[c-nsp] MPLS/DIA on same CPE
Scott Miller
scott at ip-routing.net
Tue Jun 19 15:48:04 EDT 2018
I'm trying to come up with a config for have both MPLS (within a vrf) and
DIA on the same router,. I have what I thought would work all lab'd up,
but it's not all the way there and i'm not sure what i'm missing, or if it
will even work this way.
All Cisco equipment: (configs attached)
cust-switch <--> 3825 <--> ME3600 <--> 3825 <--> cust-switch
the switch(s) have an ip address within vlan 100 .254 repectively
I can see the subnet from the neighboring device in the vrf routing table,
an can ping .2 (local to the router, on FE0/0/0) but can not ping .254 from
remote side.
Anyone able to give this a once-over would be greatly appreciated.
-------------- next part --------------
Cisco 3825 with a 2 port FE WIC card, attached to a 48 port switch. Fe0/0/0 and GigabitEthernet0/0.100 all on vlan 100
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service sequence-numbers
!
hostname Site-B-WF
!
boot-start-marker
boot system flash:c3825-adventerprisek9-mz.151-4.M10.bin
boot-end-marker
!
!
!
aaa new-model
!
!
!
!
aaa session-id common
!
clock timezone MST -7 0
clock summer-time MDT recurring
!
dot11 syslog
no ip source-route
!
ip vrf mpls-vpn
description MPLS VPN
rd 18897:200
!
ip cef
!
!
ip dhcp excluded-address 192.168.11.1 192.168.11.99
ip dhcp excluded-address 192.168.11.161 192.168.11.254
!
ip dhcp pool Computers
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
dns-server 216.211.190.3 9.9.9.9
!
ip dhcp pool Phones
network 192.168.12.0 255.255.255.0
default-router 192.168.12.1
dns-server 216.211.190.3 9.9.9.9
!
ip dhcp pool Wireless
network 10.11.100.0 255.255.255.0
default-router 10.11.100.1
dns-server 216.211.190.3 9.9.9.9
lease 0 2
!
ip dhcp pool Tennant
network 192.168.150.0 255.255.255.0
default-router 192.168.150.1
dns-server 216.211.190.3 9.9.9.9
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.11.254.121 255.255.255.255
no ip redirects
no ip proxy-arp
ip flow ingress
ip ospf network point-to-point
!
interface Null0
no ip unreachables
no ipv6 unreachables
!
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.100
description Computers
encapsulation dot1Q 100
ip address 192.168.11.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.200
description Phones
encapsulation dot1Q 200
ip address 192.168.12.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.300
description Wireless
encapsulation dot1Q 300
ip address 10.11.100.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.400
description Tennant
encapsulation dot1Q 400
ip address 192.168.150.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
mtu 9216
no ip address
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip ospf network point-to-point
ip ospf mtu-ignore
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.3595
description Data WAN
encapsulation dot1Q 3595
ip address 208.123.206.226 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.3602
description MPLS WAN
encapsulation dot1Q 3602
ip vrf forwarding mpls-vpn
ip address 10.10.10.2 255.255.255.252
ip virtual-reassembly in
!
interface FastEthernet0/0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0/0.100
encapsulation dot1Q 100
ip vrf forwarding mpls-vpn
ip address 192.168.11.2 255.255.255.0
!
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65001
bgp router-id 10.11.254.121
bgp log-neighbor-changes
neighbor 10.10.10.1 remote-as 65001
neighbor 208.123.206.225 remote-as 18897
!
address-family ipv4
network 10.10.10.0 mask 255.255.255.252
network 192.168.16.0
network 208.123.206.224 mask 255.255.255.248
redistribute connected
no neighbor 10.10.10.1 activate
neighbor 208.123.206.225 activate
neighbor 208.123.206.225 soft-reconfiguration inbound
neighbor 208.123.206.225 prefix-list AS-65001-net out
exit-address-family
!
address-family ipv4 vrf mpls-vpn
network 10.10.10.0 mask 255.255.255.252
network 192.168.11.0
neighbor 10.10.10.1 remote-as 18897
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 soft-reconfiguration inbound
neighbor 10.10.10.1 prefix-list AS-65001-vrf out
exit-address-family
!
ip default-gateway 208.123.206.225
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 150 interface GigabitEthernet0/1.3595 overload
ip route 0.0.0.0 0.0.0.0 208.123.206.225
!
ip prefix-list AS-65001-net seq 6 permit 208.123.206.224/29
ip prefix-list AS-65001-net seq 10 permit 10.11.254.121/32
!
ip prefix-list AS-65001-vrf seq 10 permit 192.168.11.0/24
ip prefix-list AS-65001-vrf seq 20 permit 10.10.10.0/30
!
ip prefix-list default-only seq 5 permit 0.0.0.0/0
access-list 150 remark Network Address Translation
access-list 150 permit ip 192.168.11.0 0.0.0.255 any
access-list 150 permit ip 192.168.12.0 0.0.0.255 any
access-list 151 permit ip 192.168.11.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 151 permit ip 192.168.12.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 151 permit ip 192.168.11.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 151 permit ip 192.168.12.0 0.0.0.255 192.168.17.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
line con 0
session-timeout 30
exec-timeout 60 0
logging synchronous
line aux 0
session-timeout 30
exec-timeout 60 0
logging synchronous
no exec
transport input all
line vty 0 4
session-timeout 30
exec-timeout 60 0
privilege level 15
logging synchronous
transport input all
line vty 5 15
session-timeout 30
exec-timeout 60 0
logging synchronous
transport input all
!
