Cisco Systems OL-10729-01 User Manual
APPENDIX
A
Sample Configlets
This appendix provides sample configlets for L2VPN and Metro Ethernet service provisioning in ISC.
It contains the following sections:
• Overview, page A-1
• ERS (Point-to-Point), page A-3
• ERS (Point-to-Point) with UNI Port Security, page A-4
• EWS (Point-to-Point), page A-6
• EWS (Point-to-Point) with UNI Port Security, BPDU Tunneling, page A-7
• EWS Hybrid, page A-9
• VPLS (Multipoint) ERS, page A-12
• VPLS (Multipoint) EWS with BPDU Tunneling, page A-13
• ERS with 1:1 VLAN Translation, page A-14
• ERS with 2:1 VLAN Translation, page A-15
• ATM over MPLS (VC Mode), page A-16
Overview
OL-10729-01
• ATM over MPLS (VP Mode), page A-17
• Frame Relay over MPLS, page A-18
• Frame Relay (DLCI Mode), page A-19
The configlets provided in this appendix show the CLIs generated by ISC for particular services and
features. Each configlet example provides the following information:
• Service
• Feature
• Devices configuration (network role, hardware platform, relationship of the devices and other
relevant information)
• Sample configlets for each device in the configuration
• Comments
Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2
A-1
Overview
Appendix A Sample Configlets
Note The configlets generated by ISC are only the delta between what needs to be provisioned and what
currently exists on the device. This means that if a relevant CLI is already on the device, it does not show
up in the associated configlet.
Note The CLIs shown in bold are the most relevant commands.
Note All examples in this appendix assume an MPLS core.
A-2
Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2
OL-10729-01
Appendix A Sample Configlets
ERS (Point-to-Point)
Configuration • Service: L2VPN/Metro Ethernet
• Feature: ERS (point-to-point)
• Device configuration:
–
The N-PE is a CISCO7600 with IOS 12.2(18)SXF, Sup720-3BXL
–
The U-PE is a CISCO3750ME with 12.2(25)EY1, no port security
–
L2VPN point-to-point.
–
C3750ME (FA1/0/4 – FA1/0/23) <–> C7600 (FA8/17)
ERS (Point-to-Point)
Configlets
Comments
UP-E N-PE
vlan 772
exit
!
interface FastEthernet1/0/23
switchport trunk allowed vlan 500,772
!
interface FastEthernet1/0/4
no cdp enable
no keepalive
no ip address
switchport trunk allowed vlan 500,772
spanning-tree bpdufilter enable
mac access-group ISC-FastEthernet1/0/4 in
!
mac access-list extended
ISC-FastEthernet1/0/4
deny any host 0100.0ccc.cccc
deny any host 0100.0ccc.cccd
deny any host 0100.0ccd.cdd0
deny any host 0180.c200.0000
permit any any
• The N-PE is a 7600 with an OSM or SIP-600 module.
• The U-PE is a generic Metro Ethernet (ME) switch. Customer BPDUs are blocked by the PACL.
vlan 772
exit
!
interface FastEthernet8/17
switchport trunk allowed vlan
1,451,653,659,766-768,772,878
!
interface Vlan772
no ip address
description L2VPN ERS
xconnect 99.99.8.99 89027 encapsulation
mpls
no shutdown
OL-10729-01
Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2
A-3
ERS (Point-to-Point) with UNI Port Security
ERS (Point-to-Point) with UNI Port Security
Configuration • Service: L2VPN/Metro Ethernet
• Feature: ERS (point-to-point) with UNI port security
• Device configuration:
–
The N-PE is a CISCO7600 with IOS 12.2(18)SXF, OSM
–
The U-PE is a CISCO3550 with IOS 12.2(25)SEC2. Port security is enabled.
–
L2VPN point-to-point
–
C3550ME (FA3/31– FA3/23) <–> C7600 (FA2/18)
Appendix A Sample Configlets
Configlets
UP-E N-PE
vlan 788
exit
!
interface FastEthernet3/23
no ip address
switchport trunk allowed vlan 783,787-788
!
interface FastEthernet3/31
no cdp enable
no keepalive
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan none
switchport trunk allowed vlan 788
switchport port-security
switchport nonegotiate
switchport port-security maximum 45
switchport port-security aging time 34
switchport port-security violation shutdown
switchport port-security mac-address
3456.3456.5678
spanning-tree bpdufilter enable
mac access-group ISC-FastEthernet3/31 in
!
mac access-list extended
ISC-FastEthernet3/31
deny any host 0100.0ccc.cccc
deny any host 0100.0ccc.cccd
deny any host 0100.0ccd.cdd0
deny any host 0180.c200.0000
deny any host 1234.3234.3432
permit any any
vlan 788
exit
!
interface FastEthernet2/18
switchport trunk allowed vlan
350,351,430,630,777,780,783,785-788
!
interface Vlan788
no ip address
description L2VPN ERS with UNI port
security
xconnect 99.99.5.99 89028 encapsulation
mpls
no shutdown
Comments
A-4
• The N-PE is a 7600 with an OSM or SIP-600 module.
• The U-PE is a generic Metro Ethernet (ME) switch. The customer BPDUs are blocked by the PACL.
• Various UNI port security commands are provisioned.
Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2
OL-10729-01
Appendix A Sample Configlets
• A user-defined PACL entry is added to the default PACL.
ERS (Point-to-Point) with UNI Port Security
OL-10729-01
Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2
A-5
EWS (Point-to-Point)
EWS (Point-to-Point)
Configuration • Service: L2VPN/Metro Ethernet
• Feature: EWS (point-to-point)
• Device configuration:
–
The N-PE is a CISCO7600 with IOS 12.2(18)SXF, Sup720-3BXL
–
The U-PE is a CISCO3750ME with IOS 12.2(25)EY1. No port security, no tunneling.
–
L2VPN point-to-point
–
QinQ UNI
–
C3750ME (FA1/0/20 – FA1/0/23) <–> C7600 (FA8/17)
Appendix A Sample Configlets
Configlets
Comments
UP-E N-PE
system mtu 1522
!
vlan 774
exit
!
interface FastEthernet1/0/20
no cdp enable
no keepalive
switchport
switchport access vlan 774
switchport mode dot1q-tunnel
switchport nonegotiate
spanning-tree portfast
spanning-tree bpdufilter enable
!
interface FastEthernet1/0/23
no ip address
switchport trunk allowed vlan 774,787-788
• The N-PE is a 7600 with a OSM or SIP-600 module. Provisioning is the same as the ERS example.
• The U-PE is a generic Metro Ethernet (ME) switch.
• No PACL provisioned by default. BPDU can be tunneled if desired.
• The system MTU needs to set to 1522 to handle the extra 4 bytes of QinQ frames.
vlan 774
exit
!
interface FastEthernet8/17
switchport trunk allowed vlan
1,451,653,659,766-768,772,773-774,878
!
interface Vlan774
no ip address
description L2VPN EWS
xconnect 99.99.8.99 89029 encapsulation
mpls
no shutdown
A-6
Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2
OL-10729-01
Loading...