Home

Cisco Systems OL-10729-01 User's Manual

1. 0180 c200 0000 deny any host 1234 3234 3432 permit any any l interface FastEthernet2 18 switchport trunk allowed vlan 350 351 430 630 777 780 783 785 788 interface Vlan788 no ip address description L2VPN ERS with UNI port security xconnect 99 99 5 99 89028 encapsulation mpls no shutdown e The N PE is a 7600 with an OSM or SIP 600 module e The U PE is a generic Metro Ethernet ME switch The customer BPDUs are blocked by the PACL e Various UNI port security commands are provisioned Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 Appendix A Sample Configlets ERS Point to Point with UNI Port Security W e A user defined PACL entry is added to the default PACL Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 E Appendix A Sample Configlets HI EWS Point to Point EWS Point to Point Configuration Configlets Comments e Service L2VPN Metro Ethernet e Feature EWS point to point e Device configuration The N PE is a CISCO7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with IOS 12 2 25 EY1 No port security no tunneling L2VPN point to point QinQ UNI C3750ME FA1 0 20 FA1 0 23 lt gt C7600 FA8 17 UP E N PE system mtu 1522 vlan 774 exit vlan 774 exit interface FastEthernet1 0 20 no cdp enable no keepalive switchport switchport acces
2. APPENDIX A Sample Configlets This appendix provides sample configlets for L2VPN and Metro Ethernet service provisioning in ISC It contains the following sections e Overview page A 1 e ERS Point to Point page A 3 e ERS Point to Point with UNI Port Security page A 4 e EWS Point to Point page A 6 e EWS Point to Point with UNI Port Security BPDU Tunneling page A 7 e EWS Hybrid page A 9 e VPLS Multipoint ERS page A 12 e VPLS Multipoint EWS with BPDU Tunneling page A 13 e ERS with 1 1 VLAN Translation page A 14 e ERS with 2 1 VLAN Translation page A 15 e ATM over MPLS VC Mode page A 16 e ATM over MPLS VP Mode page A 17 e Frame Relay over MPLS page A 18 e Frame Relay DLCI Mode page A 19 Overview The configlets provided in this appendix show the CLIs generated by ISC for particular services and features Each configlet example provides the following information e Service e Feature e Devices configuration network role hardware platform relationship of the devices and other relevant information e Sample configlets for each device in the configuration e Comments Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 I oL 10729 01 EN AppendixA Sample Configlets WE Overview Note The configlets generated by ISC are only the delta between what needs to be provisioned and what currently exists on the device This means that if a relevant CLI is already on the de
3. E vlan 767 12 vfi vpls_ers_1 0 manual exit vpn id 89017 I interface FastEthernet1 0 21 no cdp enable no keepalive no ip address switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan none switchport trunk allowed vlan 767 switchport nonegotiate spanning tree bpdufilter enable mac access group ISC FastEthernet1 0 21 in i interface FastEthernet1 0 23 no ip address mac access list extended ISC FastEthernet1 0 21 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any neighbor 99 99 10 9 encapsulation mpls neighbor 99 99 5 99 encapsulation mpls i vlan 767 exit l interface FastEthernet2 18 switchport trunk allowed vlan 350 351 430 630 767 780 783 785 791 interface Vlan767 no ip address description VPLS ERS xconnect vfi vpls_ers_1 0 no shutdown Comments e The N PE is a 7600 with OSM or SIP 600 module e The VFI contains all the N PEs neighbors that this N PE talks to e The U PEis a generic Metro Ethernet ME switch The customer BPDUs are blocked by the PACL The VPLS ERS UNI is the same as the L2VPN point to point ERS UNI e The SVI interface 767 refers to the global VFI which contains multiple peering N PEs Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 Appendix A Sample Configlets VPLS Multipoint EWS with B
