×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Routing issue

Unanswered Question
Aug 22nd, 2014
User Badges:

This issue is more than likely something dumb that I am missing but I can not figure it out for the life of me. I am currently moving all our sites to a verizon MPLS cloud service. I turned up my first site and went live and I am unable to access any services in our datacenter. I can ping google, I can ping the outside interface of my router at the datacenter but not through it to any of my two internal vlans. From the router in the datacenter I can ping servers on both vlans fine and i can ping that router from servers in both vlans. Please help. Below is a poor map of our network. The existing managed firewall will be cut once I can get this working.

 

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jeremyNLSO Fri, 08/22/2014 - 13:14
User Badges:

Do you have any ACLs on the datacenter router? Out of curiosity, what were you using before MPLS?

 

matt deshon Fri, 08/22/2014 - 13:27
User Badges:

No I do not. We are still using the current connection. We have a hosted firewall from the datacenter and internet is provided via that firewall and all sites currently are Point to Point and connected to that firewall all of which is managed by them.

Rajeev Sharma Fri, 08/22/2014 - 13:48
User Badges:
  • Silver, 250 points or more

Hey Mj,

Need for more information, post 'show run' and 'show ip route' from both the routers.

Regards,

RS.

matt deshon Fri, 08/22/2014 - 18:48
User Badges:

Here is the sh run and sh ip route from the datacenter router. I do not have access to the router at the site due to its after hours and i had to roll them back over to the old PTP connection which is a different router. It has a very basic setup. BGP is setup just like it is on the datacenter router minus the neighbor's address and the outside interface is the exact same minus the ip address. Verizion said that they can see that datacenter's router is advertising via BGP the VLANS im trying to access behind datacenters router but I can not ping or access an resources located there.  Site A's router does not have eigrp setup since there is only one subnet there and only about 5 host at this location. If you have any specific questions about site a's router i can tell you.  Enough of me ranting here is the config and show ip route for datacenter's router

 


!
! Last configuration change at 19:29:35 UTC Fri Aug 22 2014 by berbee
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Datacenter router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!

!
!
!
ip domain name carter.local
no ipv6 cef
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-1758853909
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1758853909
 revocation-check none
 rsakeypair TP-self-signed-1758853909
!
!
crypto pki certificate chain TP-self-signed-1758853909
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31373538 38353339 3039301E 170D3134 30333133 32323138
  33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37353838
  35333930 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100925A 128D2EE7 20898D82 5A5EB003 3F2E5C33 F7993D76 0C081C66 12BBB2D1
  7A685E38 0C5B17E2 8BCB9A54 13FDDFE3 E5C46C83 597C03BD 83E781A1 75B19D4D
  E3164CFC 1DA5EB2D 043CE991 A11A7993 7866B44B DD7B3DD5 883D36D2 E6049991
  B20617BD 677072BF B41C9816 CC08E9DF E2B0C149 36A45025 A9EF4A0C 75015E61
  FF290203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14DAD7D1 51BBC841 1A6324FA 9D14648E FD8BBB75 66301D06
  03551D0E 04160414 DAD7D151 BBC8411A 6324FA9D 14648EFD 8BBB7566 300D0609
  2A864886 F70D0101 05050003 81810044 246EC4DC DF989533 45844110 632A4F4F
  2805D2BE C34DD5E5 1C2D14E6 80DCD822 C666ACD2 8E317FB8 40A45992 E6B23E08
  45BD0076 68D621C8 D4ADA61A D1EC559F 2D39761C C90B46DC 7B47D4D0 74E8F9B5
  FE239072 6924B9FD 99E74A40 2F9B7F4A 48A5A10D 9807ED45 3C835D0B EC46E1D8
  491CB25A E5D55137 AFF139FE 4860C1
      quit
license udi pid CISCO2911/K9 sn FTX1811AK7A
!
!
username ****** privilege 15 password 0 ******
!
!
ip ssh authentication-retries 2
!

