3 Tier Campus LAN Topology

The Lab
● Campus LAN network 10.0.0.0/16
● 3 tier hierarchical design (core, distribution and access)
● Subnets for each VLAN 10,20,30,40. Hosts/Servers 4 subnets /24
o VLAN 10 – 10.0.10.0/24
o VLAN 20 – 10.0.20.0/24
o VALN 30 – 10.0.30.0/24
o VLAN 40 – 10.0.40.0/24
● Layer 3 EDGE to the distribution layer using EIGRP or OSPF IGP
● Summarize to the core to reduce (EIGRP) cpu demands at the core layer
● Layer 2 distribution to the access layer
● Rapid pvst+ on distribution and access switches
● Distribution layer leases ip addresses to hosts on VLANs
● NAT on Edge routers to ISP (Dual Homed)
● iBGP between EDGE1 and 2 and ISP-A-1 and ISP-A-2
● eBGP between EDGE1 and ISP-A-1. EDGE2 and ISP-A-2.
● Default route from ISP-A-1 and 2 to EDGE1 and 2
● Integrate route maps on EDGE1 and 2
Remove duplex messages if they show:
no cdp advertise-v2
no cdp log mismatch duplex

ISP-A-1
Configure all layer 3 point to point links
interface GigabitEthernet0/1
description Connected to EDGE1
ip address 11.11.11.4 255.255.255.0
no shutdown

interface g0/2
description Connected to ISP-A-2
ip address 10.4.4.4 255.255.255.0
duplex auto
speed auto
no shutdown
Create a default route to the null interface
ip route 0.0.0.0 0.0.0.0 Null0

BGP configuration
router bgp 11111
no synchronization
bgp log-neighbor-changes
network 10.4.4.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor 10.4.4.5 remote-as 11111
neighbor 10.4.4.5 default-originate
neighbor 11.11.11.1 remote-as 22222
neighbor 11.11.11.1 default-originate
no auto-summary

ISP-A-2
Configure all layer 3 point to point links
interface GigabitEthernet0/1
description Connected to EDGE2
ip address 12.12.12.5 255.255.255.0
no shutdown

interface g0/2
description Connected to ISP-A-2
ip address 10.4.4.5 255.255.255.0
duplex auto
speed auto
no shutdown
Create a default route to the null interface
ip route 0.0.0.0 0.0.0.0 Null0

BGP configuration
router bgp 11111
no synchronization
bgp log-neighbor-changes
network 10.4.4.0 mask 255.255.255.0
network 12.12.12.0 mask 255.255.255.0
neighbor 10.4.4.4 remote-as 11111
neighbor 10.4.4.4 default-originate
neighbor 12.12.12.2 remote-as 22222
neighbor 12.12.12.2 default-originate
no auto-summary
EDGE1
Configure all layer 3 point to point links
Interface g0/0
description Connected to LAN
ip address 10.0.0.1 255.255.255.252
no shutdown

Interface g0/3
description Connected to LAN
ip address 10.0.0.5 255.255.255.252
no shutdown

Interface g0/2
description Connected to EDGE2
ip address 22.22.22.1 255.255.255.0
duplex auto
speed auto
no shutdown

interface GigabitEthernet0/1
description Connected to ISP-A-1
ip address 11.11.11.1 255.255.255.0
no shutdown
Configure OSPF
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
default-information originate

Create a prefix-list to match only the default route. We will be using this prefix-
list for a couple of route-maps
ip prefix-list DEFONLY seq 10 permit 0.0.0.0/0

Create a route-map which we will later use to set the local preference for routes
coming in from eBGP neighbors. If we do not set the local preference iBGP
routes will be installed into the routing table and we will create a routing loop.
route-map SETEBGPLOCALPREF permit 10
set local-preference 100

Create a route-map which we will later use to set the local preference for the
default route learned via iBGP
route-map SETIBGPDEFLOCALPREF permit 10
match ip address prefix-list DEFONLY
set local-preference 50
** Set iBGP learned default to be a lower preference than eBGP learned default. **

Create an empty route-map statement that matches everything.

route-map SETIBGPDEFLOCALPREF permit 20

Border gateway protocol configuration

router bgp 22222
no synchronization
bgp log-neighbor-changes
network 22.22.22.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor 11.11.11.4 remote-as 11111
** Anything coming in from this neighbor will have a local preference of 100 **
neighbor 11.11.11.4 route-map SETEBGPLOCALPREF in
neighbor 22.22.22.2 remote-as 22222
neighbor 22.22.22.2 next-hop-self
** Default route coming in from this neighbor will have a local preference of 50 **
neighbor 22.22.22.2 route-map SETIBGPDEFLOCALPREF in
no auto-summary

Create an access list to match traffic to be translated

access-list 1 permit 10.0.0.0 0.0.255.255

Create route-maps to NAT out of eBGP interface g0/1 and iBGP interface g0/2
route-map iBGPNAT permit 10
match ip address 1
match interface g0/2
route-map eBGPNAT permit 10
match ip address 1
match interface g0/1

Create NAT statements using route-maps so the traffic can get translated
appropriately.
The reason we are doing it this way is because if EDGE1's connection goes down with ISP-A-1, the
LAN can still get to the internet.

ip nat inside source route-map eBGPNAT interface GigabitEthernet0/1 overload

ip nat inside source route-map iBGPNAT interface GigabitEthernet0/2 overload

Configure NAT interfaces

Int g0/0
Ip nat inside
Exit
Int g0/3
Ip nat inside
exit
Int g0/1
Ip nat outside
Exit
Int g0/2
Ip nat outside
exit
Below is how you inject iBGP into OSPF using route-maps. First create a route-
map and match only the default route.

** we have already created DEFONLY prefix-list **

route-map DEFONY permit 10
match ip address prefix-list DEFONLY
exit

Router bgp 22222

Bgp redistribute-internal
Exit

Router Ospf 1
Redistribute bgp 22222 subnets route-map DEFONLY
exi

EDGE2
Configure all layer 3 point to point links
Interface g0/0
description Connected to LAN
ip address 10.0.0.13 255.255.255.252
no shutdown

Interface g0/3
description Connected to LAN
ip address 10.0.0.9 255.255.255.252
no shutdown

interface g0/2
description Connected to R1
ip address 22.22.22.2 255.255.255.0
duplex auto
speed auto
no shutdown

interface GigabitEthernet0/1
description Connected to ISP-A-2
ip address 12.12.12.2 255.255.255.0
no shutdown

Configure OSPF
router ospf 1
log-adjacency-changes
network 10.0.0.8 0.0.0.3 area 0
network 10.0.0.12 0.0.0.3 area 0
default-information originate
Border gateway protocol configuration
router bgp 22222
no synchronization
bgp log-neighbor-changes
network 22.22.22.0 mask 255.255.255.0
network 12.12.12.0 mask 255.255.255.0
neighbor 12.12.12.5 remote-as 11111
** Anything coming in from this neighbor will have a local preference of 100 **
neighbor 12.12.12.5 route-map SETEBGPLOCALPREF in
neighbor 22.22.22.1 remote-as 22222
neighbor 22.22.22.1 next-hop-self
** Default route coming in from this neighbor will have a local preference of 50 **
neighbor 22.22.22.1 route-map SETIBGPDEFLOCALPREF in
no auto-summary

Create an access list to match traffic to be Translated

access-list 1 permit 10.0.0.0 0.0.255.255

Create route-maps to NAT out of eBGP interface g0/1 and iBGP interface g0/2
route-map iBGPNAT permit 10
match ip address 1
match interface GigabitEthernet0/2
route-map eBGPNAT permit 10
match ip address 1
match interface GigabitEthernet0/1

Create NAT statements using route-maps so the traffic can get natted
appropriately.
The reason we are doing it this way is because if EDGE2's connection goes down with ISP-A-2, the
LAN can still get to the internet.
ip nat inside source route-map eBGPNAT interface GigabitEthernet0/1 overload
ip nat inside source route-map iBGPNAT interface GigabitEthernet0/2 overload

Configure ip nat inside and outside on interfaces.