4. PDU Tunneling _ VPLS Multipoint EWS with BPDU Tunneling Configuration e Service L2VPN Metro Ethernet e Feature VPLS multipoint EWS with BPDU tunneling e Device configuration The N PE is a CISCO7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with IOS 12 2 25 EY1 No port security no tunneling VPLS Multipoint VPN with VLAN 767 QinQ UNI C3750ME FA1 0 12 FA1 0 23 lt gt C7600 FA2 18 Configlets UP E N PE system mtu 1522 12 vfi vpls_ews 89019 manual vpn id 89019 errdisable recovery interval 33 neighbor 99 99 8 99 encapsulation mpls 1 I vlan 776 vlan 776 exit exit l interface FastEthernet1 0 12 interface FastEthernet8 17 no cdp enable switchport trunk allowed vlan no keepalive 1 451 653 659 766 768 772 776 878 switchport switchport access vlan 776 interface Vlan776 switchport mode dotigq tunnel no ip address switchport nonegotiate description VPLS EWS 12protocol tunnel cdp xconnect vfi vpls_ews 89019 12protocol tunnel stp no shutdown 12protocol tunnel vtp 12protocol tunnel shutdown threshold cdp 88 12protocol tunnel shutdown threshold stp 64 12protocol tunnel shutdown threshold vtp 77 12protocol tunnel drop threshold cdp 34 12protocol tunnel drop threshold stp 23 12protocol tunnel drop threshold vtp 45 no shutdown spanning tree portfast spanning tree bpdufilter enable Comments The N PE is a 7600 with an OSM or SIP 600 module e The VFI contains all the N
5. PEs neighbors that this N PE talks to e The VPLS EWS UNI is the same as L2VPN point to point EWS UNI e The SVI is the same as VPLS ERS SVI Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 ESEN Appendix A Sample Configlets HERS with 1 1 VLAN Translation ERS with 1 1 VLAN Translation Configuration e Service L2VPN Metro Ethernet e Feature ERS with 1 1 VLAN translation e Device configuration The N PE is a CISCO7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with IOS 12 2 25 EY1 VLAN translation on the NNI port uplink L2VPN point to point C3750ME FA1 0 8 GI1 1 1 lt gt C7600 FA8 34 Configlets UP E N PE vlan 778 vlan 123 exit exit interface FastEthernet8 34 interface FastEthernet1 0 8 switchport no cdp enable switchport trunk encapsulation dotlq no keepalive switchport mode trunk no ip address switchport trunk allowed vlan 1 778 switchport trunk allowed vlan 123 switchport nonegotiate interface Vlan778 switchport port security maximum 34 no ip address switchport port security aging time 23 description L2VPN ERS 1 to 1 vlan switchport port security violation protect translation switchport port security xconnect 99 99 8 99 89032 encapsulation spanning tree bpdufilter enable mpls mac access group ISC FastEthernet1 0 8 in no shutdown 1 interface GigabitEthernet1 1 1 no ip address switchport mode trunk s
6. broadcast Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 AppendixA Sample Configlets Configlets ERS EWS Hybrid W UP E N PE system mtu 1522 vlan 775 exit vlan 775 exit interface FastEthernet1 17 switchport trunk allowed vlan 1 451 653 659 766 768 772 773 775 878 interface FastEthernet1 10 switchport trunk allowed vlan 1 451 653 659 766 768 772 773 775 878 interface FastEthernet8 17 switchport trunk allowed vlan 1 451 653 659 766 l interface Vlan775 no ip address description L2VPN 768 772 773 775 878 EWS xconnect 99 99 8 99 89029 encapsulation mpls no shutdown Comments e This is the ERS side NNI e The N PE is a 7600 with an OSM or a SIP 600 module Provisioning is the same as the ERS e The U PE is really a PE AGG It connects to the wholesale customer as an NNI Both ports are regular NNI ports Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 oL 10729 01 a At Appendix A Sample Configlets HI VPLS Multipoint ERS VPLS Multipoint ERS Configuration e Service L2VPN Metro Ethernet e Feature VPLS multipoint ERS e Device configuration VPLS Multipoint VPN with VLAN 767 The N PE is a CISCO7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with IOS 12 2 25 EY1 No port security no tunneling C3750ME FA1 0 21 FA1 0 23 lt gt C7600 FA2 18 Configlets UP E N P