!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description Verizon MPLS
 ip address 65.249.101.126 255.255.255.252
 duplex full
 speed 100
!
interface GigabitEthernet0/1
 ip address 10.1.1.38 255.255.255.0
 ip helper-address 192.168.0.225
 duplex auto
 speed 1000
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
speed auto
!
!
router eigrp 1
 default-metric 1544 100 254 1 1500
 network 10.1.1.0 0.0.0.255
 network 65.249.101.124 0.0.0.3
!
router bgp 1
 bgp log-neighbor-changes
 redistribute connected
 redistribute static
 neighbor 65.249.101.125 remote-as 65000
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 192.168.0.0 255.255.252.0 10.1.1.253 250
!
!
!
snmp-server community
snmp-server community
snmp-server location LightBound
snmp-server contact Systems Manager
snmp-server enable traps entity-sensor threshold
snmp-server host  version 2c
!
control-plane
!
!
banner motd ^CC

!
line con 0
 password
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
privilege level 15
 password
 login local
 length 0
 transport input ssh
line vty 5 15
 privilege level 15
 password
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 65.249.101.125 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 65.249.101.125, 06:50:26
      10.0.0.0/8 is variably subnetted, 22 subnets, 5 masks
D        10.0.1.0/24 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D EX     10.0.2.0/24
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
B        10.0.2.0/25 [20/0] via 65.249.101.125, 06:50:26
B        10.0.2.128/25 [20/0] via 65.249.101.125, 06:50:26
D EX     10.0.3.0/24
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.0.4.0/24
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
EX     10.0.5.0/24
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.0.6.0/24 [170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.0.7.0/24
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.0.8.0/24
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.0.9.0/24
           [170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.0.200.0/30
           [170/28672] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D        10.0.200.8/29 [90/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.0.200.16/29
           [170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
C        10.1.1.0/24 is directly connected, GigabitEthernet0/1
L        10.1.1.38/32 is directly connected, GigabitEthernet0/1
D EX     10.2.0.56/32
           [170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.2.0.58/32
           [170/1683712] via 10.1.1.253, 00:53:48, GigabitEthernet0/1
D EX     10.2.0.60/32
           [170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     10.2.0.62/32
  [170/1683712] via 10.1.1.253, 00:03:11, GigabitEthernet0/1
D        10.2.1.0/24 [90/3328] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D        10.3.1.0/24 [90/3072] via 10.1.1.252, 06:04:36, GigabitEthernet0/1
                     [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
      63.0.0.0/32 is subnetted, 1 subnets
B        63.65.239.250 [20/0] via 65.249.101.125, 06:50:26
      65.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
B        65.249.100.112/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.100.156/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.101.4/30 [20/0] via 65.249.101.125, 06:50:26
C        65.249.101.124/30 is directly connected, GigabitEthernet0/0
L        65.249.101.126/32 is directly connected, GigabitEthernet0/0
B        65.249.102.172/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.102.200/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.102.220/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.103.52/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.104.104/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.104.176/30 [20/0] via 65.249.101.125, 06:50:26
B        65.249.104.180/30 [20/0] via 65.249.101.125, 06:50:26
      169.254.0.0/30 is subnetted, 1 subnets
D EX     169.254.254.0
           [170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
      172.16.0.0/16 is variably subnetted, 13 subnets, 3 masks
 172.16.31.0/30
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.2/32
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.4/30
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.6/32
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.8/30
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.10/32
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.12/30
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.14/32
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
B        172.16.31.16/30 [20/0] via 65.249.101.125, 06:50:26
D EX     172.16.31.18/32
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.20/30
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D EX     172.16.31.22/32
           [170/2181376] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
 172.16.31.24/29
           [170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
      172.19.0.0/24 is subnetted, 1 subnets
D EX     172.19.70.0
           [170/1683712] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
      172.22.0.0/24 is subnetted, 1 subnets
D EX     172.22.73.0 [170/28416] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
D     192.168.0.0/22 [90/3328] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D     192.168.10.0/24 [90/3328] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
      192.168.11.0/30 is subnetted, 1 subnets
D        192.168.11.0 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D     192.168.20.0/23 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D     192.168.22.0/24 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
D     192.168.24.0/23 [90/3072] via 10.1.1.251, 06:04:36, GigabitEthernet0/1
      206.246.157.0/29 is subnetted, 1 subnets
D EX     206.246.157.112
           [170/3072] via 10.1.1.253, 06:04:38, GigabitEthernet0/1
      208.205.41.0/24 is variably subnetted, 2 subnets, 2 masks
B        208.205.41.64/27 [20/0] via 65.249.101.125, 06:50:26
B        208.205.41.250/32 [20/0] via 65.249.101.125, 06:50:26

 

matt deshon Fri, 08/22/2014 - 19:03
User Badges:

Here is the show run and show ip route from our "Core" switch that is connected via port gi 0/1 on both devices. and all our internal vlans connect back too.

