65303
neighbor 10.100.248.5 route-map PRIORITY_REDIST out
neighbor 10.100.248.13 remote-as 65303
neighbor 10.100.248.13 route-map PRIORITY_REDIST out
ip access-list standard VL172
10 permit 172.24.33.0 0.0.0.63
20 permit 172.24.44.0 0.0.0.63
ip access-list standard VL221
10 permit 221.126.192.96 0.0.0.15
ip access-list standard VL222
10 permit 221.126.192.112 0.0.0.15
ip access-list standard 1
10 permit 221.126.192.112 0.0.0.15
20 permit 172.24.33.0 0.0.0.63
30 permit 172.24.44.0 0.0.0.63
40 deny any log
ip access-list standard 2
10 permit 221.126.192.112 0.0.0.15
20 deny any log
30 permit 221.126.192.96 0.0.0.15
route-map PRIORITY_REDIST permit 10
match ip address VL172
route-map PRIORITY_REDIST permit 20
match ip address VL221
route-map PRIORITY_REDIST permit 30
match ip address VL222
set as-path prepend 64990 64990
Static route intervlan 172 (Primary and Secondary IP subnet)
ip route 172.24.44.0 255.255.255.192 172.24.33.62
HSRP with VRF
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.15
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.30
ip route 172.24.33.0 255.255.255.192 221.126.192.112
ip route 172.24.44.0 255.255.255.192 221.126.192.112
int Vlan 172
vrf forwarding PBL
ip address 172.24.44.62 255.255.255.192 secondary
ip address 172.24.33.62 255.255.255.192
standby 0 ip 172.24.33.3
standby 0 ip 172.24.44.3 secondary
standby 0 priority 120
standby 0 preempt
standby 0 track 1 decrement 20
interface GigabitEthernet1/1/1
description ISP-Core-SiteB_Gi2/6
vrf forwarding PBL
no switchport
ip address 10.100.248.15 255.255.255.252
speed nonegotiate
interface GigabitEthernet2/1/1
description ISP-Core-SiteA_Gi1/2
vrf forwarding PBL
no switchport
ip address 10.100.248.30 255.255.255.252
speed nonegotiate
08-24-2022 03:06 AM
are the WAN and HSRP Peer in same VRF ? if not router can not forward traffic
08-24-2022 09:45 AM - edited 09-05-2022 12:05 AM
Hi MHW,
We do not have VRF as Wan Site (BGP) setting upper sample when we setup the BGP setting.
The VRF would like to additional add on the New HSRP configuration and route to Wan site.
how to do the forward traffic as same VRF between Wan and HSRP peer?
We would like to keep it sample.
The Static route as route to Wan and intervlan 172, correct?
Do we set for these route for primary and secondary route as below:
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.15
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.30 20
Site A
Static route intervlan 172 (Primary and Secondary IP subnet)
ip route 172.24.44.0 255.255.255.192 172.24.33.2
HSRP with VRF
ip route 172.24.33.0 255.255.255.192 221.126.192.100
ip route 172.24.44.0 255.255.255.192 221.126.192.100
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.5
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.20
Site B
Static route intervlan 172 (Primary and Secondary IP subnet)
ip route 172.24.44.0 255.255.255.192 172.24.33.62
HSRP with VRF
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.15
ip route vrf PBL 0.0.0.0 0.0.0.0 10.100.248.30
ip route 172.24.33.0 255.255.255.192 221.126.192.112
ip route 172.24.44.0 255.255.255.192 221.126.192.112
We would like to add it on BGP on same VRF name as following:
Site A
BGP (WAN site)
interface GigabitEthernet1/1/1
description ISP-Core-SiteA_G1/1
vrf fowarding PBL
no switchport
ip address 10.100.248.5 255.255.255.252
speed nonegotiate
interface GigabitEthernet2/1/1
description ISP-Core-SiteB_G2/4
vrf fowarding PBL
no switchport
ip address 10.100.248.20 255.255.255.252
speed nonegotiate
interface Vlan221
ip address 221.126.192.100 255.255.255.240
router bgp 64990
bgp router-id 10.100.248.5
bgp log-neighbor-changes
bgp dampening 5 1900 2000 10
address-family ipv4 vrf PBL
network 172.24.44.0 mask 255.255.255.192
network 221.126.192.100 mask 255.255.255.240
network 221.126.192.112 mask 255.255.255.240
neighbor 10.100.248.1 remote-as 65303
neighbor 10.100.248.1 route-map PRIORITY_REDIST out
neighbor 10.100.248.9 remote-as 65303
neighbor 10.100.248.9 route-map PRIORITY_REDIST out
ip access-list standard VL172
10 permit 172.24.33.0 0.0.0.63
20 permit 172.24.44.0 0.0.0.63
ip access-list standard VL221
10 permit 221.126.192.96 0.0.0.15
ip access-list standard VL222
10 permit 221.126.192.112 0.0.0.15
ip access-list standard 1
10 permit 221.126.192.96 0.0.0.15
20 permit 172.24.33.0 0.0.0.63
30 permit 172.24.44.0 0.0.0.63
40 deny any log
ip access-list standard 2
10 permit 221.126.192.96 0.0.0.15
20 deny any log
30 permit 221.126.192.112 0.0.0.15
route-map PRIORITY_REDIST permit 10
match ip address VL172
route-map PRIORITY_REDIST permit 20
match ip address VL221
route-map PRIORITY_REDIST permit 30
match ip address VL222
set as-path prepend 64990 64990
Site B
BGP (WAN site)
interface GigabitEthernet1/1/1
description ISP-Core-SiteB_Gi2/6
no switchport
vrf fowarding PBL
ip address 10.100.248.15 255.255.255.252
speed nonegotiate
interface GigabitEthernet2/1/1
description ISP-Core-SiteA_Gi1/2
vrf fowarding PBL
no switchport
ip address 10.100.248.30 255.255.255.252
speed nonegotiate
interface Vlan222
ip address 221.126.192.112 255.255.255.240
router bgp 64990
bgp router-id 10.100.248.15
bgp log-neighbor-changes
bgp dampening 5 1900 2000 10
address-family ipv4 vrf PBL
network 172.24.33.0 mask 255.255.255.192
network 172.24.44.0 mask 255.255.255.192
network 221.126.192.100 mask 255.255.255.240
network 221.126.192.112 mask 255.255.255.240
neighbor 10.100.248.5 remote-as 65303
neighbor 10.100.248.5 route-map PRIORITY_REDIST out
neighbor 10.100.248.13 remote-as 65303
neighbor 10.100.248.13 route-map PRIORITY_REDIST out
ip access-list standard VL172
10 permit 172.24.33.0 0.0.0.63
20 permit 172.24.44.0 0.0.0.63
ip access-list standard VL221
10 permit 221.126.192.96 0.0.0.15
ip access-list standard VL222
10 permit 221.126.192.112 0.0.0.15
ip access-list standard 1
10 permit 221.126.192.112 0.0.0.15
20 permit 172.24.33.0 0.0.0.63
30 permit 172.24.44.0 0.0.0.63
40 deny any log
ip access-list standard 2
10 permit 221.126.192.112 0.0.0.15
20 deny any log
30 permit 221.126.192.96 0.0.0.15
route-map PRIORITY_REDIST permit 10
match ip address VL172
route-map PRIORITY_REDIST permit 20
match ip address VL221
route-map PRIORITY_REDIST permit 30
match ip address VL222
set as-path prepend 64990 64990
Am I right?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide