Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2831
Views
0
Helpful
1
Replies

Set up DIA internet provided from service provider

brettp
Level 1
Level 1

‎08-04-2014 11:42 AM - edited ‎03-04-2019 11:28 PM

Hello,
I really need some assistance in setting up DIA on a new-ish 100MB site-to-site MPLS install at a DR site. We have a Cisco 2951 installed on site to handle routing for MPLS with BGP. The SP is also providing DIA on the same line and I’ve never handled an install like this before. I’m changing IP’s just because…

We have Fiber coming in from the Service Provider in to interface 0/0/0 and all that’s set there is the port is active and set statically to 100/full as they required. There are 2 sub-interfaces for this port.
The first sub int is at G0/0/0.1 with an IP of 207.207.207.206/30 and encapsulation dot1q applied with an AS number supplied by them, and it’s next hop is 207.207.207.205.
Sub interface 2 is G0/0/0.2 and this is for BGP. It’s IP address 216.216.216.98/30 with it’s neighbor at 216.216.216.97 with encapsulation applied as well. This part of the set up is up and communicating correctly.
I also have interfaces set up to communicate with 2 inside interfaces that directly connect to a Cisco 3560G, that has routing enabled for a few subnets I run inside my rack. Int G0/0 is 192.168.10.0/24 and this is VLAN 10. Int g0/1 is 192.168.20.0/24 as the SP set up this site with a “20” VLAN, so I’m using this subnet as well because if I don’t, I lose connection from this site and the main site. VLAN 10 is hidden with NAT over there as we also have a VLAN 10 at our main site and some things over lap between sites on purpose, in case I need to bring up servers in an emergency to serve a couple web sites.

This next part is where I’m confused. The vendor supplied a 3rd IP address for DIA and I was told to apply this to another interface on the router with an IP of 65.65.65.250/28, and directly connect it to an “outside” interface on a firewall with an IP of 65.65.65.251. Then connect another interface on the firewall to the inside interface and I’m putting an IP address on this of 192.168.10.254/24. When setting up the router, my default gateway is 207.207.207.205 and on the firewall the next hop is 65.65.65.251 like I mentioned. Right now I can ping out to the ‘net from the firewall and from the router, but nothing from an inside server on that 10 VLAN sees the ‘net.

I’ve read a few things where I have to have VLANs to get this to work. I’ve also read where VRF’s are the solution. I don’t know either way as this is my first time, and first site, setting this up. Is there someone who can help with command structure to get this functional? Below are some of my configurations for my router and my switch where things are connected. I’m not going to include any firewall configs as I don’t believe it’s relevant but will if requested. I really hope someone can help as this just has my brain twisted on setting it up.

Thank you very much in advance,
Brett

Router interfaces:
interface GigabitEthernet0/0
 ip address 192.168.10.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.20.254 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0/0
 no ip address
 duplex full
 speed 100
 media-type sfp
!
interface GigabitEthernet0/0/0.1
 encapsulation dot1Q 1900
 ip address 207.207.207.206 255.255.255.252
!
interface GigabitEthernet0/0/0.2
 encapsulation dot1Q 1901
 ip address 216.216.216.98 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1/0
 ip address 65.65.65.250 255.255.255.248
 duplex auto
 speed auto
 media-type rj45
!
router bgp 5000
 bgp log-neighbor-changes
 redistribute connected
 redistribute static
 neighbor 216.216.216.98 remote-as 2000
!
ip default-gateway 207.207.207.205
!
ip route 0.0.0.0 0.0.0.0 207.207.207.205

Switch configuration:
!
interface GigabitEthernet0/1
 description uplink to router 10 VLAN
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/25
 description uplink to router 20 VLAN
 switchport access vlan 20
 switchport mode access
 switchport nonegotiate
!
interface Vlan10
 ip address 192.168.10.250 255.255.255.0
!
interface Vlan20
 ip address 192.168.20.250 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.10.8 (This is the inside interface IP address of my firewall. I’ve also had this set as the default gateway IP address of the router [207.207.207.205] and the ip address supplied by the SP [65.65.65.250] during testing but it still isn’t working)

Labels:
0 Helpful
1 Reply 1

Earl Granger IV
Level 1
Level 1

‎08-08-2014 07:25 AM

Create VRF's for each dot1q tag and seperate them all. Then create a trunk to the downstream switch for the inside.  Associate each vrf with an inside vlan, that involves subinterfacing the interface going to your switch to the inside.

 

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card