 


#show run
Building configuration...

Current configuration : 15964 bytes
!
! Last configuration change at 15:29:27 UTC Fri Aug 22 2014 by berbee
! NVRAM config last updated at 15:30:08 UTC Fri Aug 22 2014 by berbee
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname datacenter core switch
!
boot-start-marker
boot-end-marker
!
logging buffered 50000

!

!

no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
ip routing
!
!


ip name-server 192.168.0.225
ip multicast-routing distributed
vtp mode transparent
udld enable

!
mls qos map policed-dscp  0 24 to 8
mls qos map cos-dscp 0 8 16 24 34 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 2 4
mls qos srr-queue output cos-map queue 2 threshold 2 3
 --More--         mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 25 32 34 36
mls qos srr-queue output dscp-map queue 2 threshold 1 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24 26
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 3 400 400 100 400
mls qos queue-set output 2 threshold 2 400 400 100 400
mls qos queue-set output 1 buffers 15 20 45 20
mls qos
!
crypto pki trustpoint TP-self-signed-4275373312
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4275373312
 revocation-check none
 rsakeypair TP-self-signed-4275373312
!
!
c
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 8192
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
!
vlan internal allocation policy ascending
!
vlan 3-6
!
vlan 12
 name Voice_Servers
!
vlan 20
 name Management_VLAN
!
vlan 999
 name NATIVE_VLAN
!
!
class-map match-all POLICE_GUEST
 match access-group 11
class-map match-all VVLAN-CALL-SIGNALING
 match access-group name VVLAN-CALL-SIGNALING
class-map match-all vlan4
class-map match-all VVLAN-VOICE
 match access-group name VVLAN-VOICE
class-map match-all VVLAN-ANY
 match access-group name VVLAN-ANY
class-map match-all AGENT-DESKTOP-TRAFFIC
 match access-group name AGENT-DESKTOP-TRAFFIC
!
!
policy-map IPPHONE+PC-BASIC
 class VVLAN-VOICE
  set dscp ef
  police 512000 8000 exceed-action drop
 class VVLAN-CALL-SIGNALING
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
 class VVLAN-ANY
  set dscp default
  police 32000 8000 exceed-action policed-dscp-transmit
 class AGENT-DESKTOP-TRAFFIC
  set dscp cs3
  police 256000 8000 exceed-action policed-dscp-transmit
 class class-default
  set dscp default
  police 5000000 8000 exceed-action policed-dscp-transmit
policy-map POLICE_GUEST_VLAN4
 class POLICE_GUEST
  police 3000000 1000000 exceed-action drop
!
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface GigabitEthernet0/1
 description Datacenter router for verizon MPLS
 switchport access vlan 12
 switchport mode access
!
interface GigabitEthernet0/2
 switchport access vlan 12
 switchport mode access
!
interface GigabitEthernet0/3
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
  spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
 description connect to dell power connect
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
!
interface GigabitEthernet0/7
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
 description vCloud crossconnect
 switchport access vlan 5
switchport mode access
!
interface GigabitEthernet0/9
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
 description  ASA Managed by datacenter providor
 switchport access vlan 12
switchport mode access
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/12
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/13
 description trunk to WLC 2504
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 12
 switchport trunk allowed vlan 2-998
 switchport mode trunk
srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
!
interface GigabitEthernet0/14
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/15
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/16
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/17
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/18
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/19
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/20
 switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/21
switchport access vlan 12
