08-22-2014 01:04 PM - edited 03-07-2019 08:30 PM
This issue is more than likely something dumb that I am missing but I can not figure it out for the life of me. I am currently moving all our sites to a verizon MPLS cloud service. I turned up my first site and went live and I am unable to access any services in our datacenter. I can ping google, I can ping the outside interface of my router at the datacenter but not through it to any of my two internal vlans. From the router in the datacenter I can ping servers on both vlans fine and i can ping that router from servers in both vlans. Please help. Below is a poor map of our network. The existing managed firewall will be cut once I can get this working.
08-22-2014 01:14 PM
Do you have any ACLs on the datacenter router? Out of curiosity, what were you using before MPLS?
08-22-2014 01:27 PM
No I do not. We are still using the current connection. We have a hosted firewall from the datacenter and internet is provided via that firewall and all sites currently are Point to Point and connected to that firewall all of which is managed by them.
08-22-2014 01:48 PM
Hey Mj,
Need for more information, post 'show run' and 'show ip route' from both the routers.
Regards,
RS.
08-22-2014 06:48 PM
Here is the sh run and sh ip route from the datacenter router. I do not have access to the router at the site due to its after hours and i had to roll them back over to the old PTP connection which is a different router. It has a very basic setup. BGP is setup just like it is on the datacenter router minus the neighbor's address and the outside interface is the exact same minus the ip address. Verizion said that they can see that datacenter's router is advertising via BGP the VLANS im trying to access behind datacenters router but I can not ping or access an resources located there. Site A's router does not have eigrp setup since there is only one subnet there and only about 5 host at this location. If you have any specific questions about site a's router i can tell you. Enough of me ranting here is the config and show ip route for datacenter's router
!
! Last configuration change at 19:29:35 UTC Fri Aug 22 2014 by berbee
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Datacenter router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
ip domain name carter.local
no ipv6 cef
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-1758853909
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1758853909
revocation-check none
rsakeypair TP-self-signed-1758853909
!
!
crypto pki certificate chain TP-self-signed-1758853909
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373538 38353339 3039301E 170D3134 30333133 32323138
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37353838
35333930 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100925A 128D2EE7 20898D82 5A5EB003 3F2E5C33 F7993D76 0C081C66 12BBB2D1
7A685E38 0C5B17E2 8BCB9A54 13FDDFE3 E5C46C83 597C03BD 83E781A1 75B19D4D
E3164CFC 1DA5EB2D 043CE991 A11A7993 7866B44B DD7B3DD5 883D36D2 E6049991
B20617BD 677072BF B41C9816 CC08E9DF E2B0C149 36A45025 A9EF4A0C 75015E61
FF290203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14DAD7D1 51BBC841 1A6324FA 9D14648E FD8BBB75 66301D06
03551D0E 04160414 DAD7D151 BBC8411A 6324FA9D 14648EFD 8BBB7566 300D0609
2A864886 F70D0101 05050003 81810044 246EC4DC DF989533 45844110 632A4F4F
2805D2BE C34DD5E5 1C2D14E6 80DCD822 C666ACD2 8E317FB8 40A45992 E6B23E08
45BD0076 68D621C8 D4ADA61A D1EC559F 2D39761C C90B46DC 7B47D4D0 74E8F9B5
FE239072 6924B9FD 99E74A40 2F9B7F4A 48A5A10D 9807ED45 3C835D0B EC46E1D8
491CB25A E5D55137 AFF139FE 4860C1
quit
license udi pid CISCO2911/K9 sn FTX1811AK7A
!
!
username ****** privilege 15 password 0 ******
!
!
ip ssh authentication-retries 2
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Verizon MPLS
ip address 65.249.101.126 255.255.255.252
duplex full
speed 100
!
interface GigabitEthernet0/1
ip address 10.1.1.38 255.255.255.0
ip helper-address 192.168.0.225
duplex auto
speed 1000
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
!
router eigrp 1
default-metric 1544 100 254 1 1500
network 10.1.1.0 0.0.0.255
network 65.249.101.124 0.0.0.3
!
router bgp 1
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor 65.249.101.125 remote-as 65000
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 192.168.0.0 255.255.252.0 10.1.1.253 250
!
