tabush
asked on
need BGP config help for a Cisco 3560 Switch
Hi
i am setting up a new ISP connection and need some help.
The ISP will give me a /24 (2.2.2.0/0) with 2 links (to 2 different routers of theirs, going out 2 different telecom circuits) and then both of those will connect to my Cisco 3560G switch. They said to use BGP to connect to them.
They are my only ISP and yes i'm only using 1 switch on my end.
Here's the setup and info they gave me:
Link 1:
ISP IP 1.1.1.209/30
My IP 1.1.1.210
My port # GigabitEthernet0/25
Link 2:
ISP IP 1.1.1.213/30
My IP 1.1.1.214
My port # GigabitEthernet0/27
AS # 65533
The IP's for my equipment are 2.2.2.0/0 (WAN IP's)
then i will have 3 different firewalls connected, each for a separate network.
GIgE0/3 will be 2.2.2.3/25
GigE0/5 2.2.2.129/28
GigE0/7 2.2.2.145/28
as of now the config i have is as follows:
----------
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname wan-primary
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
ip routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/1
description TempManIP
no switchport
ip address 192.168.37.22 255.255.255.0
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
description ToDC1FW1
no switchport
ip address 2.2.2.3 255.255.255.128
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
description ToDC1FW2
no switchport
ip address 2.2.2.129 255.255.255.240
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
description ToDC1FW3
no switchport
ip address 2.2.2.145 255.255.255.240
!
interface GigabitEthernet0/25
description ToISP-1
no switchport
ip address 1.1.1.210 255.255.255.252
!
interface GigabitEthernet0/26
description ToISP-2
no switchport
ip address 1.1.1.214 255.255.255.252
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
!
router bgp 65533
bgp log-neighbor-changes
neighbor 1.1.1.209 remote-as 65533
neighbor 1.1.1.213 remote-as 65533
no auto-summary
!
ip http server
ip http secure-server
!
!
!
logging esm config
!
!
!
line con 0
line vty 0 4
password xxxx
no login
line vty 5 15
password xxxx
no login
!
end
----------------
i have been told that a few small things are left out - can anyone help me?
again the only things i need to make sure that work are:
1. the switch can get out to the internet
2. if the link on G0/25 fails, it picks up via G0/27 within a few seconds
3. each of my firewalls (ports 3,5,7) can get to the internet. The firewalls will be configured 1 IP higher than the respective port, and will look at the port's IP for it's default gateway.
The ISP doesn't want to help me unless i pay them for 4 hours of labor... and I know enough to say that this doesn't take 4 hours.
thanks!!!
i am setting up a new ISP connection and need some help.
The ISP will give me a /24 (2.2.2.0/0) with 2 links (to 2 different routers of theirs, going out 2 different telecom circuits) and then both of those will connect to my Cisco 3560G switch. They said to use BGP to connect to them.
They are my only ISP and yes i'm only using 1 switch on my end.
Here's the setup and info they gave me:
Link 1:
ISP IP 1.1.1.209/30
My IP 1.1.1.210
My port # GigabitEthernet0/25
Link 2:
ISP IP 1.1.1.213/30
My IP 1.1.1.214
My port # GigabitEthernet0/27
AS # 65533
The IP's for my equipment are 2.2.2.0/0 (WAN IP's)
then i will have 3 different firewalls connected, each for a separate network.
GIgE0/3 will be 2.2.2.3/25
GigE0/5 2.2.2.129/28
GigE0/7 2.2.2.145/28
as of now the config i have is as follows:
----------
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname wan-primary
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
ip routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/1
description TempManIP
no switchport
ip address 192.168.37.22 255.255.255.0
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
description ToDC1FW1
no switchport
ip address 2.2.2.3 255.255.255.128
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
description ToDC1FW2
no switchport
ip address 2.2.2.129 255.255.255.240
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
description ToDC1FW3
no switchport
ip address 2.2.2.145 255.255.255.240
!
interface GigabitEthernet0/25
description ToISP-1
no switchport
ip address 1.1.1.210 255.255.255.252
!
interface GigabitEthernet0/26
description ToISP-2
no switchport
ip address 1.1.1.214 255.255.255.252
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
!
router bgp 65533
bgp log-neighbor-changes
neighbor 1.1.1.209 remote-as 65533
neighbor 1.1.1.213 remote-as 65533
no auto-summary
!
ip http server
ip http secure-server
!
!
!
logging esm config
!
!
!
line con 0
line vty 0 4
password xxxx
no login
line vty 5 15
password xxxx
no login
!
end
----------------
i have been told that a few small things are left out - can anyone help me?
again the only things i need to make sure that work are:
1. the switch can get out to the internet
2. if the link on G0/25 fails, it picks up via G0/27 within a few seconds
3. each of my firewalls (ports 3,5,7) can get to the internet. The firewalls will be configured 1 IP higher than the respective port, and will look at the port's IP for it's default gateway.
The ISP doesn't want to help me unless i pay them for 4 hours of labor... and I know enough to say that this doesn't take 4 hours.
thanks!!!
ASKER
They are wan IPs from the ISP, each landing on a separate router.
How many prefixes are you receiving from the ISP?
ASKER
Not sure what that means. I put in my original post everything they told me.
One /24 block of IPs for my use. 2 links to separate switches of theirs to one switch of mine
One /24 block of IPs for my use. 2 links to separate switches of theirs to one switch of mine
Are they just sending you default routes?
ASKER
Yes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How will your 3 networks connect to the internet? Is BGP only used for WAN connectivity or will this be the internet connection?
The thing with BGP is that the routes need to be in the routing table by either manually putting them there or learning them via a IGP.
So on each 3 sites, routes to the other 2 sites need to be present either by use of the network command in the BGP process or you can using the likes of OSPF to make that process easier. Remember that if you enter the routes under the BGP process always use the source command when pinging to test connectivity or you will not get a reply.
Will you be running BGP on the inside of your network? If not you will need to redistribute the BGP process into the IGP process you are using on the inside of the network.
The thing with BGP is that the routes need to be in the routing table by either manually putting them there or learning them via a IGP.
So on each 3 sites, routes to the other 2 sites need to be present either by use of the network command in the BGP process or you can using the likes of OSPF to make that process easier. Remember that if you enter the routes under the BGP process always use the source command when pinging to test connectivity or you will not get a reply.
Will you be running BGP on the inside of your network? If not you will need to redistribute the BGP process into the IGP process you are using on the inside of the network.
ASKER
I am not sending any routes, this will be my only Internet connection and all traffic will go through it.
The only reason there are 2 links is to protect us in case one of the isp's switches that we plug into fails.
Does that make sense?
The only reason there are 2 links is to protect us in case one of the isp's switches that we plug into fails.
Does that make sense?
Did they tell you which AS to put your router in and which AS the peers would be in?
ASKER
they just gave me the AS # 65533.
again this is just to give me 2 separate paths to their network for internet access so if one path goes down (either their switch is down, a fiber is cut, etc) i don't lose my connectivity.
they are my only ISP and i have no special routes.
again this is just to give me 2 separate paths to their network for internet access so if one path goes down (either their switch is down, a fiber is cut, etc) i don't lose my connectivity.
they are my only ISP and i have no special routes.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Assume 65533 is their AS. Then do I need to just create my own?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you - got their AS # and a little more googling and we got it to work.
Your welcome. I'm glad you got it working.
Link 1:
ISP IP 1.1.1.209/30
Link 2:
ISP IP 1.1.1.213/30
Are both of these service provider IP's on the same SP router or is each one on a different SP router?