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/22
 description Websense Main
 switchport access vlan 12
 shutdown
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/23
 description TRUNK TO Datacenter switch 2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 999
 switchport trunk allowed vlan 2-998,1000-4094
 switchport mode trunk
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
!
interface GigabitEthernet0/24
 description PTP to Anderson's  Core (192.168.1.0/22 subnet)
 no switchport
 ip address 192.168.11.2 255.255.255.252
 ip pim sparse-dense-mode
 srr-queue bandwidth share 1 25 70 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 mls qos trust dscp
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan3
 description Dock Wireless vLAN
 ip address 192.168.21.248 255.255.254.0
 ip helper-address 192.168.0.225
 no ip redirects
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 standby 1 ip 192.168.21.254
 standby 1 priority 110
 standby 1 preempt
!
interface Vlan4
 description Guest Wireless
 ip address 192.168.22.248 255.255.255.0
 ip helper-address 192.168.0.225
 rate-limit input 3000000 300000 3500000 conform-action transmit exceed-action drop
 rate-limit output 3000000 300000 3500000 conform-action transmit exceed-action drop
 standby 1 ip 192.168.22.254
 standby 1 priority 110
 standby 1 preempt
!
interface Vlan5
 description vcloud
 ip address 10.0.1.252 255.255.255.0
 ip helper-address 192.168.0.225
 no ip redirects
 ip pim sparse-dense-mode
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 standby 4 ip 10.0.1.1
 standby 4 priority 110
 standby 4 preempt
!
interface Vlan6
 description Wireless vLAN
 ip address 192.168.25.254 255.255.254.0
 ip helper-address 192.168.0.225
 no ip redirects
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
!
interface Vlan12
 description Voice Server Subnet
 ip address 10.1.1.251 255.255.255.0
 ip helper-address 192.168.0.225
 no ip redirects
 no ip proxy-arp
 ip pim dr-priority 10
 ip pim sparse-dense-mode
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 standby 1 ip 10.1.1.254
 standby 1 priority 110
standby 1 preempt
!
interface Vlan20
 description Management VLAN
 ip address 10.3.1.251 255.255.255.0
 no ip redirects
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
!
!
router eigrp 1
 default-metric 1544 100 254 1 1500
 network 10.0.1.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 network 10.3.1.0 0.0.0.255
 network 192.168.11.0 0.0.0.3
 network 192.168.20.0 0.0.1.255
 network 192.168.22.0
 network 192.168.24.0 0.0.1.255
 redistribute static route-map redis_static
 passive-interface default
 no passive-interface GigabitEthernet0/24
 no passive-interface Vlan20
 no passive-interface Vlan12
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.253 250
ip route 10.2.1.0 255.255.255.0 10.1.1.253 250
ip route 192.168.0.0 255.255.252.0 10.1.1.253 250
ip route 192.168.10.0 255.255.255.0 10.1.1.253 250
ip route 192.168.20.0 255.255.254.0 10.1.1.253 250
ip route 192.168.22.0 255.255.255.0 10.1.1.253 250
ip route 192.168.24.0 255.255.254.0 10.1.1.253 250
!
ip http server
ip http secure-server
ip pim rp-address 10.1.1.251 PIM_SPARSE
!
ip access-list standard PIM_SPARSE
 permit 239.0.1.2
!
ip access-list extended AGENT-DESKTOP-TRAFFIC
 permit tcp 192.168.0.0 0.0.3.255 any eq 42028
 permit tcp 192.168.0.0 0.0.3.255 any eq 59020
ip access-list extended VVLAN-ANY
 permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended VVLAN-CALL-SIGNALING
 permit tcp 10.1.1.0 0.0.0.255 any range 2000 2002
 permit udp 10.1.1.0 0.0.0.255 any eq 5060
 permit tcp 10.1.1.0 0.0.0.255 any eq 5060
 permit tcp 10.1.1.0 0.0.0.255 any range 11000 11999
 permit udp 10.1.1.0 0.0.0.255 any eq 2427
 permit udp 10.1.1.0 0.0.0.255 any eq 2428
 permit tcp 10.1.1.0 0.0.0.255 any eq 1720
ip access-list extended VVLAN-VOICE
 permit udp 10.1.1.0 0.0.0.255 any range 16384 32767
!
ip sla enable reaction-alerts
access-list 10 permit 0.0.0.0
access-list 11 permit 192.168.22.0
access-list 199 permit icmp host 192.168.2.1 any log
access-list 199 permit ip any any
route-map redis_static permit 10
 match ip address 10
!
!