Int g0/0
Ip nat inside
Exit
Int g0/3
Ip nat inside
exit
Int g0/1
Ip nat outside
Exit
Int g0/2
Ip nat outside
exit
Below is how you inject iBGP into OSPF using route-maps. First create a route-
map and match only the default route.
** we have already created DEFONLY prefix-list **
route-map DEFONY permit 10
match ip address prefix-list DEFONLY
exit

Router bgp 22222

Bgp redistribute-internal
Exit

Router Ospf 1
Redistribute bgp 22222 subnets route-map DEFONLY
exi

Either configure eem (Embedded Event Manager) on the routers or may have to manually do
'clear ip nat translation' in order for failover nat to work.
CORE1
Enable ip routing
Ip routing

Configure all layer 3 point to point links /32

Interface g0/2
No switchport
Ip address 10.0.0.2 255.255.255.252
No shutdown

Int g0/3
no switchport
Ip address 10.0.0.10 255.255.255.252
No shutdown

Interface g1/1
no switchport
Ip address 10.0.0.25 255.255.255.252
No shutdown

Int g1/0
no switchport
Ip address 10.0.0.21 255.255.255.252
No shutdown
Int range g0/0 - 1
no switchport
channel-protocol pagp
channel-group 1 mode desirable
no shutdown
exit

Interface port-channel 1
No switchport
Ip address 10.0.0.17 255.255.255.252
No shutdown
exit

Configure EIGRP or OSPF routing protocol on all interfaces (I used OSPF

everywhere. I haven't figured out EIGRP yet some EIGRP configurations are in
the document).
router eigrp 1
network 10.0.0.0 0.0.0.3
network 10.0.0.8 0.0.0.3
network 10.0.0.16 0.0.0.3
network 10.0.0.20 0.0.0.3
network 10.0.0.24 0.0.0.3
no auto-summary
exit

or

router ospf 1
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.8 0.0.0.3 area 0
network 10.0.0.16 0.0.0.3 area 0
network 10.0.0.20 0.0.0.3 area 0
network 10.0.0.24 0.0.0.3 area 0
exit

show ip route connected

show etherchannel 1 port-channel
show etherchannel summary

CORE2
Enable ip routing
Ip routing

Configure all layer 3 point to point links /32

Interface g0/2
no switchport
Ip address 10.0.0.14 255.255.255.252
No shutdown

Int g0/3
no switchport
Ip address 10.0.0.6 255.255.255.252
No shutdown
Interface g1/1
no switchport
Ip address 10.0.0.29 255.255.255.252
No shutdown

Int g1/0
no switchport
Ip address 10.0.0.33 255.255.255.252
No shutdown

Int range g0/0 - 1

no switchport
channel-protocol pagp
channel-group 1 mode desirable
no shutdowndown
exit

Interface port-channel 1
No switchport
Ip address 10.0.0.18 255.255.255.252
No shutdowndown
Exit

Configure EIGRP or OSPF routing protocol on all interfaces

router eigrp 1
network 10.0.0.4 0.0.0.3
network 10.0.0.12 0.0.0.3
network 10.0.0.16 0.0.0.3
network 10.0.0.28 0.0.0.3
network 10.0.0.32 0.0.0.3
no auto-summary
exit
or
router ospf 1
network 10.0.0.4 0.0.0.3 area 0
network 10.0.0.12 0.0.0.3 area 0
network 10.0.0.16 0.0.0.3 area 0
network 10.0.0.28 0.0.0.3 area 0
network 10.0.0.32 0.0.0.3 area 0
exit

show ip route connected

show etherchannel 1 port-channel
show etherchannel summary

DIS1
Enable ip routing
Ip routing

Configure all layer 3 point to point links /32

Interface g1/0
no switchport
Ip address 10.0.0.22 255.255.255.252
No shutdown

Int g1/1
no switchport
Ip address 10.0.0.30 255.255.255.252
No shutdown

Configure trunk to DIS2

Interface g0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Configure trunk to Access layer

