BGP Flap?

Question:

II am pretty new to BGP and I Cisco 3560V2  just recently turned on logging for neighbor changes to troubleshoot problems.  I just noticed this today:

*Apr 12 12:41:31.514 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes

*Apr 12 12:41:31.514 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization

*Apr 12 12:41:41.744 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.xUp

*Apr 12 12:43:36.294 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes

*Apr 12 12:43:36.294 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization

*Apr 12 12:43:47.679 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

*Apr 12 12:46:34.697 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes

*Apr 12 12:46:34.697 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization

*Apr 12 12:46:41.847 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

*Apr 12 13:05:40.623 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x7 Down Peer closed the session

*Apr 12 13:05:48.027 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

*Apr 12 13:06:35.655 CDT: %BGP-3-NOTIFICATION: received from neighbor x.x.x.x 6/6 (cease) 0 bytes

*Apr 12 13:06:35.655 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP protocol initialization

*Apr 12 13:06:43.379 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

*Apr 12 13:07:18.836 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down Peer closed the session

*Apr 12 13:07:30.463 CDT: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

I looked up the 6/6 (cease) and I noticed that it is because of "configuration changes."  Would this be a config change at the next hop?  Thanks for any help!

Answer:

The router on the other side is sending this cease notification. This specific subcode is hard to interpret but is normally a sign that there is some kind of instability taking place on the peer router. If the router on the other side is yours, look at the log on that router to see what is going on. If it belongs to your SP, you need to contact them Cisco 3560X Price to find out what is going on.

Static Route and BGP

Question:

My client has MPLS network WS-C3750X-48PF-S Price via eBGP to communicate with all the sites. Here is the basic config on the router.

router eigrp 65210

neighbor 192.168.1.2 remote-as 13939

When they installed the internet on the local router, and added the static route on the router to hit the internet, they need to add the static route (2nd one) to communicate to the other sites.

ip route 0.0.0.0 0.0.0.0 75.75.75.1

ip route 192.168.0.0 255.255.0.0 192.168.1.2

ip route 172.20.0.0 255.255.0.0 192.168.1.2

They want to route all the traffic out thru the local intenet besides their private networks ( 192.168.0.0/16 and 172.20.0.0/16). Are there ways not to add last two static routes and communicate the other sites via eBGP? Please advise.

Answer:

Default-originate is to originate a default route. But your requirement is to remove the static routes configured on the given router. You need to advertise 192.168.0.0/16 & 172.20.0.0/16 into the MPLS via BGP. This needs to be done on the router which has these network connected (not on the router whose configuration you have posted).

By doing this, you will start learning routes for 192.168/16 & 172.20/16 via BGP (MPLS). Then you can remove WS-C3750X-48PF-L the static routes.

Cisco 1941 on gi0/0 - connected but no internet

Question:

I am new in cisco, Cisco 3560V2   please anyone can you help me how to solve this problem.

Inside the router I can ping www.google.com but the laptop is connected on interface gi0/1 is not getting internet. I don't know what I'm missing.. below is the running-config.

Current configuration : 6094 bytes

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RYD-TYPSA-KINGFAHAD

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

no ipv6 cef

ip source-route

no ip cef

!

!

!

ip dhcp excluded-address 192.168.2.1 192.168.2.10

!

ip dhcp pool TYPSA-KINGFAHD

network 192.168.2.0 255.255.255.0

domain-name TYPSA-KINGFAHD

dns-server 86.51.34.17 86.51.35.18

default-router 192.168.2.1

!

!

ip domain name yourdomain.com

ip name-server 86.51.34.17

ip name-server 86.51.35.18

multilink bundle-name authenticated

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description < TO | MOBILY | MPLS >$ETH-WAN$

ip address 85.194.108.202 255.255.255.252

ip access-group 199 out

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description $ETH-LAN$

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

!

router bgp 65000

bgp router-id 192.168.104.202

bgp log-neighbor-changes

network 192.168.2.0

neighbor 192.168.104.201 remote-as 35819

neighbor 192.168.104.201 description < TO | MOBILY | MPLS >

!

ip default-gateway 85.194.108.201

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip http path flash

!

ip nat inside source list LAN_SUBNET interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 85.194.108.201

ip route 192.168.2.0 255.255.255.0 85.194.108.201

!

ip access-list standard LAN_SUBNET

remark CCP_ACL Category=2

permit 192.168.2.0 0.0.0.255

!

access-list 100 permit tcp any any eq 443

access-list 199 remark CCP_ACL Category=1

access-list 199 permit tcp any any

!

!

!

control-plane

!

!

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 199 in

access-class 199 out

no login

transport input ssh

transport output ssh

line vty 5 15

login local

transport input all

!

scheduler allocate 20000 1000

end

Answer:

On G0/0 you have an outbound access list 199 which only permits TCP. If you were on a PC on the LAN side you would not be able to resolve DNS names to IP addresses (DNS uses udp). Can you ping 8.8.8.8 from your PC on the LAN?

Can you also provide a Cisco 3560X Price "show ip route" please?

Cisco 1941 on gi0/0 - connected but no internet

Question:

I am new in cisco, please WS-C3750X-48PF-S Price anyone can you help me how to solve this problem.

Inside the router I can ping www.google.com but the laptop is connected on interface gi0/1 is not getting internet. I don't know what I'm missing.. below is the running-config.

Current configuration : 6094 bytes

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RYD-TYPSA-KINGFAHAD

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

no ipv6 cef

ip source-route

no ip cef

!

!

!

ip dhcp excluded-address 192.168.2.1 192.168.2.10

!

ip dhcp pool TYPSA-KINGFAHD

network 192.168.2.0 255.255.255.0

domain-name TYPSA-KINGFAHD

dns-server 86.51.34.17 86.51.35.18

default-router 192.168.2.1

!

!

ip domain name yourdomain.com

ip name-server 86.51.34.17

ip name-server 86.51.35.18

multilink bundle-name authenticated

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description < TO | MOBILY | MPLS >$ETH-WAN$

ip address 85.194.108.202 255.255.255.252

ip access-group 199 out

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description $ETH-LAN$

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

!

router bgp 65000

bgp router-id 192.168.104.202

bgp log-neighbor-changes

network 192.168.2.0

neighbor 192.168.104.201 remote-as 35819

neighbor 192.168.104.201 description < TO | MOBILY | MPLS >

!

ip default-gateway 85.194.108.201

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip http path flash

!

ip nat inside source list LAN_SUBNET interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 85.194.108.201

ip route 192.168.2.0 255.255.255.0 85.194.108.201

!

ip access-list standard LAN_SUBNET

remark CCP_ACL Category=2

permit 192.168.2.0 0.0.0.255

!

access-list 100 permit tcp any any eq 443

access-list 199 remark CCP_ACL Category=1

access-list 199 permit tcp any any

!

!

!

control-plane

!

!

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 199 in

access-class 199 out

no login

transport input ssh

transport output ssh

line vty 5 15

login local

transport input all

!

scheduler allocate 20000 1000

end

Answer:

On G0/0 you have an outbound access list 199 which only permits TCP. If you were on a PC on the LAN side you would not be able to resolve DNS names to IP addresses (DNS uses udp). Can you ping 8.8.8.8 from your PC on the LAN?

Can you also provide a "show ip WS-C3750X-48PF-L route" please?

BPDU Guard

Question:

Could someone please tell me why WS-C3750V2-48PS-S Price the the correct answer to the question below is option A & E and why the option A & D is wrong .

Which of the following characteristics describe the BPDU Guard feature? (Choose allthat apply.)

A) A BPDU Guard port should only be configured on ports with PortFast enabled.

B) BPDU Guard and PortFast should not be enabled on the same port.

C) BPDU Guard is used to ensure that superior BPDUs are not received on a switch port.

D) A BPDU Guard port receiving a BPDU will go into err-disable state.

E) A BPDU Guard port receiving a BPDU will be disabled.

F) BPDU Guard can be enabled on any switch port.

Answer:

Looks like a typo, D & E are the same WS-C3750V2-24PS-S thing

Sub interface NAT problem

Question:

I have the following on Cisco Catalyst 3560 an 1841.

PPPoE on Fast0/0 works fine and picks up ISP address.

I have assigned on the /29 address to fast0/1.2 and and created a LAN on fast0/1.1 using the native VLAN.

I can ping the /29 address from the internet and also ping the internal address from the LAN.

I added a NAT statement (inside and outside to each sub interface).

I cannot connect from the 192.168.199.0/24 network out via NAT.  Is this possible with subinterfaces?

vpdn enable

!

interface FastEthernet0/0

description PPPOE WAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no ip mroute-cache

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 192.168.199.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.2

encapsulation dot1Q 2

ip address 81.143.105.77 255.255.255.248

ip nat outside

ip virtual-reassembly

!

