Implementing MPLS over VLAN trunk

We are investigation the options of running MPLS between our two core switches (C6509 with dual Sup720s) with the aim of introducing MPLS VPNs. These two core switches are linked via a Layer 2 trunk in a collapsed backbone topology.
Is it possible to create a point-to-point MPLS-enabled link between these switches on a VLAN interface between these switches, rather than an a dedicated physical port? It is anticipated that these two core switches will be PE routers (also acting as RRs, if required).

Its possible to run MPLS on any media with IP configurable for it. So till you have IP reachbility on a media, you can run MPLS.
As in your case you can very well run MPLS on an SVI reachable both sides over a trunk.
But as a after thought, why do you want to do this, although its possible, why do you want to carry other vlans on the same trunk which also carrier the internconnect vlan for the PE's.
HTH-Cheers,
Swaroop

Similar Messages

Dynamic WDS Discovery over VLAN-Trunk

Hi i have two wds ap each connected to a trunk-port. each has its bvi 1 interface connected to int f0.201 which is mapped to vlan 201. i can access the accesspoint by telnet, but the either do not exchange wlccp information, so everyone ends up as Standalone WDS. If i send updates on f0.201 they exchange wlccp information, but they stock in INIT-Phase. Here my config and the sh wlccp wds:
dot11 vlan-name SVL-WDSC24 vlan 201
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.0.201.2 255.255.255.0
no ip route-cache
wlccp wds priority 2 interface f0.201
WDSP57-1U-11-03#sh wlccp wd
MAC: 0013.7f24.36e2, IP-ADDR: - , Priority: 2
Interface FastEthernet0, State: INITIALIZATION
Does anyone have a guess?
thanks, regards dave

Unfortunately the Aironet's Cisco IOS supports BVI interface only on native VLANs.
You have to configure "encapsulation dot1Q 201 native" on the FastEthernet0.201 subinterface and then you should modify coherently the configuration on the switching infrastructure.
Regards,
Fabrizio

VLAN trunk via MPLS

Is it possible to run a VLAN trunk (DOT1Q) from a Central site to a remote over a MPLS connection?

You can do that either by using dot1q tunnelling or port based EoMPLS. For a description of these two features, please refer to the following document:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5013/products_feature_guide09186a0080088187.html
Hope this helps,

Implementing SAN over MPLS

Hello,
we have 2 datacenter (backup), we need to implement SAN over MPLS (perhaps with copper : G.SHDSL, or FO ), is it possible ?
and how can we interconnect the 2 MDS, (through our WAN connexion, router, firewall, IPS...?) or connect directely the MDS to IP MPLS (without other equipment, in this case is it secured ?), with witch interterfaces we interconnect 2 MDS via MPLS?

MPLS networks can pose a challenge for FCIP
If you do implement FCIP over MPLS, be sure to monitor for out of order TCP packets on the FCIP interfaces. Within an MPLS network, individual FCIP packets may take different paths though the network based on the current network load. This could lead to TCP packets arriving at the destination FCIP interface out or order in some instances. OOO (out of order) packets can lead to decreased performance. I have seen a few MDS install decide to use static routing within the MPLS network to avoid a high % of OOO.
The CLI command to monitor for OOO is
show ips stats tcp interface gigabit x/y detail
Under TCP receive stats, look for Out of Order packets. Be sure to monitor both ends. You might see OOO is 1 direction, and not the other.
Hope this helps,
Mike

Implementing HREAP over WLAN

Gday All,
Trying to implement HREAP over WAN between main and remote site. The WLC4402 is on main site. There will be a secondary DHCP at the remote site. Does the switch at the remote site any preparation?
Thank You,
Shankar Pariyar

have you already configured the AP for HREAP and the native VLAN?
if you have, then you only need to make the switchport a trunk, with the correct native vlan set. you should aslo prune the VLAN that do not need to be allowed to the wireless users.
If you havn't configured the AP yet.
You can have the AP be on a trunk port, with the native VLAN set, as the AP won't be sending a tag at this point. Once the AP joins, change the mode to HREAP, set the native VLAN.
HTH,
Steve
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

Encrypting vlan-trunk traffic between switches

Hi,
Can anyone guide me to some papers or other resources on how to encrypt traffic between 2 switches. The switchces will be connected with fiber and use dot-1q tagging. And I wan't to encrypt all of the trunked traffic.
I was thinking of L2TP, but I haven't found any good description on how to implement this. I have two 3750 switches I thought I might use.
Thanks for any input,
Regards,
Oyvind Mathiesen
mnemonic
Norway

