WAN Serial T1 config

fusmichaelt · ‎03-07-2012

Hello.

I have a Cisco 1841 branch router with a WIC T1-DSU card. We have a MPLS through a local ISP with a T1 handoff.

The current config for our serial interface is as follows:

interface Serial0/0/0

description WAN

no ip address

encapsulation frame-relay IETF

!

interface Serial0/0/0.1 point-to-point

bandwidth 1544

ip unnumbered BVI1

frame-relay interface-dlci 16

bridge-group 1

!

interface BVI1

ip address 172.31.1.5 255.255.255.0

!

bridge 1 protocol ieee

bridge 1 route ip

I did not configure this router, so I would like to know what the logic behind this is? Do I need the BVI1 virtual interface or could I just put the IP addy on the sub-interface (what is best practice)?

Edison Ortiz · ‎03-07-2012

Can you post the entire config?

Bridge is usually configured when you have multiple interfaces part of the same bridge domain, otherwise - you are right - placing the ip address under the subinterface makes the most sense.

fusmichaelt · ‎03-08-2012

Hello Edison. Thanks for the reply. Here is my config:

!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname fus-gsvl-rtr-1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
logging console informational
logging monitor warnings
enable secret 5 //REMOVED//
!
no aaa new-model
clock timezone PST -8
clock summer-time PDT recurring
ip cef
!
!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 10.5.1.0 10.5.1.255
ip dhcp excluded-address 10.5.3.0 10.5.3.255
ip dhcp excluded-address 10.5.6.0 10.5.6.255
ip dhcp excluded-address 10.5.0.0 10.5.0.255
!
ip dhcp pool GVDHCPPOOL
   network 10.5.0.0 255.255.0.0
   dns-server 10.1.1.219
   default-router 10.5.1.231
   domain-name //REMOVED//
!
!
no ip domain lookup
ip domain name //REMOVED//
!
!
crypto pki trustpoint TP-self-signed-3024375515
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3024375515
 revocation-check none
 rsakeypair TP-self-signed-3024375515
!
!
crypto pki certificate chain TP-self-signed-3024375515
 certificate self-signed 01
  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 E59AFE4A 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 30303030 33303234 33373535 3135301E 170D3132 30333037 30303030
  30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30323433
  37353531 30303030 300D0609 2A864886 F70D0101 01050003 E59AFE4A 81890281
  8100C2FF 222F0D19 9D7D4045 31545A11 2F602DC5 3F341CDC C71FD680 1A161AB9
  BBD7FE9E 00A4C8DB E59AFE4A 3346B02F 962F9C34 215C8421 AF05B985 DDEB0175
  DB2854FB 2885B1B7 25CDC99F 6AB7C021 B1B130E4 30303030 ACFFCDAC E59AFE4A
  30303030 996D3BFA FBC84739 85EAF60B 254F8E54 D97CEF86 DFC5A5AF D0E56CF8
  2BE10203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
  551D1104 21301F82 1D667573 2D677376 6C2D7274 722D3138 34312E66 69727374
  75732E6F 7267301F 0603551D 30303030 1680148D C9615D86 2B4A994F 07CCAAA5
  E0C7F2B2 FD049830 30303030 1D0E0416 04148DC9 615D862B 4A994F07 CCAAA5E0
  C7F2B2FD 0498300D 06092A86 4886F70D 01010405 00038181 004EC94C 1C06AFE7
  DC2D6F06 0F2397D3 6553BB94 B5F4F626 5AE122AE AC52E0BA 64784E4B E560AD69
  68665185 30303030 D8FE6DDE 39BAEA55 3600E476 EA6F8FC0 C3968951 E59AFE4A
  18C5D16D F1A567B9 954DDD0D 9E955E11 B0A40581 8584818C D85EC261 F283CC56
  394D4125 77100032 418B81F6 21E7D60F F1E97FF8 30303030 3B
  quit
username //REMOVED// privilege 15 secret 5 //REMOVED//
username //REMOVED// password 7 //REMOVED//
!
!
!
!
bridge irb
!
!
interface FastEthernet0/0
 description LAN
 ip address 10.5.1.231 255.255.0.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description WAN
 no ip address
 encapsulation frame-relay IETF
!
interface Serial0/0/0.1 point-to-point
 bandwidth 1544
 ip unnumbered BVI1
 frame-relay interface-dlci 16
 bridge-group 1
!
interface BVI1
 ip address 172.31.1.5 255.255.255.0
!
router eigrp 10
 network 10.5.0.0 0.0.255.255
 network 172.31.1.0 0.0.0.255
 no auto-summary
 no eigrp log-neighbor-changes
 no eigrp log-neighbor-warnings
 neighbor 172.31.1.8 BVI1
 neighbor 172.31.1.6 BVI1
 neighbor 172.31.1.4 BVI1
 neighbor 172.31.1.3 BVI1
 neighbor 172.31.1.1 BVI1
!
no ip classless
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
logging trap warnings
logging 10.1.1.225
access-list 1 permit 10.1.2.2
access-list 1 permit 10.1.2.60
access-list 1 permit 172.31.1.1
access-list 1 permit 10.1.1.225
access-list 1 permit 10.1.1.231
snmp-server community //REMOVED// RO
snmp-server host 10.1.1.225 //REMOVED//
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
banner motd ^C
******************************************
* Unauthorized access prohibited
******************************************
^C
!
line con 0
 password 7 //REMOVED//
 logging synchronous
 login local
line aux 0
line vty 0 4
 access-class 1 in
 privilege level 15
 password 7 //REMOVED//
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 access-class 1 in
 privilege level 15
 password 7 //REMOVED//> logging synchronous
 login local
 transport input ssh
!
scheduler allocate 20000 1000
end

Richard Burts · ‎03-08-2012

Michael

Thanks for posting the router config. I find it very strange. It does configure IRB which does allow you to configure both bridging and routing of IP on the router. But the only interface assigned a bridge group is the serial interface. Based on that I would think that you could remove the IRB part of the config, remove the bridge group, and move the IP address to the serial interface/subinterface.

But the router eigrp has neighbor statements that imply that the router can communicate with 5 neighbor routers which is quite odd considering that the serial subinterface is point to point, which usually means a single neighbor. Can you tell us anything about what the serial is connected to? If this is actually some kind of multi point Frame Relay connection it might have negative impacts to change the serial without understanding the environment a bit better.

HTH

Rick

HTH

Rick

fusmichaelt · ‎03-08-2012

Hi Rick.

The serial interface ties into our MPLS through our ISP. I do not know exactly how the MPLS equipment is setup because this is handled by our ISP? We have 6 locations, 2 of which have T1 hand-offs and the other 4 have MRV devices which provide an ethernet hand-off.

I did inherit this and not having much expereince with MPLS, I just don't know if this is configured correctly.

Any advice or suggestions would be appreciated.

Richard Burts · ‎03-09-2012

Michael

I am not sure what to tell you about this configuration. If you do move the IP address to the serial subinterface and remove the BVI, the bridge group, and IRB then I would believe that your router would expect to have only a single EIGRP neighbor over the point to point subinterface. I am not sure what it would do if it received EIGRP hello messages from 5 neighbors on that interface. It might work but it might also break.

So my advise is to go cautiously. You might try to find out more about how the MPLS is set up and working at the ISP. And you might ask if they know anything about the configuration of your router using IRB, BVI, bridge group (perhaps they were the ones who suggested this in the first place).

HTH

Rick

HTH

Rick

fusmichaelt · ‎03-09-2012

Hi Rick. I have opened a ticket with our ISP.

Thanks for your help and advice. It's much appreciated!