snmp-server location Server Room
snmp-server contact Systems Manager
!

line con 0
line vty 0 4
 password
 login local
 length 0
line vty 5 15
 password
 login local
!
ntp clock-period 36027495
ntp source Vlan12
ntp server 67.222.149.177
ntp server 216.184.20.83
ntp server 155.101.3.114
end

#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.1.253 to network 0.0.0.0

     169.254.0.0/30 is subnetted, 1 subnets
D EX    169.254.254.0 [170/28416] via 10.1.1.253, 1w2d, Vlan12
     65.0.0.0/30 is subnetted, 1 subnets
D       65.249.101.124 [90/28416] via 10.1.1.38, 06:22:40, Vlan12
D    192.168.10.0/24 [90/3072] via 192.168.11.1, 1w2d, GigabitEthernet0/24
     206.246.157.0/29 is subnetted, 1 subnets
D EX    206.246.157.112 [170/3072] via 10.1.1.253, 1w2d, Vlan12
     172.16.0.0/16 is variably subnetted, 13 subnets, 3 masks
D EX    172.16.31.2/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.0/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.6/32 [170/2181376] via 10.1.1.253, 08:18:26, Vlan12
D EX    172.16.31.4/30 [170/2181376] via 10.1.1.253, 08:18:26, Vlan12
D EX    172.16.31.10/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.8/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.14/32 [170/2181376] via 10.1.1.253, 2d02h, Vlan12
D EX    172.16.31.12/30 [170/2181376] via 10.1.1.253, 2d02h, Vlan12
D EX    172.16.31.18/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.16/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.22/32 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.20/30 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    172.16.31.24/29 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
     172.19.0.0/24 is subnetted, 1 subnets
D EX    172.19.70.0 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
     172.22.0.0/24 is subnetted, 1 subnets
D EX    172.22.73.0 [170/28416] via 10.1.1.253, 1w2d, Vlan12
     192.168.11.0/30 is subnetted, 1 subnets
C       192.168.11.0 is directly connected, GigabitEthernet0/24
     10.0.0.0/8 is variably subnetted, 20 subnets, 4 masks
D EX    10.0.8.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    10.0.9.0/24 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
C       10.3.1.0/24 is directly connected, Vlan20
D EX    10.0.2.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D       10.2.1.0/24 [90/3072] via 192.168.11.1, 1w2d, GigabitEthernet0/24
D EX    10.0.3.0/24 [170/2181376] via 10.1.1.253, 08:18:27, Vlan12
C       10.1.1.0/24 is directly connected, Vlan12
C       10.0.1.0/24 is directly connected, Vlan5
D EX    10.0.6.0/24 [170/28416] via 10.1.1.253, 1w2d, Vlan12
D EX    10.0.7.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    10.0.4.0/24 [170/2181376] via 10.1.1.253, 1w2d, Vlan12
D EX    10.0.5.0/24 [170/2181376] via 10.1.1.253, 2d02h, Vlan12
D EX    10.2.0.56/32 [170/1683712] via 10.1.1.253, 1d14h, Vlan12
D EX    10.2.0.58/32 [170/1683712] via 10.1.1.253, 01:11:53, Vlan12
D EX    10.2.0.60/32 [170/1683712] via 10.1.1.253, 11:26:52, Vlan12
D EX    10.2.0.61/32 [170/1683712] via 10.1.1.253, 00:16:16, Vlan12
D EX    10.2.0.62/32 [170/1683712] via 10.1.1.253, 00:21:16, Vlan12
D EX    10.0.200.0/30 [170/28672] via 10.1.1.253, 1w2d, Vlan12
D       10.0.200.8/29 [90/28416] via 10.1.1.253, 1w2d, Vlan12
D EX    10.0.200.16/29 [170/28416] via 10.1.1.253, 1w2d, Vlan12
C    192.168.22.0/24 is directly connected, Vlan4
D*EX 0.0.0.0/0 [170/1683712] via 10.1.1.253, 1w2d, Vlan12
C    192.168.24.0/23 is directly connected, Vlan6
C    192.168.20.0/23 is directly connected, Vlan3
D    192.168.0.0/22 [90/3072] via 192.168.11.1, 1w2d, GigabitEthernet0/24
#

 

 

Richard Burts Sat, 08/23/2014 - 10:39
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thanks for posting configs from both devices. I confess that I have looked only very lightly at the config from the core - mostly because I think I see several things on the router that are problematic. If we address those issues and it is still not working then maybe we need to look harder at the core.

 

The first thing that I see is that you are running EIGRP on Gig0/0 and I do not understand why?

 

The next thing that I see is that BGP is not advertising network 10.0.1.0. The router is learning that route via EIGRP. But BGP is only advertising connected and static routes, neither of which includes 10.0.1.0. So how is the remote site supposed to learn the route to 10.0.1.0?

 

The next thing that I see is that the router is learning a default route via BGP from the remote site. Given what I thought I understood from the diagram that does not seem to be right.

 

Address these things. If it still is not working then please post updated config of the MPLS router, plus its routing table. It might also be quite helpful to see similar information from the remote site at the time that it is experiencing the problem.

 

HTH

 

Rick

Actions

This Discussion