Hi,
Thanks for the response. I had a look at MACsec and it looks good. I would have liked to employ something P2P though, to also limit the ammount of MAC addresses broadcasted on the "wire". But let me first give you an understanding of the task:
We have two sites, connected via fibre and we want to create a VLAN trunk across and order to expand the broadcast domains to te other site.
The IDIOT carrier, has a limitation on the number of MAC addresses they allow on the fibre service, 100.
We also need to encrypt the datatraversing this connectivity.
MACsec wuold work 100% exept the source and dstination MAC addresses are still sent (at least according to https://docs.google.com/viewer?a=v&q=cache:LEf2qOmYZyYJ:www.ieee802.org/1/files/public/docs2011/bn-hutchison-macsec-sample-packets-0511.pdf+&hl=en&gl=za&pid=bl&srcid=ADGEESgmAHXpDOY0RBAE-Rv1HDpu_C_gkeSPN4cv6NGgyP0M1aXVu0UqzCfxo8t_P41ep6J37k4OLKnjfp1M9hoTDHxY22WGz2h7yB7YRLyPvRUbGS8TICzvEMlG92xqbhy6RWFugmnj&sig=AHIEtbTfu0LQIJejdYidE6yzq4lpPifxjQ
And that would cause me to eat into the 100 MAC limit.
Ridiculous I know, but we are looking for an out-of-the-norm plan...
Thanks

MPLS over encryption

Hello Friend,
Need ur help on MPLS over-relay setup encryption.
I have 10sites across world which will connect via MPLS, were ISP will participate in customer routing they will do the optimized routing.
CE routers are managed my ISP, i need to encrypt the data before entering into the MPLS cloud and decrypt the data when its entering the other end LAN.
Basically looking for encryption between CE to CE is there is any way to do this?????
Regards,
Naren

Hello Naren,
CE to CE encryption is not a problem.
As discussed in a recent thread you can use DMVPN or GETVPN to implement a mesh of encrypted communication tunnels between different CE sites.
For DMVPN you can refer to the solution reference network design
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html
another design guide for enterprise using MPLS L3 VPN services
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/ngwane.html
I've tested DMVPN over an MPLS L3 VPN and it works well.
GETVPN is a more recent security framework that can be considered too
Hope to help
Giuseppe

MPLS over GRE tunnles

HI : Are there any MTU issues of running MPLS over GRE tunnels??
what will be the MTU size ?
thnak you

GRE has an overhead of 24 bytes, and can directly interfere with the MPLS overhead. The MTU associated with an MPLS packet is broken down like so:
Ethernet Payload - 1500
802.1q header - 18
AToM Header - 4 (Required for ATM and FR only)
AToM Label - 4
LDP Label - 4
TE Label - 4
MPLS Fast Reroute - 4
Total = 1538
Granted, you may not configure all of those features above into your MPLS network, this is a good baseline to use for the MPLS MTU. You need to configure the core network to accept an MTU of at least 1538 bytes, without GRE.
You need to ensure that your GRE tunnels can support an MTU greater than 1562 if you plan to implement additional MPLS features like TE and AToM.

Difrence between ... MPLS over Frame-Relay ATM

Hai all,
Sorry to ask very basic quiestion ..can some one tell what is the difrnce and advantage of MPLS over ATM and Frame-Relay ......pls provide me a better link ..for refrnce
Thanks in advance
Lijesh

MPLS over ATM or MPLS over Frame-Relay it's not good idea, because if you use cell-mode labeling, you find someone limitation at this technology. DLCI and VPI/VCI value at this protocols it's not have large space. If you know how operate cell-mode, try to look at just for sample bits length with DLCI value at Frame-Relay protocol or VPI/VCI value at ATM protocolâ¦ Of course you can use same cheat like VCI-merge, but I think it's not very good idea.
Building new network infrastructure at this protocols it's not good ideaâ¦ It's good idea to fast implement MPLS technology in old network infrastructure build with this protocols (just for sample, you can linked ATM forwarding plane and MPLS forwarding plane (in this situation you can abandon to use fixed configuration VPI/VCI for IP network and can use benefits offered ATM technology with MPLS)), but not for new network infrastructure. If you need to offer services with this protocols, you can use Any Transport Over MPLS technology.
For more information look at this page - http://www.cisco.com/en/US/tech/tk436/tk798/tsd_technology_support_protocol_home.html

SG200-08 VLAN-trunk setting ignored after reboot

Hi all,
The ports on my SG200-08 are configured as follows:
Port 1; VLAN 1+4; trunk
Port 2; VLAN 4; access
Port3-8; VLAN 1; access
The config for Port 1 looks as follows: "switchport trunk allowed vlan add 1,4". The problem I want to point out here arises right after rebooting the switch; in the running config, the aforementioned line is now present as "switchport trunk allowed vlan add 4", i.e., VLAN 1 is missing in the trunk. The problem is reproducible every time I reboot the switch. At this moment, I assume it to be a bug in the firmware. This is a problem for me, since the switch's management VLAN is 1 and it gets its IP address (DHCP) over VLAN 1 as well.
I have attached my startup config to this thread, as well as the running config exported right after reboot. In both of them, I've sanitized the rows on user accounts.
Does anyone recognize this problem? Any suggestions on how to fix it?