!

interface Dialer1

ip address negotiated

no ip unreachables

ip mtu 1492

encapsulation ppp

ip tcp adjust-mss 1452

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname ******

ppp chap password 0 *****

!

ip route 0.0.0.0 0.0.0.0 Dialer1 2

ip nat inside source list 10 interface FastEthernet0/1.2 overload

!

access-list 10 permit 192.168.199.0 0.0.0.255

dialer-list 1 protocol ip permit

Answer:

I have the following:

I think this is what you want to do? Anything from inside - Client_Inside will be translated to 2.2.2.1 when I try to ping R2 which has a loopback of 1.1.1.1.

So all packets that are generated from the inside will be translated with a source address of 2.2.2.1. I have added a route of 2.2.2.1 back to R1 where the loopback exists.

here are the configs:

CLIENT_INSDIE#show run

Building configuration...

Current configuration : 827 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CLIENT_INSDIE

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

interface FastEthernet0/0

ip address dhcp

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

!

end     

CLIENT_INSDIE#

CLIENT_INSDIE#show ip int brie

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            20.0.0.101      YES DHCP   up                    up     

FastEthernet0/1            unassigned      YES unset  administratively down down  

=======================================================================

R1#show run

Building configuration...

*Mar  1 00:41:27.515: %SYS-5-CONFIG_I: Configured from console by console

Current configuration : 1323 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 20.0.0.0 20.0.0.100

!

ip dhcp pool 1

   network 20.0.0.0 255.255.255.0

   default-router 20.0.0.1

!

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

interface Loopback0

ip address 2.2.2.1 255.255.255.255

!

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 20.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.0.0.2

!

!

no ip http server

no ip http secure-server

ip nat pool test 2.2.2.1 2.2.2.1 netmask 255.255.255.252

ip nat inside source list 100 pool test overload

!

access-list 100 permit ip 20.0.0.0 0.0.0.255 any

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

!

end

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.0.2 to network 0.0.0.0

     2.0.0.0/32 is subnetted, 1 subnets

C       2.2.2.1 is directly connected, Loopback0

     20.0.0.0/24 is subnetted, 1 subnets

C       20.0.0.0 is directly connected, FastEthernet0/1

     10.0.0.0/30 is subnetted, 1 subnets

C       10.0.0.0 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [1/0] via 10.0.0.2

=======================================================================

R2#show run

Building configuration...

Current configuration : 934 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

interface Loopback1

ip address 1.1.1.1 255.255.255.0

!

interface FastEthernet0/0

ip address 10.0.0.2 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

ip route 2.2.2.1 255.255.255.255 10.0.0.1

!

!

no ip http server

no ip http secure-server

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

!

end

Now I will ping 1.1.1.1 from client router:

CLIENT_INSDIE#ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/64 ms

=======================================================

R1#

*Mar  1 00:45:51.783: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [75]

*Mar  1 00:45:51.811: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [75]

*Mar  1 00:45:51.847: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [76]

*Mar  1 00:45:51.867: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [76]

*Mar  1 00:45:51.887: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [77]

*Mar  1 00:45:51.911: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [77]

*Mar  1 00:45:51.931: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [78]

*Mar  1 00:45:51.947: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [78]

*Mar  1 00:45:51.975: NAT*: s=20.0.0.101->2.2.2.1, d=1.1.1.1 [79]

*Mar  1 00:45:51.995: NAT*: s=1.1.1.1, d=2.2.2.1->20.0.0.101 [79]

R1#

*Mar  1 00:46:19.939: NAT: expiring 2.2.2.1 (20.0.0.101) icmp 14 (14)

R1#show ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

icmp 2.2.2.1:13        20.0.0.101:13      1.1.1.1:13         1.1.1.1:13

=======================================================

R2#

*Mar  1 00:45:24.731: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.735: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.735: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.735: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.799: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.799: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.799: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.799: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.855: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.855: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.855: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.855: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.895: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.895: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.895: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.895: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

*Mar  1 00:45:24.939: IP: tableid=0, s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1 (Loopback1), routed via RIB

*Mar  1 00:45:24.939: IP: s=2.2.2.1 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4

*Mar  1 00:45:24.939: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB

*Mar  1 00:45:24.939: IP: s=1.1.1.1 (local), d=2.2.2.1 (FastEthernet0/0), len 100, sending

So we are NATing the source to 2.2.2.1 which is not on the physical interface. You can also do this for sub interface.