!
!
snmp-server community
snmp-server community
snmp-server location LightBound
snmp-server contact Systems Manager
snmp-server enable traps entity-sensor threshold
snmp-server host version 2c
!
control-plane
!
!
banner motd ^CC
!
line con 0
password
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password
login local
length 0
transport input ssh
line vty 5 15
privilege level 15
password
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 65.249.101.125 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 65.249.101.125, 06:50:26
10.0.0.0/8 is variably subnetted, 22 subnets, 5 masks
D 10.0.1.0/24 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D EX 10.0.2.0/24
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
B 10.0.2.0/25 [20/0] via 65.249.101.125, 06:50:26
B 10.0.2.128/25 [20/0] via 65.249.101.125, 06:50:26
D EX 10.0.3.0/24
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.0.4.0/24
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
EX 10.0.5.0/24
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.0.6.0/24 [170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.0.7.0/24
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.0.8.0/24
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.0.9.0/24
[170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.0.200.0/30
[170/28672] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D 10.0.200.8/29 [90/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.0.200.16/29
[170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
C 10.1.1.0/24 is directly connected, GigabitEthernet0/1
L 10.1.1.38/32 is directly connected, GigabitEthernet0/1
D EX 10.2.0.56/32
[170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.2.0.58/32
[170/1683712] via 10.1.1.253, 00:53:48, GigabitEthernet0/1
D EX 10.2.0.60/32
[170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 10.2.0.62/32
[170/1683712] via 10.1.1.253, 00:03:11, GigabitEthernet0/1
D 10.2.1.0/24 [90/3328] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D 10.3.1.0/24 [90/3072] via 10.1.1.252, 06:04:36, GigabitEthernet0/1
[90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
63.0.0.0/32 is subnetted, 1 subnets
B 63.65.239.250 [20/0] via 65.249.101.125, 06:50:26
65.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
B 65.249.100.112/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.100.156/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.101.4/30 [20/0] via 65.249.101.125, 06:50:26
C 65.249.101.124/30 is directly connected, GigabitEthernet0/0
L 65.249.101.126/32 is directly connected, GigabitEthernet0/0
B 65.249.102.172/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.102.200/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.102.220/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.103.52/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.104.104/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.104.176/30 [20/0] via 65.249.101.125, 06:50:26
B 65.249.104.180/30 [20/0] via 65.249.101.125, 06:50:26
169.254.0.0/30 is subnetted, 1 subnets
D EX 169.254.254.0
[170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
172.16.0.0/16 is variably subnetted, 13 subnets, 3 masks
172.16.31.0/30
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.2/32
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.4/30
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.6/32
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.8/30
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.10/32
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.12/30
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.14/32
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
B 172.16.31.16/30 [20/0] via 65.249.101.125, 06:50:26
D EX 172.16.31.18/32
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.20/30
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX 172.16.31.22/32
[170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
172.16.31.24/29
[170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
172.19.0.0/24 is subnetted, 1 subnets
D EX 172.19.70.0
[170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
172.22.0.0/24 is subnetted, 1 subnets
D EX 172.22.73.0 [170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D 192.168.0.0/22 [90/3328] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D 192.168.10.0/24 [90/3328] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
192.168.11.0/30 is subnetted, 1 subnets
D 192.168.11.0 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D 192.168.20.0/23 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D 192.168.22.0/24 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D 192.168.24.0/23 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
206.246.157.0/29 is subnetted, 1 subnets
D EX 206.246.157.112
[170/3072] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
208.205.41.0/24 is variably subnetted, 2 subnets, 2 masks
B 208.205.41.64/27 [20/0] via 65.249.101.125, 06:50:26
B 208.205.41.250/32 [20/0] via 65.249.101.125, 06:50:26
08-22-2014 07:03 PM
Here is the show run and show ip route from our "Core" switch that is connected via port gi 0/1 on both devices. and all our internal vlans connect back too.
#show run
Building configuration...
Current configuration : 15964 bytes
!