scheduler allocate 20000 1000
Site-B-WF#
Site-B-WF#show ip route vrf mpls-vpn
Routing Table: mpls-vpn
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.10.0/30 is directly connected, GigabitEthernet0/1.3602
L 10.10.10.2/32 is directly connected, GigabitEthernet0/1.3602
B 10.10.10.4/30 [20/0] via 10.10.10.1, 3d12h
192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.11.0/24 is directly connected, FastEthernet0/0/0.100
L 192.168.11.2/32 is directly connected, FastEthernet0/0/0.100
B 192.168.16.0/24 [20/0] via 10.10.10.1, 15:52:26
-------------- next part --------------
Cisco 3825 with a 2 port FE WIC card, attached to a 48 port switch. Fe0/0/0 and GigabitEthernet0/1.100 all on vlan 100
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Site-A-KAL
!
boot-start-marker
boot system flash:c3825-adventerprisek9-mz.151-4.M10.bin
boot-end-marker
!
!
!
aaa new-model
!
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
ip vrf mpls-vpn
description MPLS VPN
rd 18897:200
!
ip cef
!
!
ip dhcp excluded-address 192.168.16.1 192.168.16.99
ip dhcp excluded-address 192.168.16.161 192.168.16.254
ip dhcp excluded-address 192.168.17.1 192.168.17.99
ip dhcp excluded-address 192.168.17.161 192.168.17.254
!
ip dhcp pool Computers
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 216.211.190.3 9.9.9.9
!
ip dhcp pool Sip-Phones
network 192.168.17.0 255.255.255.0
default-router 192.168.17.1
dns-server 216.211.190.3 9.9.9.9
!
ip dhcp pool Customer-Wireless
network 10.11.100.0 255.255.255.0
default-router 10.11.100.1
dns-server 216.211.190.3 9.9.9.9
lease 0 2
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.11.254.122 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type sfp
negotiation auto
!
interface GigabitEthernet0/0.3627
description DIA WAN
encapsulation dot1Q 3627
ip address 208.123.206.234 255.255.255.248
ip virtual-reassembly in
!
interface GigabitEthernet0/0.3628
description MPLS WAN
encapsulation dot1Q 3628
ip vrf forwarding mpls-vpn
ip address 10.10.10.6 255.255.255.252
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.100
description Computers
encapsulation dot1Q 100
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.200
description VOIP Phones
encapsulation dot1Q 200
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.300
description "Customer Wireless Network"
encapsulation dot1Q 300
ip address 10.11.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/0/0
ip vrf forwarding mpls-vpn
ip address 192.168.16.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 65001
bgp router-id 10.11.254.122
bgp log-neighbor-changes
neighbor 208.123.206.233 remote-as 18897
!
address-family ipv4
redistribute connected
neighbor 208.123.206.233 activate
neighbor 208.123.206.233 soft-reconfiguration inbound
neighbor 208.123.206.233 prefix-list default-only in
neighbor 208.123.206.233 prefix-list AS-65001-net out
exit-address-family
!
address-family ipv4 vrf mpls-vpn
network 10.10.10.4 mask 255.255.255.252
network 192.168.16.0
neighbor 10.10.10.5 remote-as 18897
neighbor 10.10.10.5 activate
neighbor 10.10.10.5 soft-reconfiguration inbound
neighbor 10.10.10.5 prefix-list AS-65001-vrf out
exit-address-family
!
ip default-gateway 208.123.206.233
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list 150 interface GigabitEthernet0/0.3627 overload
ip route 0.0.0.0 0.0.0.0 208.123.206.233
!
!
ip prefix-list AS-65001-net seq 6 permit 208.123.206.232/29
ip prefix-list AS-65001-net seq 10 permit 10.11.254.122/32
!
ip prefix-list AS-65001-vrf seq 10 permit 192.168.16.0/24
ip prefix-list AS-65001-vrf seq 20 permit 10.10.10.4/30
!
ip prefix-list default-only seq 5 permit 0.0.0.0/0
access-list 150 remark Network Address Translation
access-list 150 permit ip 192.168.16.0 0.0.0.255 any
access-list 150 permit ip 192.168.17.0 0.0.0.255 any
access-list 150 permit ip 10.11.100.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
line con 0
session-timeout 30
exec-timeout 60 0
logging synchronous
line aux 0
session-timeout 30
exec-timeout 60 0
logging synchronous
no exec
transport input all
line vty 0 4
session-timeout 30
exec-timeout 60 0
privilege level 15
logging synchronous
transport input all
!
scheduler allocate 20000 1000
Site-A-KAL#show ip route vrf mpls-vpn
Routing Table: mpls-vpn
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.10.10.0/30 [20/0] via 10.10.10.5, 3d12h
C 10.10.10.4/30 is directly connected, GigabitEthernet0/0.3628
L 10.10.10.6/32 is directly connected, GigabitEthernet0/0.3628
B 192.168.11.0/24 [20/0] via 10.10.10.5, 15:06:51
192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.16.0/24 is directly connected, FastEthernet0/0/0
L 192.168.16.2/32 is directly connected, FastEthernet0/0/0
More information about the cisco-nsp
mailing list