Interface g0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g1/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g1/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Configure EIGRP or OSPF routing protocol on all interfaces

router eigrp 1
network 10.0.0.20 0.0.0.3
network 10.0.0.28 0.0.0.3
network 10.0.10.0 0.0.0.255
network 10.0.20.0 0.0.0.255
network 10.0.30.0 0.0.0.255
network 10.0.40.0 0.0.0.255
no auto-summary
or
router ospf 1
network 10.0.0.20 0.0.0.3 area 0
network 10.0.0.28 0.0.0.3 area 0
network 10.0.10.0 0.0.0.255 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 10.0.40.0 0.0.0.255 area 0

Summarize the connected networks into eigrp (Do this if you are using EIGRP)
Show ip route connected
10.0.10.0/24
10.0.20.0/24
10.0.30.0/24
10.0.40.0/24

Put the summary address on interfaces pointing to the core 10.0.0.0/18 eigrp (Do
this if you are using EIGRP)
Show cdp neighbors

int g1/0
ip summary-address eigrp 1 10.0.0.0 255.255.192.0
int g1/1
ip summary-address eigrp 1 10.0.0.0 255.255.192.0
ospf summarization only on ABR and ANSBR

adjacencies will reestablish

Create the VLANS

vlan 10
name First_Floor
vlan 20
name Second_Floor
vlan 30
name Third_Floor
vlan 40
name Server_Room

Create SVI for each of the VLANS and enable HSRP

DIS1 will be the primary HSRP for VLANS 10 and 20 and secondary for VLAN 30 and
40.
HSRP groups are assigned the same number as the VLAN counterpart

interface Vlan 10
ip address 10.0.10.2 255.255.255.0
standby 10 ip 10.0.10.1
standby 10 priority 120
standby 10 preempt
no shutdown

interface Vlan 20
ip address 10.0.20.2 255.255.255.0
standby 20 ip 10.0.20.1
standby 20 priority 120
standby 20 preempt
no shutdown

interface Vlan 30
ip address 10.0.30.2 255.255.255.0
standby 30 ip 10.0.30.1
no shutdown

interface Vlan 40
ip address 10.0.40.2 255.255.255.0
standby 40 ip 10.0.40.1
no shutdown
Configure DHCP
ip dhcp excluded-address 10.0.10.1 10.0.10.3
ip dhcp excluded-address 10.0.20.1 10.0.20.3
ip dhcp excluded-address 10.0.30.1 10.0.30.3
ip dhcp excluded-address 10.0.40.1 10.0.40.3
ip dhcp excluded-address 10.0.40.254
ip dhcp pool VLAN10
network 10.0.10.0 255.255.255.0
default-router 10.0.10.1

ip dhcp pool VLAN20

network 10.0.20.0 255.255.255.0
default-router 10.0.20.1

ip dhcp pool VLAN30

network 10.0.30.0 255.255.255.0
default-router 10.0.30.1

ip dhcp pool VLAN40

network 10.0.40.0 255.255.255.0
default-router 10.0.40.1

Match active/primary HSRP with STP

Show standby brief

Spanning-tree vlan 10,20 root primary

Spanning-tree vlan 30,40 root secondary
Exit
Enable rapid PVST
Conf t
Spanning-tree mode rapid-pvst
Per vlan rapid spanning tree

DIS2
Enable ip routing
Ip routing
Configure all layer 3 point to point links /32
Interface g1/0
no switchport
Ip address 10.0.0.34 255.255.255.252
No shutdown

Int g1/1
no switchport
Ip address 10.0.0.26 255.255.255.252
No shutdown

Configure trunk to DIS1

Interface g0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Configure trunk to Access layer

Interface g0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g1/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g2/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Configure EIGRP routing protocol on all interfaces

router eigrp 1
network 10.0.0.24 0.0.0.3
network 10.0.0.32 0.0.0.3
network 10.0.10.0 0.0.0.255
network 10.0.20.0 0.0.0.255
network 10.0.30.0 0.0.0.255
network 10.0.40.0 0.0.0.255
or
router ospf 1
network 10.0.0.24 0.0.0.3 area 0
network 10.0.0.32 0.0.0.3 area 0
network 10.0.10.0 0.0.0.255 area 0
network 10.0.20.0 0.0.0.255 area 0
network 10.0.30.0 0.0.0.255 area 0
network 10.0.40.0 0.0.0.255 area 0

