Assistance with static route on C3650-24TS

openfield2010 · ‎01-15-2018

Just need a bit of an assistance with configuring a Cisco Meraki MX device in terms of adding a static route to a Cisco C3650 which is our layer 3 switch.

The 2 MX devices, one here and one at a branch office, are configured to do Site to Site VPN.

Office MX - 10.14.130.149

Branch MX - 100.100.100.1

Cisco Layer 3 switch at head office - 10.14.130.250

MPLS network - 10.14.130.244

In the office, we have a number of VLANs, for example:

10.14.130.0/24 - Servers and clients

10.13.130.0/24 - Wireless

10.16.130.0/24 - Phone/Jabber Presence Server

10.17.130.0/24 - VOIP

We also off other offices connected through an MPLS network, for example:

10.100.0.0/24

Now i've added a static route into the core switch with the below command

conf t

ip route 100.0.0.0 255.0.0.0 10.14.130.149

end

Everything plugged into the branch office MX can connect fine to the Head Office subnets, so can communicate and ping devices on the 10.13,10.14,10.16,10.17 networks. However, it won't communicate with any device on the MPLS network.

From 100.100.100.1, i can ping 10.14.130.250, the layer 3 core switch, but it can't ping the MPLS router at 10.14.130.244.

Doing a show config on the core switch, i get the below which doesn't seem to include the 100.0.0.0/8 route.

ip route 0.0.0.0 0.0.0.0 10.14.130.253
ip route 10.0.0.0 255.0.0.0 10.14.130.244
ip route 10.250.130.0 255.255.255.0 10.14.130.253
ip route 10.251.130.0 255.255.255.0 10.14.130.253
ip route 10.255.236.0 255.255.252.0 5.20.87.176
ip route 147.152.20.0 255.255.255.0 10.14.130.244
ip route 147.152.22.0 255.255.255.0 10.14.130.244
ip route 192.168.0.0 255.255.0.0 10.14.130.244

When i do a show ip route, i get the below which does include the 100.0.0.0/8 network

S*    0.0.0.0/0 [1/0] via 10.14.130.253
      10.0.0.0/8 is variably subnetted, 18 subnets, 3 masks
S        10.0.0.0/8 [1/0] via 10.14.130.244
C        10.13.130.0/24 is directly connected, Vlan13
L        10.13.130.249/32 is directly connected, Vlan13
C        10.14.100.0/24 is directly connected, Vlan303
L        10.14.100.254/32 is directly connected, Vlan303
C        10.14.130.0/24 is directly connected, Vlan14
L        10.14.130.249/32 is directly connected, Vlan14
L        10.14.130.250/32 is directly connected, Vlan14
C        10.14.140.0/24 is directly connected, Vlan140
--More--         L        10.14.140.1/32 is directly connected, Vlan140
C        10.15.130.0/24 is directly connected, Vlan15
L        10.15.130.1/32 is directly connected, Vlan15
C        10.16.130.0/24 is directly connected, Vlan300
L        10.16.130.254/32 is directly connected, Vlan300
C        10.17.130.0/24 is directly connected, Vlan302
L        10.17.130.254/32 is directly connected, Vlan302
S        10.250.130.0/24 [1/0] via 10.14.130.253
S        10.251.130.0/24 [1/0] via 10.14.130.253
S     100.0.0.0/8 [1/0] via 10.14.130.149
      147.152.0.0/24 is subnetted, 2 subnets
S        147.152.20.0 [1/0] via 10.14.130.244
S        147.152.22.0 [1/0] via 10.14.130.244
S     192.168.0.0/16 [1/0] via 10.14.130.244

Any ideas at all what the issue. There are no issues at all with connecting between the offices over MPLS, so my machine on the 10.14.130.0 network can ping 10.100.0.3.

openfield2010 · ‎01-15-2018

Just an additional update with a couple of tracerts from one of the servers at a seperate site i.e. through the MPLS router.

From 10.14.110.4

Tracert to 10.14.130.149

1    <1 ms    <1 ms    <1 ms 10.14.110.249
2     6 ms     6 ms     6 ms 172.17.87.33
3    15 ms    15 ms    15 ms 172.17.87.17
4    22 ms    22 ms    22 ms 172.17.87.18
5    21 ms    21 ms    21 ms 10.14.130.149

Tracert to 100.100.100.1

1    <1 ms    <1 ms    <1 ms 10.14.110.249
2     6 ms     6 ms     6 ms 172.17.87.33
3    11 ms    11 ms    11 ms 172.17.87.29
4    17 ms    17 ms    17 ms 172.17.87.30
5    17 ms    17 ms    17 ms 81.134.131.81
6     *        *        *     Request timed out.
7     *        *        *     Request timed out.
8     *        *        *     Request timed out.

So it's hitting the Layer 3 switch it seems and then being diverted outside to 81.134.131.81 which is one of our external IPs

Tracert to www.google.co.uk

1    <1 ms    <1 ms    <1 ms 10.14.110.249
2     6 ms     6 ms     6 ms 172.17.87.33
3    10 ms    10 ms    10 ms 172.17.87.29
4    19 ms    19 ms    16 ms 172.17.87.30
5    17 ms    16 ms    16 ms 81.134.131.81
6    24 ms    23 ms    23 ms 31.55.137.136
7    23 ms    23 ms    23 ms core1-te0-13-0-3.southbank.ukcore.bt.net [109.15
9.254.26]
8    26 ms    26 ms    25 ms peer1-hu0-9-0-2.slough.ukcore.bt.net [62.172.103
.153]
9    25 ms    25 ms    25 ms 195.99.126.75

Deepak Kumar · ‎01-15-2018

Please share the network diagram.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

openfield2010 · ‎01-16-2018

Top one is a quick network diagram that i made up of our office, HPL, bottom one is just a brief map of some of our locations.

From the HPL Meraki MX device, i can ping 10.14.140.1/10.14.130.250, 10.14.130.253, 10.14.130.244 and also the office on the other side of the MPLS network, so 10.100.0.3 and 10.14.110.4.

From the other side of the Meraki VPN, i can ping any HPL subnet, so for example 10.14.140.1/10.14.130.250, 10.14.130.253, www.google.co.uk, but any ping response to 10.14.130.244(MPLS Router) or any subnet the other side of the MPLS router, fails.

How the core switch needs setting up, is that any traffic hitting the core switch wanting to go to any ip address that starts 100.0.0.0 is diverted through 10.14.130.149. This is why i put the static route in as above in my original post, it worked for all subnets in the office but not any subnets outside of the office/other side of the MPLS.

openfield2010 · ‎01-17-2018

Just a quick update, i added a static route into the switch at one of our branch offices that points to 100.100.100.1 255.255.255.0 10.14.130.149. When doing the tracert, it still jumps from the branch office to the MPLS network and then out to the internet.