Customers on site are each assigned an external IP for their office routers, with the IPs being brought into site via a BGP route from our Tier-1 provider. These IPs are then assigned to various VLANs and carried out across site over various VLANs.
I tried to install the router, but when its connected to the upstream provider whilst the BGP route is visible via the BGP "sessions" entries, no customer routers are able to get to the internet, or ping the VLAN's gateway. The ARP table shows very few entries, and those it shows always show as "failed".
Attached below is the current config of the router.
1.1.74.9 is our Tier1 Partner's Router
2.1.X.X is the IP range we are distributing to customers on site
2.2.X.X and 2.3.X.X are IPs we rent to other customers via a separate GRE tunnel (2.1.71.133)
Code: Select all
# model = CCR2004-16G-2S+
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether1 ] comment="Primary WAN Link" name=ether1-WAN
set [ find default-name=ether9 ] comment="Backup WAN Link" name=ether9-WAN
set [ find default-name=ether15 ] comment="Management Port" name=ether15-MNG
set [ find default-name=ether16 ] comment="Backup LAN Link" name=ether16-LAN
set [ find default-name=sfp-sfpplus1 ] comment="Link to Sw34" name=sfp1-LAN
set [ find default-name=sfp-sfpplus2 ] comment="Link to Sw10" name=sfp2-LAN
/interface vlan
add interface=LAN name=VLAN1 vlan-id=1
add interface=LAN name=VLAN3 vlan-id=3
add interface=LAN name=VLAN4 vlan-id=4
add interface=LAN name=VLAN5 vlan-id=5
add interface=LAN name=VLAN8 vlan-id=8
add interface=LAN name=VLAN9 vlan-id=9
add interface=LAN name=VLAN11 vlan-id=11
add interface=LAN name=VLAN12 vlan-id=12
add interface=LAN name=VLAN13 vlan-id=13
add interface=LAN name=VLAN14 vlan-id=14
add interface=LAN name=VLAN18 vlan-id=18
add interface=LAN name=VLAN20 vlan-id=20
add interface=LAN name=VLAN21 vlan-id=21
add interface=LAN name=VLAN28 vlan-id=28
add interface=LAN name=VLAN31 vlan-id=31
add interface=LAN name=VLAN32 vlan-id=32
add interface=LAN name=VLAN400 vlan-id=400
add interface=LAN name=VLAN401 vlan-id=401
add interface=LAN name=VLAN402 vlan-id=402
add interface=LAN name=VLAN406 vlan-id=406
add interface=LAN name=VLAN500 vlan-id=500
add interface=LAN name=VLAN800 vlan-id=800
add interface=LAN name=VLAN997 vlan-id=997
add interface=LAN name=VLAN998 vlan-id=998
add interface=LAN name=VLAN999 vlan-id=999
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default disabled=no output.network=bgp-networks
add as=65501 cisco-vpls-nlri-len-fmt=auto-bits disabled=no name=Tier1Partner \
output.redistribute=connected,static router-id=1.1.74.10 \
routing-table=main
/interface bridge port
add bridge=LAN interface=sfp1-LAN trusted=yes
add bridge=LAN interface=sfp2-LAN trusted=yes
add bridge=LAN hw=no interface=ether16-LAN trusted=yes
/ip firewall connection tracking
set enabled=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether15-MNG network=\
192.168.88.0
add address=172.16.1.254/24 interface=VLAN1 network=172.16.1.0
add address=2.1.71.230/29 interface=VLAN3 network=2.1.71.224
add address=2.2.31.246/29 interface=VLAN4 network=2.2.31.240
add address=2.2.31.238/29 interface=VLAN5 network=2.2.31.232
add address=2.1.71.62/27 interface=VLAN8 network=2.1.71.32
add address=2.1.71.150/29 interface=VLAN9 network=2.1.71.144
add address=2.1.69.126/27 interface=VLAN11 network=2.1.69.96
add address=2.1.71.142/28 interface=VLAN12 network=2.1.71.128
add address=2.1.69.142/28 interface=VLAN13 network=2.1.69.128
add address=2.1.71.222/28 interface=VLAN14 network=2.1.71.208
add address=2.1.71.30/27 interface=VLAN18 network=2.1.71.0
add address=2.1.71.190/27 interface=VLAN20 network=2.1.71.160
add address=2.1.71.94/27 interface=VLAN21 network=2.1.71.64
add address=2.1.69.94/27 interface=VLAN28 network=2.1.69.64
add address=2.1.69.158/28 interface=VLAN31 network=2.1.69.144
add address=2.1.71.126/27 interface=VLAN32 network=2.1.71.96
add address=2.1.69.174/28 interface=VLAN400 network=2.1.69.160
add address=2.1.70.78/28 interface=VLAN401 network=2.1.70.64
add address=2.1.69.206/28 interface=VLAN402 network=2.1.69.192
add address=2.1.69.190/28 interface=VLAN406 network=2.1.69.176
add address=2.3.44.1/23 interface=VLAN500 network=2.3.44.0
add address=2.1.69.30/27 interface=VLAN800 network=2.1.69.0
add address=2.1.71.158/29 interface=VLAN997 network=2.1.71.152
add address=2.1.70.126/27 interface=VLAN998 network=2.1.70.96
add address=1.1.74.10/29 interface=ether1-WAN network=1.1.74.8
add address=1.2.244.66/29 interface=ether9-WAN network=1.2.244.64
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall address-list
add address=2.3.44.0/24 comment="LE 1" list=bgp-networks
add address=2.3.45.0/24 comment="LE 2" list=bgp-networks
add address=2.1.68.0/22 comment="Site" list=bgp-networks
add address=2.2.24.0 list=bgp-networks
add address=2.2.25.0 list=bgp-networks
add address=2.2.26.0 list=bgp-networks
add address=2.2.27.0 list=bgp-networks
add address=2.2.28.0 list=bgp-networks
add address=2.2.29.0 list=bgp-networks
add address=2.2.30.0 list=bgp-networks
add address=2.2.31.0 list=bgp-networks
/ip route
add distance=5 gateway=1.2.244.65
add check-gateway=ping distance=1 gateway=1.1.74.9
add distance=1 dst-address=2.3.44.0/24 gateway=2.1.71.133
add distance=1 dst-address=2.3.45.0/24 gateway=2.1.71.133
add distance=1 dst-address=2.1.68.0/24 gateway=2.1.71.133
add distance=1 dst-address=2.2.24.0/21 gateway=2.1.71.133
add distance=1 dst-address=2.2.24.0/22 gateway=2.1.71.133
add distance=1 dst-address=2.2.28.0/23 gateway=2.1.71.133
add distance=1 dst-address=2.2.30.0/24 gateway=2.1.71.133
/routing bgp connection
add as=65501 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=no \
listen=yes local.role=ebgp name=peer1 output.network=bgp-networks \
.redistribute=connected,static remote.address=1.1.74.9/32 .as=65500 \
.port=179 router-id=1.1.74.10 routing-table=main templates=Tier1Partner