7. elay DLCI Mode Ml Frame Relay DLCI Mode Configuration e Service L2VPN over a L2TPv3 core e Feature FR in DLCI mode e Device configuration The N PE is a CISCO7200 with IOS 12 0 28 S NoCE NoU PE L2VPN point to point ATMoMPLS C7200 ATM2 0 Configlets UP E N PE None pseudowire class ISC pw dynamic default encapsulation 12tpv3 ip local interface Loopback10 ip dfbit set I interface Serial3 2 encapsulation frame relay exit l connect ISC_1054 Serial3 2 86 12transport xconnect 10 9 1 1 1054 encapsulation 12tpv3 pw class ISC pw dynamic default Comments e The N PE is any L2TPv3 enabled router e L2VPN provisioning is on the serial port for the Frame Relay connection Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 ES Appendix A Sample Configlets HI Frame Relay DLCI Mode Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 PA20 i OL 10729 01
8. generic Metro Ethernet ME switch Customer BPDUs are blocked by the PACL Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 EN Appendix A Sample Configlets HZ ERS Point to Point with UNI Port Security ERS Point to Point with UNI Port Security Configuration Configlets Comments e Service L2VPN Metro Ethernet e Feature ERS point to point with UNI port security e Device configuration L2VPN point to point The N PE is a CISCO7600 with IOS 12 2 18 SXF OSM The U PE is a CISCO3550 with IOS 12 2 25 SEC2 Port security is enabled C3550ME FA3 31 FA3 23 lt gt C7600 FA2 18 UP E N PE vlan 788 vlan 788 exit exit 1 interface FastEthernet3 23 no ip address switchport trunk allowed vlan 783 787 788 1 interface FastEthernet3 31 no cdp enable no keepalive no ip address switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan none switchport trunk allowed vlan 788 switchport port security switchport nonegotiate switchport port security maximum 45 switchport port security aging time 34 switchport port security violation shutdown switchport port security mac address 3456 3456 5678 spanning tree bpdufilter enable mac access group ISC FastEthernet3 31 in mac access list extended ISC FastEthernet3 31 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host
9. ion e Service L2VPN e Feature ATM over MPLS ATMoMPLS a type of AToM in VP mode e Device configuration Configlets UP E The N PE is a CISCO7200 with IOS 12 0 28 S No CE No U PE L2VPN point to point ATMoMPLS C7200 ATM2 0 N PE None pseudowire class ISC pw tunnel 123 encapsulation mpls preferred path interface tunnel1i23 disable fallback I interface ATM2 0 atm pvp 131 12transport xconnect 99 99 4 99 89024 pw class ISC pw tunnel 123 Comments e The N PE is any MPLS enabled router e L2VPN provisioning is on the ATM VP connection e The L2VPN pseudo wire is mapped to a TE tunnel OL 10729 01 Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 E Appendix A Sample Configlets HZ Frame Relay over MPLS Frame Relay over MPLS Configuration Service L2VPN e Feature Frame Relay over MPLS FRoMPLS a type of AToM e Device configuration The N PE is a CISCO7200 with IOS 12 0 28 S NoCE NoU PE L2VPN point to point ATMoMPLS C7200 ATM2 0 Configlets UP E N PE None interface Serial1 1 exit Li connect C1_89001 Seriali 1 135 12transport xconnect 99 99 4 99 89001 encapsulation mpls Comments e The N PE is any MPLS enabled router e L2VPN provisioning is on the serial port for the Frame Relay connection Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 PAs E OL 10729 01 Appendix A Sample Configlets Frame R
10. on mpls no shutdown Comments e The N PE is a 7600 with an OSM or SIP 600 module Provisioning is the same as the ERS example e The U PE is a generic Metro Ethernet ME switch e PACL with one user defined entry e BPDUs CDP STP and VTP are tunneled through the MPLS core e Storm control is enabled for unicast multicast and broadcast Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 Appendix A Sample Configlets EWS Hybrid W EWS Hybrid Configuration e Service L2VPN Metro Ethernet e Feature EWS hybrid One side is EWS UNI the other side is ERS NNI e Device configuration The N PE is a CISCO7600 with 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with 12 2 25 EY1 No port security with tunneling L2VPN point to point QinQ UNI C3750ME FA1 0 20 FA1 0 23 lt gt C7600 FA8 17 amp Note The first configlet example is the EWS side UNI The second configlet is the ERS side NNI Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 E Appendix A Sample Configlets WE EWS Hybrid Configlets EWS Comments UP E N PE system mtu 1522 vlan 775 1 exit vlan 775 exit interface FastEthernet8 17 system mtu 1522 vlan 775 exit 1 interface FastEthernet1 0 19 no cdp enable no keepalive switchport switchport switchport switchport switchport switchport switchport switchpor