Hi chrebert,
Thanks for your answer. You're right in concluding the VLAN 1 is my default VLAN. The problem is that the switch should contact my DHCP server over VLAN 1 and since the traffic on port 1 is not tagged, the traffic DHCP request will never reach my DHCP server. As a consequence, the switch always ends up with its factory default IP address (192.168.1.254) instead of the IP address assigned by the DHCP server. And yes, that's a problem
So to summarize, when I configure tagged access for VLAN 1 on port 1 and write this to the startup config, it is indeed present in the startup config afterwards. However, the switch ignores this upon reboot, causing VLAN 1 on port 1 to feature untagged access.
By the way, I completely set up the switch from scratch after restoring the config to factory defaults. It would be great if you could try to reproduce the issue and hopefully come with a fix. In case you need more information, please don't hesitate to contact me.

MPLS over ATM encapsulation

Hello,
During I was doing an MPLS interoperability test between our ATM-LER and Cisco 7204 router, I found an implementation difference wrt MPLS over ATM encapsulation between two systems. Our system encapsulates an MPLS packet with null shim label(=0), while Cisco router does it with non-null shim label(!= 0), I guest it may be a VCD value that is internally used in Cisco system. I think that an MPLS over ATM packet should be encapsulated with null label value in the top shim header in accordance with RFC 3035 described below.
"If the packet has a label stack with n entries, it MUST carry a shim with n entries. The actual value of the top label is encoded in the VPI/VCI field. The label value of the top entry in the shim (which is just a "placeholder" entry) MUST be set to 0 upon transmission, and MUST be ignored upon reception. The packet's outgoing TTL, and its CoS, are carried in the TTL and CoS fields respectively of the top stack entry in the shim."
Any response will be greatly appreciated.
Best regards,
Yongjun.

No, I'm NOT requesting a new feature, but talking about compliance with
the MPLS standard, RFC 3035, "MPLS using LDP and ATM VC Switching". What I'm saying is that Cisco router sends an MPLS packet on LC-ATM interface with a VCD (some sort of connection identifer in Cisco router) value set on the top-of-stack label, while the standard specifies the top-of-stack label should be used only for a placeholder and thus MUST be set to '0'. To my best knowledge, most of edge ATM-LSR systems set the top label value to '0' in accordance with RFC 3035. If the ingress edge ATM-LSR (Cisco) forwards an MPLS packet with non-zero label on the top-of-stack, then the egress ATM-LSR has two choices, one is just to ignore the non-zero label value, (causing no problem), the other is to discard the MPLS packet because the top-of-stack label should have been zero and non-zero is invalid. If any implementation selects the latter option, it may not be possible to interoperate with Cisco system through LC-ATM interface.
Regards,
Yongjun.

Routing over a trunk

I have a packet tracer lab that i am using to learn my CCNA on.
I have 2 sites connected together by layer 3 switches and i cannot ping between the sites.
The trunk is vlan10 with addresses on each side of 1.1.1.1/30 and 1.1.1.2/30
From each switch i can ping the other side.
I have some machines on 192.168.100.0/24 in Vlan 20
and machines on the other switch on 10.0.10.0/25 Vlan 30
From Vlan20 i can ping the local side of Vlan 10 and the same from Vlan 30 but i cant ping over the trunk.
Can anyone give me a hint as to why not?
SWITCH 1
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname ScunthorpeSwitch
enable secret 5 *****
ip routing
interface FastEthernet0/1
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
interface FastEthernet0/24
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
no ip address
interface Vlan10
ip address 1.1.1.2 255.255.255.252
interface Vlan30
ip address 10.0.10.253 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/24
VLAN Name Status Ports
1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Gig0/1, Gig0/2
10 FIRBELINK active
20 SHEFFIELD active Fa0/2
30 SCUNTHORPE active Fa0/3
40 SERVERS active
1002 fddi-default act/unsup
ScunthorpeSwitch#sho interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-1005
Port Vlans allowed and active in management domain
Fa0/24 1,10,20,30,40
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,10,20,30,40
SWITCH 2
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname "Sheffield Switch"
enable secret 5 **************
ip routing
username ***** password 0 ********
no ip domain-lookup
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
interface FastEthernet0/3
switchport mode access
shutdown
interface FastEthernet0/24
description FIBER BETWEEN SITES
no switchport
no ip address
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan10
ip address 1.1.1.1 255.255.255.252
interface Vlan20
ip address 192.168.100.250 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/24
banner motd ^C
******* , Do Not Enter ****** ^C
VLAN Name Status Ports
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Gig0/1, Gig0/2
10 FIRBELINK active
20 SHEFFIELD active Fa0/1, Fa0/2
30 SCUNTHORPE active
40 SERVERS active
Sheffield Switch#sho interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-1005
Port Vlans allowed and active in management domain
Fa0/24 1,10,20,30,40
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1