! Last configuration change at 15:29:27 UTC Fri Aug 22 2014 by berbee
! NVRAM config last updated at 15:30:08 UTC Fri Aug 22 2014 by berbee
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname datacenter core switch
!
boot-start-marker
boot-end-marker
!
logging buffered 50000
!
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
ip routing
!
!
ip name-server 192.168.0.225
ip multicast-routing distributed
vtp mode transparent
udld enable
!
mls qos map policed-dscp 0 24 to 8
mls qos map cos-dscp 0 8 16 24 34 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 2 4
mls qos srr-queue output cos-map queue 2 threshold 2 3
--More-- mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 25 32 34 36
mls qos srr-queue output dscp-map queue 2 threshold 1 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24 26
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 3 400 400 100 400
mls qos queue-set output 2 threshold 2 400 400 100 400
mls qos queue-set output 1 buffers 15 20 45 20
mls qos
!
crypto pki trustpoint TP-self-signed-4275373312
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4275373312
revocation-check none
rsakeypair TP-self-signed-4275373312
!
!
c
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 8192
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
!
vlan internal allocation policy ascending
!
vlan 3-6
!
vlan 12
name Voice_Servers
!
vlan 20
name Management_VLAN
!
vlan 999
name NATIVE_VLAN
!
!
class-map match-all POLICE_GUEST
match access-group 11
class-map match-all VVLAN-CALL-SIGNALING
match access-group name VVLAN-CALL-SIGNALING
class-map match-all vlan4
class-map match-all VVLAN-VOICE
match access-group name VVLAN-VOICE
class-map match-all VVLAN-ANY
match access-group name VVLAN-ANY
class-map match-all AGENT-DESKTOP-TRAFFIC
match access-group name AGENT-DESKTOP-TRAFFIC
!
!
policy-map IPPHONE+PC-BASIC
class VVLAN-VOICE
set dscp ef
police 512000 8000 exceed-action drop
class VVLAN-CALL-SIGNALING
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
class VVLAN-ANY
set dscp default
police 32000 8000 exceed-action policed-dscp-transmit
class AGENT-DESKTOP-TRAFFIC
set dscp cs3
police 256000 8000 exceed-action policed-dscp-transmit
class class-default
set dscp default
police 5000000 8000 exceed-action policed-dscp-transmit
policy-map POLICE_GUEST_VLAN4
class POLICE_GUEST
police 3000000 1000000 exceed-action drop
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
description Datacenter router for verizon MPLS
switchport access vlan 12
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 12
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
description connect to dell power connect
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet0/7
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
description vCloud crossconnect
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet0/9
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
description ASA Managed by datacenter providor
switchport access vlan 12
switchport mode access
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/12
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/13
description trunk to WLC 2504
switchport trunk encapsulation dot1q
switchport trunk native vlan 12
switchport trunk allowed vlan 2-998
switchport mode trunk
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet0/14
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/15
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/16
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/17
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/18
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/19
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/20
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/21
switchport access vlan 12
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/22
description Websense Main
switchport access vlan 12
shutdown
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/23
description TRUNK TO Datacenter switch 2
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 2-998,1000-4094
switchport mode trunk
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet0/24
description PTP to Anderson's Core (192.168.1.0/22 subnet)
no switchport
ip address 192.168.11.2 255.255.255.252
ip pim sparse-dense-mode
srr-queue bandwidth share 1 25 70 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3
description Dock Wireless vLAN
ip address 192.168.21.248 255.255.254.0
ip helper-address 192.168.0.225
no ip redirects
no ip route-cache cef
no ip route-cache
no ip mroute-cache
standby 1 ip 192.168.21.254
standby 1 priority 110
standby 1 preempt
!
interface Vlan4
description Guest Wireless
ip address 192.168.22.248 255.255.255.0
ip helper-address 192.168.0.225
rate-limit input 3000000 300000 3500000 conform-action transmit exceed-action drop
rate-limit output 3000000 300000 3500000 conform-action transmit exceed-action drop
standby 1 ip 192.168.22.254
standby 1 priority 110
standby 1 preempt
!
