06-15-2012 08:19 AM - edited 03-07-2019 07:16 AM
Hello,
I am trying to test a new metro e circuit for internet, keep in mind this is a test and I am out of interfaces on our 2811 router at the moment to run this new test network AND our current production network.
So I am wondering if I can do this simular config just by vlanning two ports on our cisco 3750 switch stack with one port connected to the overture isg24 provided by our ISP (ethernet handoff) and another port connected to a test machine assigned with one of the external IP addresses in the block provided by our ISP.
They sent us this sample configuration, and of course this does not work on a 3750 switch because it has subinterfaces.
interface eth 0/1
description VLAN trunk interface connected to ISP ethernet handoff
speed 100
encapsulation 802.1q
max-reserved-bandwidth 100
qos-policy out shape_policy
no shutdown
!
interface eth 0/1.10
description => Internet
vlan-id 10
ip address 64.x.x.10 255.255.255.252
ip access-group NOSPOOF in
no shutdown
interface eth 0/1.20
description => MPLS VPN
vlan-id 20
ip address 66.x.x.246 255.255.255.252
no shutdown
!
interface eth 0/2
description => Direct connection to PUBLIC LAN
ip address 63.x.x.113 255.255.255.240
no shutdown
What I'm trying to do is get this translated into something that works with the switch. I tried this and I don't think the WAN side is working. I'm hoping I can test this entirely via the switch stack but if it requires a real router then its just going to have to wait until after hours when we can take the live internet down.
interface FastEthernet7/0/13
description vlan trunk to internet test - Overture ISG24 handoff
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20
switchport mode trunk
speed 100
spanning-tree portfast
max-reserved-bandwidth 100
!
interface FastEthernet7/0/14
no switchport
ip address 63.x.x.113 255.255.255.240
spanning-tree portfast
!
interface Vlan10
ip address 64.x.x.10 255.255.255.252
!
Then my test PC is given the public IP: 63.x.x.114 255.255.255.240 (which is within the block) with default gateway of 63.x.x.113 which pings fine.
The thing is I can't really put a quad 0 route in because this switch stack is our core switch. Currently the 0.0.0.0 route points to our firewall, which points to our internet router that has 3 T1's on it. I just want to test this ONE PORT fe7/0/14 to go out the Overture ISG fast ethernet 100mbps handoff which is in turn connected to a fujitsu lightwave sonet multiplexer (all provided by the ISP).
Is what I am trying to do even possible?
Solved! Go to Solution.
06-15-2012 08:54 AM
Hello Keith,
a L2 trunk port to the ISP device is fine but you don't need the native vlan 10 unless required/stated by ISP to emulate suggested configuration you need two SVIs one for vlan 10 and one for vlan 20
You can use a VRF to make a more meaningful test without impacting the real user traffic.
You just need to put SVIs Vlan10 and Vlan20 in the test VRF and you have a separate standalone routing table that allows you to use a default route without impact.
ip vrf TEST
rd 100:100
!
interface vlan 10
ip vrf forwarding TEST
! you need to retype the IP address as it is removed when the SVI is associated to a VRF
ip address
the same for vlan 20
You can create a static default route in VRF using
ip route vrf TEST 0.0.0.0 0.0.0.0 vlan10
Ping tests can be done using
ping vrf TEST command
Hope to help
Giuseppe
06-15-2012 08:54 AM
Hello Keith,
a L2 trunk port to the ISP device is fine but you don't need the native vlan 10 unless required/stated by ISP to emulate suggested configuration you need two SVIs one for vlan 10 and one for vlan 20
You can use a VRF to make a more meaningful test without impacting the real user traffic.
You just need to put SVIs Vlan10 and Vlan20 in the test VRF and you have a separate standalone routing table that allows you to use a default route without impact.
ip vrf TEST
rd 100:100
!
interface vlan 10
ip vrf forwarding TEST
! you need to retype the IP address as it is removed when the SVI is associated to a VRF
ip address
the same for vlan 20
You can create a static default route in VRF using
ip route vrf TEST 0.0.0.0 0.0.0.0 vlan10
Ping tests can be done using
ping vrf TEST command
Hope to help
Giuseppe
06-15-2012 09:40 AM
Thanks, I didn't even realize about the vrf command.
I believe I now have internet connectivity from the switch to the new circuit. I just can't seem to figure out how to get the test PC on port fe 7/0/14 to communicate with the outside world.
Lookup google and ping it from the switch...
#ping vrf test 173.194.75.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.75.105, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/26 ms
I guess I am confused by the configuration sheet my ISP gave me.
The INTERNET side has an ip of 64.x.x.10 on MY end, and their gateway is 64.x.x.9. Its a 255.255.255.252 so those are the only two IP addresses available.
They assigned me a /28 starting at 63.x.x.113 through 63.x.x.126. (s/n 255.255.255.240)
So I put this on Fe 7/0/14 but when you put an IP address on an interface I'm not sure how I can some how tie that into whats going on with vlan10 for example
interface FastEthernet7/0/14
no switchport
ip address 63.x.x.113 255.255.255.240 (this should be my default gateway on my test PC)
spanning-tree portfast
!
I think I'm missing another route statement.
06-15-2012 10:12 AM
Nevermind, I got it to work.
I moved the public ip block address into a vlan 11 and route between vlan 11 and 10.
See I am used to bouncing off multiple devices. In the production environment the switch stack routes quad 0 to an asa firewall pair, then that asa firewall pair routes to a 2811 in turn which is connected to the internet.
So in that mindset is where my head is.
Testing the new circuit on a test machine and its working great. Good bandwidth, far better than 3xt1's from what we are moving from, thats for sure. I can play around with it a bit and feel confident moving it live after hours.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: