2013年6月30日星期日

BGP Flap?


Question:

II am pretty new to BGP and I Cisco 3560V2  just recently turned on logging for neighbor changes to troubleshoot problems.  I just noticed this today:

*Apr 12 12:41:31.514 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes
*Apr 12 12:41:31.514 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization
*Apr 12 12:41:41.744 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.xUp
*Apr 12 12:43:36.294 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes
*Apr 12 12:43:36.294 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization
*Apr 12 12:43:47.679 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up
*Apr 12 12:46:34.697 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes
*Apr 12 12:46:34.697 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization
*Apr 12 12:46:41.847 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up
*Apr 12 13:05:40.623 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x7 Down Peer closed the session
*Apr 12 13:05:48.027 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up
*Apr 12 13:06:35.655 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes
*Apr 12 13:06:35.655 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization
*Apr 12 13:06:43.379 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up
*Apr 12 13:07:18.836 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down Peer closed the session
*Apr 12 13:07:30.463 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

I looked up the 6/6 (cease) and I noticed that it is because of "configuration changes."  Would this be a config change at the next hop?  Thanks for any help!

Answer:

The router on the other side is sending this cease notification. This specific subcode is hard to interpret but is normally a sign that there is some kind of instability taking place on the peer router. If the router on the other side is yours, look at the log on that router to see what is going on. If it belongs to your SP, you need to contact them Cisco 3560X Price to find out what is going on.

2013年6月27日星期四

Static Route and BGP


Question:


My client has MPLS network WS-C3750X-48PF-S Price via eBGP to communicate with all the sites. Here is the basic config on the router.

router eigrp 65210
neighbor 192.168.1.2 remote-as 13939

When they installed the internet on the local router, and added the static route on the router to hit the internet, they need to add the static route (2nd one) to communicate to the other sites.

ip route 0.0.0.0 0.0.0.0 75.75.75.1
ip route 192.168.0.0 255.255.0.0 192.168.1.2
ip route 172.20.0.0 255.255.0.0 192.168.1.2

They want to route all the traffic out thru the local intenet besides their private networks ( 192.168.0.0/16 and 172.20.0.0/16). Are there ways not to add last two static routes and communicate the other sites via eBGP? Please advise.


Answer:

Default-originate is to originate a default route. But your requirement is to remove the static routes configured on the given router. You need to advertise 192.168.0.0/16 & 172.20.0.0/16 into the MPLS via BGP. This needs to be done on the router which has these network connected (not on the router whose configuration you have posted).

By doing this, you will start learning routes for 192.168/16 & 172.20/16 via BGP (MPLS). Then you can remove WS-C3750X-48PF-L the static routes.

2013年6月26日星期三

Cisco 1941 on gi0/0 - connected but no internet


Question:

I am new in cisco, Cisco 3560V2   please anyone can you help me how to solve this problem.
Inside the router I can ping www.google.com but the laptop is connected on interface gi0/1 is not getting internet. I don't know what I'm missing.. below is the running-config.

Current configuration : 6094 bytes
!

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RYD-TYPSA-KINGFAHAD
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
no ip cef
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
!
ip dhcp pool TYPSA-KINGFAHD
network 192.168.2.0 255.255.255.0
domain-name TYPSA-KINGFAHD
dns-server 86.51.34.17 86.51.35.18
default-router 192.168.2.1
!
!
ip domain name yourdomain.com
ip name-server 86.51.34.17
ip name-server 86.51.35.18
multilink bundle-name authenticated
!

!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description < TO | MOBILY | MPLS >$ETH-WAN$
ip address 85.194.108.202 255.255.255.252
ip access-group 199 out
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!
router bgp 65000
bgp router-id 192.168.104.202
bgp log-neighbor-changes
network 192.168.2.0
neighbor 192.168.104.201 remote-as 35819
neighbor 192.168.104.201 description < TO | MOBILY | MPLS >
!
ip default-gateway 85.194.108.201
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash
!
ip nat inside source list LAN_SUBNET interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 85.194.108.201
ip route 192.168.2.0 255.255.255.0 85.194.108.201
!
ip access-list standard LAN_SUBNET
remark CCP_ACL Category=2
permit 192.168.2.0 0.0.0.255
!
access-list 100 permit tcp any any eq 443
access-list 199 remark CCP_ACL Category=1
access-list 199 permit tcp any any
!
!
!
control-plane
!
!


!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 199 in
access-class 199 out
no login
transport input ssh
transport output ssh
line vty 5 15
login local
transport input all
!
scheduler allocate 20000 1000
end

Answer:

On G0/0 you have an outbound access list 199 which only permits TCP. If you were on a PC on the LAN side you would not be able to resolve DNS names to IP addresses (DNS uses udp). Can you ping 8.8.8.8 from your PC on the LAN?
Can you also provide a Cisco 3560X Price "show ip route" please?

2013年6月25日星期二

Cisco 1941 on gi0/0 - connected but no internet


Question:

I am new in cisco, please WS-C3750X-48PF-S Price anyone can you help me how to solve this problem.
Inside the router I can ping www.google.com but the laptop is connected on interface gi0/1 is not getting internet. I don't know what I'm missing.. below is the running-config.

Current configuration : 6094 bytes
!

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RYD-TYPSA-KINGFAHAD
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
no ip cef
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
!
ip dhcp pool TYPSA-KINGFAHD
network 192.168.2.0 255.255.255.0
domain-name TYPSA-KINGFAHD
dns-server 86.51.34.17 86.51.35.18
default-router 192.168.2.1
!
!
ip domain name yourdomain.com
ip name-server 86.51.34.17
ip name-server 86.51.35.18
multilink bundle-name authenticated
!

!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description < TO | MOBILY | MPLS >$ETH-WAN$
ip address 85.194.108.202 255.255.255.252
ip access-group 199 out
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!
router bgp 65000
bgp router-id 192.168.104.202
bgp log-neighbor-changes
network 192.168.2.0
neighbor 192.168.104.201 remote-as 35819
neighbor 192.168.104.201 description < TO | MOBILY | MPLS >
!
ip default-gateway 85.194.108.201
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash
!
ip nat inside source list LAN_SUBNET interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 85.194.108.201
ip route 192.168.2.0 255.255.255.0 85.194.108.201
!
ip access-list standard LAN_SUBNET
remark CCP_ACL Category=2
permit 192.168.2.0 0.0.0.255
!
access-list 100 permit tcp any any eq 443
access-list 199 remark CCP_ACL Category=1
access-list 199 permit tcp any any
!
!
!
control-plane
!
!


!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 199 in
access-class 199 out
no login
transport input ssh
transport output ssh
line vty 5 15
login local
transport input all
!
scheduler allocate 20000 1000
end

Answer:

On G0/0 you have an outbound access list 199 which only permits TCP. If you were on a PC on the LAN side you would not be able to resolve DNS names to IP addresses (DNS uses udp). Can you ping 8.8.8.8 from your PC on the LAN?
Can you also provide a "show ip WS-C3750X-48PF-L route" please?

2013年6月24日星期一

BPDU Guard


Question:

Could someone please tell me why WS-C3750V2-48PS-S Price the the correct answer to the question below is option A & E and why the option A & D is wrong .

Which of the following characteristics describe the BPDU Guard feature? (Choose allthat apply.)

A) A BPDU Guard port should only be configured on ports with PortFast enabled.
B) BPDU Guard and PortFast should not be enabled on the same port.
C) BPDU Guard is used to ensure that superior BPDUs are not received on a switch port.
D) A BPDU Guard port receiving a BPDU will go into err-disable state.
E) A BPDU Guard port receiving a BPDU will be disabled.
F) BPDU Guard can be enabled on any switch port.

Answer:

Looks like a typo, D & E are the same WS-C3750V2-24PS-S thing

2013年6月23日星期日

Sub interface NAT problem


Question:

I have the following on Cisco Catalyst 3560 an 1841.

PPPoE on Fast0/0 works fine and picks up ISP address.

I have assigned on the /29 address to fast0/1.2 and and created a LAN on fast0/1.1 using the native VLAN.

I can ping the /29 address from the internet and also ping the internal address from the LAN.

I added a NAT statement (inside and outside to each sub interface).

I cannot connect from the 192.168.199.0/24 network out via NAT.  Is this possible with subinterfaces?

vpdn enable

!
interface FastEthernet0/0
description PPPOE WAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.199.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 81.143.105.77 255.255.255.248
ip nat outside
ip virtual-reassembly
!
!
interface Dialer1
ip address negotiated
no ip unreachables
ip mtu 1492
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname ******
ppp chap password 0 *****
!
ip route 0.0.0.0 0.0.0.0 Dialer1 2


ip nat inside source list 10 interface FastEthernet0/1.2 overload
!
access-list 10 permit 192.168.199.0 0.0.0.255
dialer-list 1 protocol ip permit

Answer:

I have the following:



I think this is what you want to do? Anything from inside - Client_Inside will be translated to 2.2.2.1 when I try to ping R2 which has a loopback of 1.1.1.1.

So all packets that are generated from the inside will be translated with a source address of 2.2.2.1. I have added a route of 2.2.2.1 back to R1 where the loopback exists.

here are the configs:
CLIENT_INSDIE#show run
Building configuration...

Current configuration : 827 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CLIENT_INSDIE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface FastEthernet0/0
ip address dhcp
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end     

CLIENT_INSDIE#
CLIENT_INSDIE#show ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            20.0.0.101      YES DHCP   up                    up     
FastEthernet0/1            unassigned      YES unset  administratively down down  

=======================================================================

R1#show run
Building configuration...

*Mar  1 00:41:27.515: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1323 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 20.0.0.0 20.0.0.100
!
ip dhcp pool 1
   network 20.0.0.0 255.255.255.0
   default-router 20.0.0.1
!
!
no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
interface Loopback0
ip address 2.2.2.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 20.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.0.2
!
!
no ip http server
no ip http secure-server
ip nat pool test 2.2.2.1 2.2.2.1 netmask 255.255.255.252
ip nat inside source list 100 pool test overload
!
access-list 100 permit ip 20.0.0.0 0.0.0.255 any
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.2 to network 0.0.0.0

     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.1 is directly connected, Loopback0
     20.0.0.0/24 is subnetted, 1 subnets
C       20.0.0.0 is directly connected, FastEthernet0/1
     10.0.0.0/30 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [1/0] via 10.0.0.2

=======================================================================

R2#show run
Building configuration...

Current configuration : 934 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 2.2.2.1 255.255.255.255 10.0.0.1
!
!
no ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end


Now I will ping 1.1.1.1 from client router:

CLIENT_INSDIE#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/64 ms

=======================================================

R1#
*Mar  1 00:45:51.783: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [75]
*Mar  1 00:45:51.811: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [75]
*Mar  1 00:45:51.847: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [76]
*Mar  1 00:45:51.867: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [76]
*Mar  1 00:45:51.887: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [77]
*Mar  1 00:45:51.911: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [77]
*Mar  1 00:45:51.931: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [78]
*Mar  1 00:45:51.947: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [78]
*Mar  1 00:45:51.975: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [79]
*Mar  1 00:45:51.995: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [79]
R1#
*Mar  1 00:46:19.939: NAT: expiring 2.2.2.1 (20.0.0.101) icmp 14 (14)

R1#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 2.2.2.1:13        20.0.0.101:13      1.1.1.1:13         1.1.1.1:13

=======================================================

R2#
*Mar  1 00:45:24.731: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.735: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.735: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.735: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.799: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.799: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.799: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.799: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.855: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.855: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.855: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.855: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.895: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.895: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.895: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.895: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending
*Mar  1 00:45:24.939: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB
*Mar  1 00:45:24.939: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 00:45:24.939: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 00:45:24.939: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

So we are NATing the source to 2.2.2.1 which is not on the physical interface. You can also do this for sub interface.
Is this what you was trying Cisco 3560 Switch to do?

iBGP Neighbors over a Frame-Relay WAN


Question:

Ive been trying Catalyst Switches to get a lab scenario to work that i came up with on my own. Not expecting it to be so troublesome of course. I have the topology pictured below:

The only issue is that R2 cant ping R3 and vice-versa. All the routes show up in the BGP table and the routing table but both branch sites are unreachable to eachother. The only working network connectivity is from each spoke to the hub. All three routers are running BGP AS 100. the frame relay network is 63.100.200.0/29 So the frame relay cloud is all one subnet. The topology is a hub-spoke format with R1 having links between itself and the two branch routers. I believe the issue is the single subnet, but i'm not sure. R1 is acting as a route reflector. There is also next-hop-self configured since natively each branch wont know of the other's next hop. Next-hop-self wasnt working for some reason so i configured a route map to acomplish the same task. Here is my configs for each router.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
interface Loopback0
ip address 172.31.255.255 255.255.255.255
description BGP Loopback
!
interface Loopback2
ip address 172.31.1.254 255.255.255.0
description LAN Reachability Test Loopback
!
interface Serial0/0
ip address 63.100.200.1 255.255.255.248
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 63.100.200.2 102 broadcast
frame-relay map ip 63.100.200.3 103 broadcast
no frame-relay inverse-arp
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 172.31.1.0 mask 255.255.255.0
network 172.31.255.255 mask 255.255.255.255
neighbor 172.31.255.253 remote-as 100
neighbor 172.31.255.253 update-source Loopback0
neighbor 172.31.255.253 route-reflector-client
neighbor 172.31.255.253 next-hop-self
neighbor 172.31.255.253 route-map BGP-RR out
neighbor 172.31.255.254 remote-as 100
neighbor 172.31.255.254 update-source Loopback0
neighbor 172.31.255.254 route-reflector-client
neighbor 172.31.255.254 next-hop-self
neighbor 172.31.255.254 route-map BGP-RR out
no auto-summary
!
ip route 172.31.255.253 255.255.255.255 63.100.200.3
ip route 172.31.255.254 255.255.255.255 63.100.200.2
!
access-list 50 permit any
!
route-map BGP-RR permit 10
match ip address 50
set ip next-hop 172.31.255.255

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R2 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

interface Loopback0
ip address 172.31.255.254 255.255.255.255
description BGP Loopback
!
interface Loopback2
ip address 172.31.2.254 255.255.255.0
description LAN Reachability Test Loopback
!
interface Serial0/0
ip address 63.100.200.2 255.255.255.248
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 63.100.200.1 201 broadcast
no frame-relay inverse-arp
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 172.31.2.0 mask 255.255.255.0
network 172.31.255.254 mask 255.255.255.255
neighbor 172.31.255.255 remote-as 100
neighbor 172.31.255.255 update-source Loopback0
no auto-summary
!
ip route 172.31.255.255 255.255.255.255 63.100.200.1

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R3 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


interface Loopback0
ip address 172.31.255.253 255.255.255.255
description BGP Loopback
!
interface Loopback2
ip address 172.31.3.254 255.255.255.0
description LAN Reachability Test Loopback
!
interface Serial0/0
ip address 63.100.200.3 255.255.255.248
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 63.100.200.1 301 broadcast
no frame-relay inverse-arp
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 172.31.3.0 mask 255.255.255.0
network 172.31.255.253 mask 255.255.255.255
neighbor 172.31.255.255 remote-as 100
neighbor 172.31.255.255 update-source Loopback0
no auto-summary
!
ip route 172.31.255.255 255.255.255.255 63.100.200.1



Answer:

let me say again you have only  two PVCs and there is no direct PVC between R2 and R3.

So Inverse ARP cannot be of help, at the other end of the unique PVC there is the hub router.

To make things working you don't need an additional PVC, but you need to help each spoke router to solve the other spoke IP WAN address. This is made by using an additional frame-relay map statement in each spoke under the interface configuration.

So try the following:

R2

config t
interface serial 0/0
frame-relay map ip 63.100.200.3 201

R3

config t
interface ser0/0
frame-relay map ip 63.100.200.2 301


After you do this you will be able to ping from spoke to spoke and also networks behind each spoke.

You have a small issue in the forwarding plane. Cisco 3560 Price That's all