interface Vlan5
description vcloud
ip address 10.0.1.252 255.255.255.0
ip helper-address 192.168.0.225
no ip redirects
ip pim sparse-dense-mode
no ip route-cache cef
no ip route-cache
no ip mroute-cache
standby 4 ip 10.0.1.1
standby 4 priority 110
standby 4 preempt
!
interface Vlan6
description Wireless vLAN
ip address 192.168.25.254 255.255.254.0
ip helper-address 192.168.0.225
no ip redirects
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface Vlan12
description Voice Server Subnet
ip address 10.1.1.251 255.255.255.0
ip helper-address 192.168.0.225
no ip redirects
no ip proxy-arp
ip pim dr-priority 10
ip pim sparse-dense-mode
no ip route-cache cef
no ip route-cache
no ip mroute-cache
standby 1 ip 10.1.1.254
standby 1 priority 110
standby 1 preempt
!
interface Vlan20
description Management VLAN
ip address 10.3.1.251 255.255.255.0
no ip redirects
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
!
router eigrp 1
default-metric 1544 100 254 1 1500
network 10.0.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
network 192.168.11.0 0.0.0.3
network 192.168.20.0 0.0.1.255
network 192.168.22.0
network 192.168.24.0 0.0.1.255
redistribute static route-map redis_static
passive-interface default
no passive-interface GigabitEthernet0/24
no passive-interface Vlan20
no passive-interface Vlan12
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.253 250
ip route 10.2.1.0 255.255.255.0 10.1.1.253 250
ip route 192.168.0.0 255.255.252.0 10.1.1.253 250
ip route 192.168.10.0 255.255.255.0 10.1.1.253 250
ip route 192.168.20.0 255.255.254.0 10.1.1.253 250
ip route 192.168.22.0 255.255.255.0 10.1.1.253 250
ip route 192.168.24.0 255.255.254.0 10.1.1.253 250
!
ip http server
ip http secure-server
ip pim rp-address 10.1.1.251 PIM_SPARSE
!
ip access-list standard PIM_SPARSE
permit 239.0.1.2
!
ip access-list extended AGENT-DESKTOP-TRAFFIC
permit tcp 192.168.0.0 0.0.3.255 any eq 42028
permit tcp 192.168.0.0 0.0.3.255 any eq 59020
ip access-list extended VVLAN-ANY
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended VVLAN-CALL-SIGNALING
permit tcp 10.1.1.0 0.0.0.255 any range 2000 2002
permit udp 10.1.1.0 0.0.0.255 any eq 5060
permit tcp 10.1.1.0 0.0.0.255 any eq 5060
permit tcp 10.1.1.0 0.0.0.255 any range 11000 11999
permit udp 10.1.1.0 0.0.0.255 any eq 2427
permit udp 10.1.1.0 0.0.0.255 any eq 2428
permit tcp 10.1.1.0 0.0.0.255 any eq 1720
ip access-list extended VVLAN-VOICE
permit udp 10.1.1.0 0.0.0.255 any range 16384 32767
!
ip sla enable reaction-alerts
access-list 10 permit 0.0.0.0
access-list 11 permit 192.168.22.0
access-list 199 permit icmp host 192.168.2.1 any log
access-list 199 permit ip any any
route-map redis_static permit 10
match ip address 10
!
!
snmp-server location Server Room
snmp-server contact Systems Manager
!
line con 0
line vty 0 4
password
login local
length 0
line vty 5 15
password
login local
!
