Set up DIA internet provided from service provider
Hello, I really need some assistance in setting up DIA on a new-ish 100MB site-to-site MPLS install at a DR site. We have a Cisco 2951 installed on site to handle routing for MPLS with BGP. The SP is also providing DIA on the same line and I’ve never handled an install like this before. I’m changing IP’s just because…
We have Fiber coming in from the Service Provider in to interface 0/0/0 and all that’s set there is the port is active and set statically to 100/full as they required. There are 2 sub-interfaces for this port. The first sub int is at G0/0/0.1 with an IP of 22.214.171.124/30 and encapsulation dot1q applied with an AS number supplied by them, and it’s next hop is 126.96.36.199. Sub interface 2 is G0/0/0.2 and this is for BGP. It’s IP address 188.8.131.52/30 with it’s neighbor at 184.108.40.206 with encapsulation applied as well. This part of the set up is up and communicating correctly. I also have interfaces set up to communicate with 2 inside interfaces that directly connect to a Cisco 3560G, that has routing enabled for a few subnets I run inside my rack. Int G0/0 is 192.168.10.0/24 and this is VLAN 10. Int g0/1 is 192.168.20.0/24 as the SP set up this site with a “20” VLAN, so I’m using this subnet as well because if I don’t, I lose connection from this site and the main site. VLAN 10 is hidden with NAT over there as we also have a VLAN 10 at our main site and some things over lap between sites on purpose, in case I need to bring up servers in an emergency to serve a couple web sites.
This next part is where I’m confused. The vendor supplied a 3rd IP address for DIA and I was told to apply this to another interface on the router with an IP of 220.127.116.11/28, and directly connect it to an “outside” interface on a firewall with an IP of 18.104.22.168. Then connect another interface on the firewall to the inside interface and I’m putting an IP address on this of 192.168.10.254/24. When setting up the router, my default gateway is 22.214.171.124 and on the firewall the next hop is 126.96.36.199 like I mentioned. Right now I can ping out to the ‘net from the firewall and from the router, but nothing from an inside server on that 10 VLAN sees the ‘net.
I’ve read a few things where I have to have VLANs to get this to work. I’ve also read where VRF’s are the solution. I don’t know either way as this is my first time, and first site, setting this up. Is there someone who can help with command structure to get this functional? Below are some of my configurations for my router and my switch where things are connected. I’m not going to include any firewall configs as I don’t believe it’s relevant but will if requested. I really hope someone can help as this just has my brain twisted on setting it up.
Thank you very much in advance, Brett
Router interfaces: interface GigabitEthernet0/0 ip address 192.168.10.10 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.20.254 255.255.255.0 duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0/0 no ip address duplex full speed 100 media-type sfp ! interface GigabitEthernet0/0/0.1 encapsulation dot1Q 1900 ip address 188.8.131.52 255.255.255.252 ! interface GigabitEthernet0/0/0.2 encapsulation dot1Q 1901 ip address 184.108.40.206 255.255.255.252 ip nat outside ip virtual-reassembly in ! interface GigabitEthernet0/1/0 ip address 220.127.116.11 255.255.255.248 duplex auto speed auto media-type rj45 ! router bgp 5000 bgp log-neighbor-changes redistribute connected redistribute static neighbor 18.104.22.168 remote-as 2000 ! ip default-gateway 22.214.171.124 ! ip route 0.0.0.0 0.0.0.0 126.96.36.199
Switch configuration: ! interface GigabitEthernet0/1 description uplink to router 10 VLAN switchport access vlan 10 switchport mode access ! interface GigabitEthernet0/25 description uplink to router 20 VLAN switchport access vlan 20 switchport mode access switchport nonegotiate ! interface Vlan10 ip address 192.168.10.250 255.255.255.0 ! interface Vlan20 ip address 192.168.20.250 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 192.168.10.8 (This is the inside interface IP address of my firewall. I’ve also had this set as the default gateway IP address of the router [188.8.131.52] and the ip address supplied by the SP [184.108.40.206] during testing but it still isn’t working)
Create VRF's for each dot1q tag and seperate them all. Then create a trunk to the downstream switch for the inside. Associate each vrf with an inside vlan, that involves subinterfacing the interface going to your switch to the inside.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...