Is this what you was trying Cisco 3560 Switch to do?

iBGP Neighbors over a Frame-Relay WAN

Question:

Ive been trying Catalyst Switches to get a lab scenario to work that i came up with on my own. Not expecting it to be so troublesome of course. I have the topology pictured below:

The only issue is that R2 cant ping R3 and vice-versa. All the routes show up in the BGP table and the routing table but both branch sites are unreachable to eachother. The only working network connectivity is from each spoke to the hub. All three routers are running BGP AS 100. the frame relay network is 63.100.200.0/29 So the frame relay cloud is all one subnet. The topology is a hub-spoke format with R1 having links between itself and the two branch routers. I believe the issue is the single subnet, but i'm not sure. R1 is acting as a route reflector. There is also next-hop-self configured since natively each branch wont know of the other's next hop. Next-hop-self wasnt working for some reason so i configured a route map to acomplish the same task. Here is my configs for each router.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

interface Loopback0

ip address 172.31.255.255 255.255.255.255

description BGP Loopback

!

interface Loopback2

ip address 172.31.1.254 255.255.255.0

description LAN Reachability Test Loopback

!

interface Serial0/0

ip address 63.100.200.1 255.255.255.248

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 63.100.200.2 102 broadcast

frame-relay map ip 63.100.200.3 103 broadcast

no frame-relay inverse-arp

!

router bgp 100

no synchronization

bgp log-neighbor-changes

network 172.31.1.0 mask 255.255.255.0

network 172.31.255.255 mask 255.255.255.255

neighbor 172.31.255.253 remote-as 100

neighbor 172.31.255.253 update-source Loopback0

neighbor 172.31.255.253 route-reflector-client

neighbor 172.31.255.253 next-hop-self

neighbor 172.31.255.253 route-map BGP-RR out

neighbor 172.31.255.254 remote-as 100

neighbor 172.31.255.254 update-source Loopback0

neighbor 172.31.255.254 route-reflector-client

neighbor 172.31.255.254 next-hop-self

neighbor 172.31.255.254 route-map BGP-RR out

no auto-summary

!

ip route 172.31.255.253 255.255.255.255 63.100.200.3

ip route 172.31.255.254 255.255.255.255 63.100.200.2

!

access-list 50 permit any

!

route-map BGP-RR permit 10

match ip address 50

set ip next-hop 172.31.255.255

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R2 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

interface Loopback0

ip address 172.31.255.254 255.255.255.255

description BGP Loopback

!

interface Loopback2

ip address 172.31.2.254 255.255.255.0

description LAN Reachability Test Loopback

!

interface Serial0/0

ip address 63.100.200.2 255.255.255.248

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 63.100.200.1 201 broadcast

no frame-relay inverse-arp

!

router bgp 100

no synchronization

bgp log-neighbor-changes

network 172.31.2.0 mask 255.255.255.0

network 172.31.255.254 mask 255.255.255.255

neighbor 172.31.255.255 remote-as 100

neighbor 172.31.255.255 update-source Loopback0

no auto-summary

!

ip route 172.31.255.255 255.255.255.255 63.100.200.1

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R3 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

interface Loopback0

ip address 172.31.255.253 255.255.255.255

description BGP Loopback

!

interface Loopback2

ip address 172.31.3.254 255.255.255.0

description LAN Reachability Test Loopback

!

interface Serial0/0

ip address 63.100.200.3 255.255.255.248

encapsulation frame-relay

clock rate 2000000

frame-relay map ip 63.100.200.1 301 broadcast

no frame-relay inverse-arp

!

router bgp 100

no synchronization

bgp log-neighbor-changes

network 172.31.3.0 mask 255.255.255.0

network 172.31.255.253 mask 255.255.255.255

neighbor 172.31.255.255 remote-as 100

neighbor 172.31.255.255 update-source Loopback0

no auto-summary

!

ip route 172.31.255.255 255.255.255.255 63.100.200.1

Answer:

let me say again you have only  two PVCs and there is no direct PVC between R2 and R3.

So Inverse ARP cannot be of help, at the other end of the unique PVC there is the hub router.

To make things working you don't need an additional PVC, but you need to help each spoke router to solve the other spoke IP WAN address. This is made by using an additional frame-relay map statement in each spoke under the interface configuration.

So try the following:

R2

config t

interface serial 0/0

frame-relay map ip 63.100.200.3 201

R3

config t

interface ser0/0

frame-relay map ip 63.100.200.2 301

After you do this you will be able to ping from spoke to spoke and also networks behind each spoke.

You have a small issue in the forwarding plane. Cisco 3560 Price That's all