Summarize the connected networks into eigrp

Show ip route connected
10.0.10.0/24
10.0.20.0/24
10.0.30.0/24
10.0.40.0/24

Put the summary address on interfaces pointing to the core 10.0.0.0/18 eigrp
Show cdp neighbors

int g1/1
ip summary-address eigrp 1 10.0.0.0 255.255.192.0
int g1/0
ip summary-address eigrp 1 10.0.0.0 255.255.192.0

ospf summarization only on ABR and ANSBR

adjacencies will reestablish

Create the VLANS
vlan 10
name First_Floor
vlan 20
name Second_Floor
vlan 30
name Third_Floor
vlan 40
name Server_Room

Create SVI for each of the VLANS and enable HSRP

DIS2 will be the primary HSRP for VLANS 30 and 40 and secondary for VLAN 10 and
20.
HSRP groups are assigned the same number as the VLAN

interface Vlan 10
ip address 10.0.10.3 255.255.255.0
standby 10 ip 10.0.10.1
no shutdown

interface Vlan 20
ip address 10.0.20.3 255.255.255.0
standby 20 ip 10.0.20.1
no shutdown

interface Vlan 30
ip address 10.0.30.3 255.255.255.0
standby 30 ip 10.0.30.1
standby 30 priority 120
standby 30 preempt
no shutdown

interface Vlan 40
ip address 10.0.40.3 255.255.255.0
standby 40 ip 10.0.40.1
standby 40 priority 120
standby 40 preempt
no shutdown

Configure DHCP
ip dhcp excluded-address 10.0.10.1 10.0.10.3
ip dhcp excluded-address 10.0.20.1 10.0.20.3
ip dhcp excluded-address 10.0.30.1 10.0.30.3
ip dhcp excluded-address 10.0.40.1 10.0.40.3

ip dhcp pool VLAN10

network 10.0.10.0 255.255.255.0
default-router 10.0.10.1

ip dhcp pool VLAN20

network 10.0.20.0 255.255.255.0
default-router 10.0.20.1

ip dhcp pool VLAN30

network 10.0.30.0 255.255.255.0
default-router 10.0.30.1

ip dhcp pool VLAN40

network 10.0.40.0 255.255.255.0
default-router 10.0.40.1

Match active/primary HSRP with STP

Show standby brief

Spanning-tree vlan 30,40 root primary

Spanning-tree vlan 10,20 root secondary
Exit
Enable rapid PVST
Conf t
Spanning tree mode rapid-pvst

A1
Configure VLAN
vlan 10
name First_Floor

Configure trunk ports

Interface g0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Enable rapid PVST

Conf t
Spanning-tree mode rapid-pvst

Put interfaces in the correct vlans

Interface g 0/0
switchport access vlan 10
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
no shutdowndown
exit

switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown

Obtain an ip address from the DHCP server for VLAN10

Check DIS1 to see if an address was leased.

Ping both ISPs from VLAN10 to verify you can get out of the LAN

Check the translations on the EDGE routers. Notice ports are used with the
outside interface.
A2
Configure VLAN
vlan 20
name Second_Floor

Configure trunk ports

Interface g1/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Enable rapid PVST

Conf t
Spanning-tree mode rapid-pvst

Put interfaces in the correct vlans

Interface g0/0
switchport access vlan 20
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
no shutdowndown
exit

switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown

A3
Configure VLAN
vlan 30
name Third_Floor

Configure trunk ports

Interface g0/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g1/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Enable rapid PVST

Conf t
Spanning-tree mode rapid-pvst

Put interfaces in the correct vlans

Interface g 0/0
switchport access vlan 30
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
no shutdowndown
exit

switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown

A4
Configure VLAN
vlan 40
name Server_Floor

Configure trunk ports

Interface g1/3
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Interface g2/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdowndown
exit

Enable rapid PVST

Conf t
Spanning-tree mode rapid-pvst

Put interfaces in the correct vlans

Interface g 0/0
switchport access vlan 40
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
no shutdowndown
exit

switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation shutdown

Reference List
https://ithitman.blogspot.com/2011/08/configuring-bgp-dual-homed-design.html
https://ithitman.blogspot.com/2011/08/configuring-bgp-dual-homed-design-part.html