11. s vlan 774 switchport mode dotigq tunnel switchport nonegotiate spanning tree portfast spanning tree bpdufilter enable f interface FastEthernet1 0 23 no ip address switchport trunk allowed vlan 774 787 788 interface FastEthernet8 17 switchport trunk allowed vlan 1 451 653 659 766 768 772 773 774 878 interface Vlan774 no ip address description L2VPN EWS xconnect 99 99 8 99 89029 encapsulation mpls no shutdown e The N PE is a 7600 with a OSM or SIP 600 module Provisioning is the same as the ERS example e The U PE is a generic Metro Ethernet ME switch e No PACL provisioned by default BPDU can be tunneled if desired e The system MTU needs to set to 1522 to handle the extra 4 bytes of QinQ frames Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 Appendix A Sample Configlets EWS Point to Point with UNI Port Security BPDU Tunneling W EWS Point to Point with UNI Port Security BPDU Tunneling Configuration e Service L2VPN Metro Ethernet e Feature EWS point to point with Port security BPDU tunneling e Device configuration The N PE is a CISCO7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with IOS 12 2 25 EY1 No port security with tunneling L2VPN point to point QinQ UNI Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 OL 10729 01 E Appendix A Sample Configlets HE EWS Point to Point
12. switchport trunk allowed vlan 1 123 567 switchport vlan mapping dotlq tunnel 567 234 779 mac access list extended ISC FastEthernet1 0 5 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any Comments e VLAN translation is only for L2VPN point to point ERS e In this case the 2 1 VLAN translation occurs on the U PE a 3750 It is provisioned on the NNI uplink port e The customer VLAN 123 and the provider VLAN 234 as part of Q inQ are translated to a new provider VLAN 779 Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 I oL 10729 01 ES Appendix A Sample Configlets HE ATM over MPLS VC Mode ATM over MPLS VC Mode Configuration Service L2VPN e Feature ATM over MPLS ATMoMPLS a type of AToM in VC mode e Device configuration The N PE is a CISCO7200 with IOS 12 0 28 S NoCE NoU PE L2VPN point to point ATMoMPLS C7200 ATM2 0 Configlets UP E N PE None interface ATM2 0 34234 point to point pve 213 423 12transport encapsulation aal5 xconnect 99 99 4 99 89025 encapsulation mpls Comments e The N PE is any MPLS enabled router e L2VPN provisioning is on the ATM VC connection Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 nie E OL 10729 01 Appendix A Sample Configlets ATM over MPLS VP Mode Wi ATM over MPLS VP Mode Configurat
13. t storm control storm control storm control spanning tree spanning tree mac access group ISC Fastl cdp stp vtp shutdown threshold shutdown threshold shutdown threshold drop threshold cdp 56 drop threshold stp 64 drop threshold vtp 34 access vlan 775 mode dotiq tunnel nonegotiate port security maximum 34 port security aging time 32 port security violation shutdown port security 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel cdp 88 stp 99 vtp 56 unicast level 34 0 broadcast level 23 0 multicast level 12 0 portfast bpdufilter enable Ethernet1 0 19 in interface FastEthernet1 0 23 no ip address switchport trunk allowed vlan 774 775 787 788 mac access list extended ISC FastEthernet1 0 19 no permit any any deny any host 3456 3456 1234 permit any any switchport trunk allowed vlan 1 451 653 659 766 768 772 773 775 878 l interface Vlan775 no ip address description L2VPN EWS xconnect 99 99 8 99 89029 encapsulation mpls no shutdown e This is the EWS side UNI e N PE is 7600 with an OSM or a SIP 600 module Provisioning is the same as the ERS e The U PE is a generic Metro Ethernet ME switch e PACL with one user defined entry e BPDUs cdp stp and vtp are tunneled through the MPLS core e Storm control is enabled for unicast multicast and
14. vice it does not show up in the associated configlet Note The CLIs shown in bold are the most relevant commands amp Note All examples in this appendix assume an MPLS core Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 Ea OL 10729 01 Appendix A Sample Configlets ERS Point to Point Configuration e Service L2VPN Metro Ethernet e Feature ERS point to point e Device configuration L2VPN point to point ERS Point to Point The N PE is a CISCO7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with 12 2 25 EY1 no port security C3750ME FA1 0 4 FA1 0 23 lt gt C7600 FA8 17 Configlets UP E N PE vlan 772 vlan 772 exit exit l interface FastEthernet1 0 23 interface FastEthernet8 17 switchport trunk allowed vlan 500 772 switchport trunk allowed vlan 1 451 653 659 766 768 772 878 interface FastEthernet1 0 4 no cdp enable interface Vlan772 no keepalive no ip address no ip address description L2VPN ERS switchport trunk allowed vlan 500 772 xconnect 99 99 8 99 89027 encapsulation spanning tree bpdufilter enable mpls mac access group ISC FastEthernet1 0 4 in no shutdown I mac access list extended ISC FastEthernet1 0 4 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0o deny any host 0180 c200 0000 permit any any Comments e The N PE is a 7600 with an OSM or SIP 600 module e The U PE is a
15. witchport trunk allowed vlan 1 123 switchport vlan mapping 123 778 Comments e VLAN translation is only for L2VPN point to point ERS e In this case the 1 1 VLAN translation occurs on the U PE a 3750 It is provisioned on the NNI uplink port e The customer VLAN 123 is translated to the provider VLAN 778 Cisco IP Solution Center Metro Ethernet and L2VPN User Guide 4 2 nia OL 10729 01 Appendix A Sample Configlets ERS with 2 1 VLAN Translation W ERS with 2 1 VLAN Translation Configuration e Service L2VPN Metro Ethernet e Feature ERS with VLAN 2 1 translation e Device configuration The N PE is a CISCO7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a CISCO3750ME with IOS 12 2 25 EY1 VLAN translation on the NNI port uplink L2VPN point to point C3750ME FA1 0 5 GI1 1 1 lt gt C7600 FA8 34 Configlets UP E N PE vlan 567 vlan 779 exit exit l interface FastEthernet1 0 5 interface FastEthernet8 34 no cdp enable switchport trunk allowed vlan 1 778 779 no keepalive l no ip address interface Vlan779 switchport no ip address switchport access vlan 567 description L2VPN ERS 2 to 1 vlan switchport mode dotliq tunnel translation switchport trunk allowed vlan none xconnect 99 99 8 99 89033 encapsulation switchport nonegotiate mpls spanning tree bpdufilter enable no shutdown mac access group ISC FastEthernet1 0 5 in interface GigabitEthernet1 1 1 no ip address
16. with UNI Port Security BPDU Tunneling Configlets UP E N PE system mtu 1522 vlan 775 exit vlan 775 exit interface FastEthernet8 17 switchport trunk allowed vlan system mtu 1522 1 451 653 659 766 768 772 773 775 878 vlan 775 exit 1 interface FastEthernet1 0 19 no cdp enable no keepalive switchport switchport switchport switchport switchport switchport switchport switchport 12protocol 12protocol 12protocol 12protocol 12protocol 12protocol 12protocol 12protocol 12protocol access vlan 775 mode dotiq tunnel nonegotiate port security maximum 34 port security aging time 32 port security violation shutdown port security tunnel cdp tunnel stp tunnel vtp tunnel shutdown threshold tunnel shutdown threshold tunnel shutdown threshold tunnel drop threshold cdp tunnel drop threshold stp tunnel drop threshold vtp storm control unicast level 34 0 storm control broadcast level 23 0 storm control multicast level 12 0 spanning tree portfast spanning tree bpdufilter enable group ISC FastEthernet1 0 19 in mac access interface FastEthernet1 0 23 no ip address switchport trunk allowed vlan 774 775 787 788 mac access list extended ISC FastEthernet1 0 19 no permit any any deny any host 3456 3456 1234 permit any any cdp 88 stp 99 vtp 56 56 64 34 l interface Vlan775 no ip address description L2VPN EWS xconnect 99 99 8 99 89029 encapsulati

Cisco Systems OL-10729-01 User's Manual

Contents

Download Pdf Manuals

Related Search

Related Contents