You have no routing protocol running so the L3 switches only know about connected and static routes. The only static route you have is the default:
ip route 0.0.0.0 0.0.0.0 FastEthernet0/24
The interface you tell it to use is a L2 interface, so you're effectively not routing with that default. If you create an SVI (Layer 3 switched virtual interface) for each VLAN on all the switches (i.e. add interfaces for VLAN 20 on switch 1 and VLAN 30 on switch 2), it will work. also if you made the default route on each switch be the other switch's VLAN 10 L3 interface, that would also work.
You could also setup actual routing like OSPF or EIGRP but that's outside the scope for CCNA practice.

CE-500 VLAN trunks

I have not been able to configure a VLAN trunk at a CE-500. I configure the port using CNA as router and specify the native VLAN, but I do not know where to specify the allowed VLANs. The port is connected to a Cisco Router with sub-interfaced configured. When I click on "modify" the smartport, an small windows quicky opens and closes, only leaving an option for the native VLAN. What am I doing wrong? How do I specify a port as a trunk port?
Thanks a lot for the help.
Juan S

I believe you are aware of creating the standard Cisco IOS procedure for creating VLAN trunks.
under the interface configuration mode, in which you need to create a trunk,
switchport mode trunk
switchport mode trunk encapsulation isl/dot1q
switchport mode trunk native vlan
switchport mode trunk allowed vlans
But if you are already using these commands correctly, still you have the problem, I want you to let me know the following informations.
1. What error message you receive at the console while implementing trunking?
2. What is the other end device with which you are trying to establish trunk?.

Welcome to the MPLS over ATM Discussion

Welcome to the Cisco Networking Professionals Connection Service Provider Forum. This conversation will provide you the opportunity to discuss issues surrounding MPLS over ATM. We encourage everyone to share their knowledge and start conversations on issues such as Frame-based MPLS networks, multiservice networks, VPN scalability, multiple service classes, multicast, VoIP and any other topic concerning MPLS over ATM.
Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
We encourage you to tell your fellow networking professionals about the site. If you would like us to send them a personal invitation simply send their names and e-mail addresses along with your name to us at [email protected]

This is easily done with dial peer statements . The dial peer in your originating router must route the calls to the terminating router first. That would look like :
dial-peer voice xxxxx voip ( the xxxxx is just a tag)
destination-pattern 45... (that would route any 5-digit calls beginning with 45)
session-target ipv4:xxx.xxx.xxx.xxx (ip address of the terminating router)
If digitones are to be dialed after the connection is established, use the statement:
dtmf-relay-h.245-alphanumeric
You could also use a statement to specify the codec to be used:
codec g711ulaw
You would need multiple voip dial peers if the calls were going to different routers based on the dialed digits. If all calls are sent to the same terminating router, use all wild cards in the dest-pattern statement.
At the terminating router configure pots dial peers:
dial-peer voice xxxxx pots
dest-pattern 45...
port x/x (whichever port the call is to be terminated on)
prefix 45 (this re-inserts matched digits which are stripped off by the pots dp)
Repeat for other ports which will receive calls.
Paul

How to implement VoIP over SIP in J2ME

Hi All,
This is kapil from India and i want to implement VoIP over SIP in j2me.Any help will be appreciated.
I know about SIP API in J2ME. I want to use VoIP over it.Please help.I will be grateful to you.
regards
kapil

Why don't you give us the money your Boss pays you.. then we'll see what can be done ;)
Seriously, it might be smart to start your own research first. Check out what VoiP and SIP are all about, and the check how it fits into J2me.

Implementing MPLS over VLAN trunk

Similar Messages

Maybe you are looking for