ntp clock-period 36027495
ntp source Vlan12
ntp server 67.222.149.177
ntp server 216.184.20.83
ntp server 155.101.3.114
end
#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.1.1.253 to network 0.0.0.0
169.254.0.0/30 is subnetted, 1 subnets
D EX 169.254.254.0 [170/28416] via 10.1.1.253, 1w2d, Vlan12
65.0.0.0/30 is subnetted, 1 subnets
D 65.249.101.124 [90/28416] via 10.1.1.38, 06:22:40, Vlan12
D 192.168.10.0/24 [90/3072] via 192.168.11.1, 1w2d, GigabitEthernet0/24
206.246.157.0/29 is subnetted, 1 subnets
D EX 206.246.157.112 [170/3072] via 10.1.1.253, 1w2d, Vlan12
172.16.0.0/16 is variably subnetted, 13 subnets, 3 masks
D EX 172.16.31.2/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.0/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.6/32 [170/2181376] via 10.1.1.253, 08:18:26, Vlan12
D EX 172.16.31.4/30 [170/2181376] via 10.1.1.253, 08:18:26, Vlan12
D EX 172.16.31.10/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.8/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.14/32 [170/2181376] via 10.1.1.253, 2d02h, Vlan12
D EX 172.16.31.12/30 [170/2181376] via 10.1.1.253, 2d02h, Vlan12
D EX 172.16.31.18/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.16/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.22/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.20/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 172.16.31.24/29 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
172.19.0.0/24 is subnetted, 1 subnets
D EX 172.19.70.0 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
172.22.0.0/24 is subnetted, 1 subnets
D EX 172.22.73.0 [170/28416] via 10.1.1.253, 1w2d, Vlan12
192.168.11.0/30 is subnetted, 1 subnets
C 192.168.11.0 is directly connected, GigabitEthernet0/24
10.0.0.0/8 is variably subnetted, 20 subnets, 4 masks
D EX 10.0.8.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 10.0.9.0/24 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
C 10.3.1.0/24 is directly connected, Vlan20
D EX 10.0.2.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D 10.2.1.0/24 [90/3072] via 192.168.11.1, 1w2d, GigabitEthernet0/24
D EX 10.0.3.0/24 [170/2181376] via 10.1.1.253, 08:18:27, Vlan12
C 10.1.1.0/24 is directly connected, Vlan12
C 10.0.1.0/24 is directly connected, Vlan5
D EX 10.0.6.0/24 [170/28416] via 10.1.1.253, 1w2d, Vlan12
D EX 10.0.7.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 10.0.4.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX 10.0.5.0/24 [170/2181376] via 10.1.1.253, 2d02h, Vlan12
D EX 10.2.0.56/32 [170/1683712] via 10.1.1.253, 1d14h, Vlan12
D EX 10.2.0.58/32 [170/1683712] via 10.1.1.253, 01:11:53, Vlan12
D EX 10.2.0.60/32 [170/1683712] via 10.1.1.253, 11:26:52, Vlan12
D EX 10.2.0.61/32 [170/1683712] via 10.1.1.253, 00:16:16, Vlan12
D EX 10.2.0.62/32 [170/1683712] via 10.1.1.253, 00:21:16, Vlan12
D EX 10.0.200.0/30 [170/28672] via 10.1.1.253, 1w2d, Vlan12
D 10.0.200.8/29 [90/28416] via 10.1.1.253, 1w2d, Vlan12
D EX 10.0.200.16/29 [170/28416] via 10.1.1.253, 1w2d, Vlan12
C 192.168.22.0/24 is directly connected, Vlan4
D*EX 0.0.0.0/0 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
C 192.168.24.0/23 is directly connected, Vlan6
C 192.168.20.0/23 is directly connected, Vlan3
D 192.168.0.0/22 [90/3072] via 192.168.11.1, 1w2d, GigabitEthernet0/24
#
08-23-2014 10:39 AM
Thanks for posting configs from both devices. I confess that I have looked only very lightly at the config from the core - mostly because I think I see several things on the router that are problematic. If we address those issues and it is still not working then maybe we need to look harder at the core.
The first thing that I see is that you are running EIGRP on Gig0/0 and I do not understand why?
The next thing that I see is that BGP is not advertising network 10.0.1.0. The router is learning that route via EIGRP. But BGP is only advertising connected and static routes, neither of which includes 10.0.1.0. So how is the remote site supposed to learn the route to 10.0.1.0?
The next thing that I see is that the router is learning a default route via BGP from the remote site. Given what I thought I understood from the diagram that does not seem to be right.
Address these things. If it still is not working then please post updated config of the MPLS router, plus its routing table. It might also be quite helpful to see similar information from the remote site at the time that it is experiencing the problem.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: