MPLS Config on RV042
Hello all,
I am having 2 offices. 1 is my headoffice & other is my Branch Office.
I am having MPLS Connectivity at both ends & Internet Connectivity at Head office.
I am Having Cisco RV042 Routers at both ends. At my Head Office I terminated MPLS & Internet Link on RV042 & then i am having CISCO ASA 5510 Firewall.
I want to connect my 2 offices using MPLS & want my Branch office should get internet connetivity from my Headoffice Only Through MPLS.
& As i am having ASA 5510 a @ my Head office I want my Branch office traffic should follow the rules appliedin ASA Which is @ my Head office.
Head office LAN : 192.168.0.0/24
Branch Office LAN : 192.168.1.0 /24
Please Help me....
indy suggests you chat online with a engineer, which is a good idea.
Since you have both RV042 communicating on a MPLS network. and there is no need for the routers to anything but route then I am wondering if the RV042 are in gateway mode (the default) or router mode ?
Router mode will disable the NAT and firewall (i believe) and just allow IP routing between the two networks. I think this is the better mode for just routing between networks. Allow the ASA to perform the NATting and firewall.
A default route at the far end router and a static route pointing to the remote router . I have no idea of the gateway adresses or RV042 WAN addresses, so my screen capture below of the HQ router looks a but exaggerated. The HQ router also needs a default route that point to the ASA5505 as the next hop. But your question lacks a topology diagram that better explains your setup.
I have shown a screen capture using old software on the RV042 that shows the section you may have to adjust.
At least it's something to think about and try, before you chat with a technician
regards Dave
Similar Messages
-
I want to create one scenario using L3 VPN MPLS.Can any one tell me what config is require on R1,R2,R3,R4 in MPLS cloud.
So that i can ping CE2 from CE1.
Pls find the attachment.
Thanx.....Hello Arjun,
the following steps are required:
a) building the network infrastructure using an IGP: for example OSPF
Allocate /32 loopbacks on all R1-R4.
For example:
Ri : Loop0 ip address 10.250.250.i/32
int loop0
ip address 10.250.250.i 255.255.255.255
desc loop used as LDP router-id, BGP RID
network infrastructure:
let's suppose we use 10.10.10.0/24 with subnettting for all backbone links between R1-R4
OSPF config
router ospf 10
router-id 10.250.250.i
network 10.10.10.0 0.0.0.255 area 0
network 10.250.250.i 0.0.0.0 area 0
verify you can ping from loopback to loopback using extended ping
b) enable MPLS on all routers
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loop0 force
on all backbone interfaces with ip addresses in 10.10.10.0/24 add
int type x/y
mpls ip
verify again connectivity of loopbacks
verify with
sh mpls forwarding 10.250.250.i
what action is associated to each loopback
c) enable iBGP multiprotocol
let's use AS 65000
router bgp 65000
bgp router-id 10.250.250.i
no bgp default ipv4-unicast
neigh 10.250.250.j remote-as 65000
neigh 10.250.250.j update-source loop0
! do it for all three other routers
address-family vpnv4
neigh 10.250.250.j activate
neigh 10.250.250.j send-community both
! again do this for all three routers
use
sh ip bgp vpvn4 all summary to check
every router should see 0 prefixes from the other three
d) create the VRF
ip vrf TEST
rd 65000:101
route-target export 65000:1001
router-targer import 65000:1001
associate the link to CE with the VRF
int type x/y
ip vrf forwarding TEST
! caution you need to retype the ip address command as desired
router bgp 65000
address-family ipv4 vrf TEST
red connected
no sync
do this on both R1 and R2
now if you do
sh ip bgp v a s you should 1 prefix advertised by R1 and 1 by R2.
Note:
there can be some syntax errors
I wrote on the fly
Edit:
to be able to ping from LAN to LAN you need to decide how PE and CE should communicate.
the simplest solutions are:
static routes
or an eBGP session to be configured on the PE side under
router bgp 65000
address-family ipv4 vrf TEST
for static routes:
red static
for eBGP session:
neighbor CE-address remote-as 65200
for static routes the keyword vrf TEST has to be added to the command
Hope to help
Giuseppe -
This is driving me insane, it's not a difficult problem, I have a loopback in the VRF on both cores, configurations were copy and pasted to ensure they were identical, BGP peer's are up, redistribution is working fine, but I cannot ping between the loopbacks!
I have 2 6509's, connected with a 802.1q trunk
Configuration:
ip vrf Testing
rd 111:1
route-target both 111:1
int vlan 400
ip address 10.65.65.2 255.255.255.0
mpls ip
int loopback 0
ip address 10.65.64.255
router eigrp 64
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
address-family ipv4 vrf Testing
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
default-metric 10000 100 255 1 1500
autonomous 111
redistribute bgp 65064
router bgp 65064
no auto-summ
no synch
network 0.0.0.0
neighbor R peer-group
neighbor R remote-as 65064
neighbor R update-source loop 0
neighbor 10.65.64.254 peer-group R
address-family vpnv4
neighbor 10.65.64.254 peer-group R
neighbor R send-community both
address-family ipv4 vrf Testing
no auto-summ
no synch
redistribute eigrp 111
int loopback 99
ip vrf forward Testing
ip address 10.111.1.1 255.255.255.0
Router 1:
show ip bgp neighbor:
BGP neighbor is 10.65.64.254, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.254
BGP state = Established, up for 03:36:33
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 2 1 (Consumes 68 bytes)
show ip route vrf Testing:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.111.2.0 is directly connected, Loopback99
C 10.111.22.0 is directly connected, Loopback98
B 10.111.1.0 [200/0] via 10.65.64.254, 03:38:30
show mpls ldp neigh:
Peer LDP Ident: 10.65.64.254:0; Local LDP Ident 10.65.64.255:0
TCP connection: 10.65.64.254.646 - 10.65.64.255.36970
State: Oper; Msgs sent/rcvd: 793/795; Downstream
Up time: 02:12:39
LDP discovery sources:
Vlan400, Src IP addr: 10.65.65.3
Router 2:
show ip bgp neighbor:
BGP neighbor is 10.65.64.255, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.255
BGP state = Established, up for 03:39:34
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 1 2 (Consumes 136 bytes)
Prefixes Total: 1 3
Implicit Withdraw: 0 1
Explicit Withdraw: 0 0
Used as bestpath: n/a 2
Used as multipath: n/a 0
show ip route vrf Testing:
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
B 10.111.2.0 [200/0] via 10.65.64.255, 03:41:22
B 10.111.22.0 [200/0] via 10.65.64.255, 02:35:31
C 10.111.1.0 is directly connected, Loopback99
From router 2:
R2#ping vrf Testing 10.111.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R2#ping vrf Testing 10.111.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.2.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)Thanks for the reply, even with specifying a source address within the VRF I am unable to successfully ping.
R1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 111:1 (Testing)
10.111.1.0/24 10.65.64.254 nolabel/26
10.111.2.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
10.111.22.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
The forwarding detail is actually a large output (several hundred interfaces active on this router), so I grabbed the Testing VRF and a random label:
26 Pop Label IPv4 VRF[V] 0 aggregate/Testing
MAC/Encaps=0/0, MRU=0, Label Stack{}
VPN route: Testing
No output feature configured
31 No Label 10.6.16.0/24 0 Po1 10.64.1.254
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 0 4 8 12
No Label 10.6.16.0/24 0 Vl488 10.66.80.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 1 5 9 13
No Label 10.6.16.0/24 0 Vl493 10.66.85.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 2 6 10 14
No Label 10.6.16.0/24 0 Vl505 10.66.97.3
MAC/Encaps=14/14, MRU=1504, Label Stack{}
0024509DE8000023EA356C000800
No output feature configured
Per-destination load-sharing, slots: 3 7 11 15
R1#show mpls int detail
Interface Vlan400:
IP labeling enabled (ldp)
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500
R1#show ip cef vrf Testing 10.111.1.1 detail
10.111.1.0/24, epoch 3, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.254 label 26
nexthop 10.64.1.254 Port-channel1 unusable: no label
R2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 111:1 (Testing)
10.111.1.0/24 0.0.0.0 IPv4 VRF Aggr:26/nolabel(Testing)
10.111.2.0/24 10.65.64.255 nolabel/26
10.111.22.0/24 10.65.64.255 nolabel/26
26 Pop Label IPv4 VRF[V] 0 aggregate/Testing
MAC/Encaps=0/0, MRU=0, Label Stack{}
VPN route: Testing
No output feature configured
37 No Label 10.6.124.0/24 0 Se7/1/1 point2point
MAC/Encaps=4/4, MRU=4474, Label Stack{}
0F000800
No output feature configured
R2#show mpls int detail
Interface Vlan400:
IP labeling enabled (ldp)
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500
R2#show ip cef vrf Testing 10.111.2.1 detail
10.111.2.0/24, epoch 5, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.255 label 26
nexthop 10.64.1.253 Port-channel1 unusable: no label -
Hello,
I have the a problem, when I do a upgrade of a SMB RV042 and the PC that contain the upgrade file is in the same segment of the RV042 the upgrades is succesfull, but when the PC is in another subnet, upgrade fails.
There are conectivity betwen the two subnets and there are not a firewall.
Someone knows why?Thank tekliu,
I do the proccess by the port LAN, the RV042 has a route to reach the diferent subnet.
The config is:
RV042,
LAN port: 10.23.1.1
Internet port: 192.168.1.1 - This segment is asigned by the ISP
Default gateway: 192.168.1.254
route: 10.201.120.0 to 10.23.1.2
Router Cisco 1841, this router has the two subnets
Fa0/1
ip add 10.23.1.2 255.255.255.0
Fa0/0
ip add 10.201.120.1 255.255.255.0
And my PC has 10.201.120.12, DG: 10.201.120.1
In this configuration the upgrade fail, when the PC is in 10.23.1.x the upgrade is sucessfull -
Is MPLS possible on a 1721?
hi all!
is it possible to use MPLS with a Cisco 1721?
If it is possible, what featureset shoud i use?
How could a MPLS-Config look like?
I hope you can help me!
thx
RichardMPLS is not supported on 1721 .
Go to Feature Navigator tool at
www.cisco.com/go/fn .
Select "MPLS" as a feature. FN will show you all
supporting plattforms, IOS versions and feature sets.
Cheers
Andreas -
VPN between RV042 and Cisco 2801
HI
Kindly help me out. I'm configuring a p2p vpn between a cisco 2801 with IOS 12.3 and a linksys RV042. I'm getting following error on Linksys and Cisco respectively.
[Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Dec 19 02:40:42 2011
VPN Log
Received informational payload, type NO_PROPOSAL_CHOSEN
dst src state conn-id slot status
x.x.x.x x.x.x.x MM_NO_STATE 0 0 ACTIVE
Below are my config:
Linksys RV042:
Keying Mode: IKE with Preshared Key
Phase1 DH Group: Group2
Phase1 Encryption: 3DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect forward secrecy : enabled
Phase2 DH Group: Group2
Phase2 Encryption: 3DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 28800
Preshared Key: xxxxxx
Cisco 2801:
crypto isakmp policy 11
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key xxxxxx address xxxxxx
no crypto isakmp ccm
crypto ipsec transform-set STRONGER esp-3des esp-md5-hmac
crypto map myvpn 10 ipsec-isakmp
set peer xxxxxx
set transform-set STRONGER
set pfs group2
match address 103
interface FastEthernet0/0
ip address 10.0.0.56 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1
ip address xxxx xxxx
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
crypto map myvpn
ip nat pool branch xxxxxx xxxxx netmask 255.255.255.240
ip nat inside source route-map nonat pool branch overload
access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 deny ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 permit ip 10.0.0.0 0.0.0.255 any
snmp-server community public RO
route-map nonat permit 10
match ip address 110
Rgards
SAMHi,
It looks like you are using the default hash for the crypto isakmp policy and that your connection is failing on the phase 1 negotiation. The default hash on the crypto isakmp policy is sha. On the 2801 try adding hash md5.
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
Let me know if that helps.
Thank you,
Jason NIckle -
RV082 Firewall stops some intended traffic
Setup:
Public address on WAN1 of RV082
LAN1 on LAN of RV082 in gateway mode.
LAN1
MPLS link via RV042#1 and RV)42#2 on "interim" LAN2
LAN1 on WAN1 of RV042#1 in router mode.
LAN2 on LAN of RV042#1
(link)
LAN2 on WAN1 of RV042#2 in router mode.
LAN3 on LAN of RV042#2.
LAN3
All LANs have private addresses
"I think* With type 2 hardware, this sort of arrangement seemed to work OK.
With type 3 hardware in the RV082, if the firewall is turned on then internet traffic to LAN1 works fine as expected.
But traffic to LAN3, while working from LAN1 just fine, is blocked from internet communications.
Any suggestions why or how to deal with it?Hello Te-Kai Liu,
I tried to set up rules as you explained in a RV042 using the latest available firmware and configured as gateway.
Unfortunately things do not seem to work as expected. I want to be able to accept and forward ssh connections originated from ip1 only. An ssh connection from a different ip address must be rejected. So I setup:
- port 22 forwarding to my internat ssh server, it works
- a first rule (priority 1) allowing ssh requests from ip1 on port wan1`to be accepted. More precisely:
Priority
1
Enable
Yes
Action
Allow
Service
SSH [22]
Source Interface
WAN1
Source
ip1~ip1
Destination
wan1_ip~wan1_ip
Time
Always
- a second rule (priority 2) denying any ssh on port wan1:
Priority
2
Enable
Yes
Action
Deny
Service
SSH [22]
Source Interface
WAN1
Source
any
Destination
wan1_ip~wan1_ip
Time
Always
With this configuration, every external ip (and not only ip1) get ssh redirected, so it's not filtered out.
If I modify the DENY rule changing Destination from "wan1_ip~wan1_ip" to "any" (I don't even know if such a rule is meaningful), then EVERY ip (including ip1) get discarded when trying to ssh-connect.
So I'm unable to setup proper ip-based firewalling. Can you help please?
Thanks a lot,
Alberto -
About AToM (pe to pe)
7304做MPLS配置:MPLS VPN三层没有问题,二层VPN建立VC有问题,无法解决!!!请求关注!!!
Router#sh run
Building configuration...
Current configuration : 1802 bytes
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable password xxxx
hostname Router
logging snmp-authfail
logging queue-limit 100
ip subnet-zero
no ip domain-lookup
ip cef
ip vrf xjccw
rd ....
route-target export ....
route-target import ....
mpls ldp logging neighbor-changes
interface Loopback0
ip address 10.254.254.200 255.255.255.255
no ip route-cache
no ip mroute-cache
interface FastEthernet0
no ip address
no keepalive
shutdown
duplex auto
speed auto
interface GigabitEthernet0/0
description connect to GSR
mtu 1800
ip address 10.4.10.201 255.255.255.252
negotiation auto
tag-switching ip
interface GigabitEthernet0/1
mtu 1800
no ip address
negotiation auto
interface GigabitEthernet0/1.2
description connect to xjccw
encapsulation dot1Q 2
ip vrf forwarding xjccw
ip address 192.168.100.1 255.255.255.0
interface GigabitEthernet0/1.100
description connect to test_3550
encapsulation dot1Q 100
mpls l2transport route 10.254.254.129 100
tag-switching ip
router ospf 1
log-adjacency-changes
network 10.4.10.200 0.0.0.3 area 0
network 10.254.254.200 0.0.0.0 area 0
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.254.254.129 remote-as 100
neighbor 10.254.254.129 update-source Loopback0
address-family ipv4
no auto-summary
no synchronization
exit-address-family
address-family ipv4 multicast
no auto-summary
exit-address-family
address-family vpnv4
neighbor 10.254.254.129 activate
neighbor 10.254.254.129 send-community extended
no auto-summary
exit-address-family
address-family ipv4 vrf xjccw
redistribute connected
no auto-summary
no synchronization
exit-address-family
ip classless
no ip http server
line con 0
logging synchronous
line aux 0
line vty 0 4
password xjccw
exec-timeout 0 0
end
在GSR上做完MPLS L2TRANSPORT ROUTE 10.254.254.129 10时出现如下情况:
MPLS config error: 10.4.10.202 is not a valid LDP id, use 10.254.254.129 instead
09:22:10: %LDP-5-NBRCHG: TDP Neighbor 10.254.254.129:0 is UP
09:22:10: %TDP-4-PTCL: peer 10.254.254.129:0, bad PIE len
09:22:10: PDU HDR:
09:22:10: 0x00 0x01 0x00 0x3E 0x0A 0xFE 0xFE 0x81 0x00 0x00 0x04 0x00
09:22:10: PIE HDR:
09:22:10: 0x0B 0x96 0x01 0x00
09:22:10: %LDP-5-NBRCHG: TDP Neighbor 10.254.254.129:0 is DOWN刚开始在7206做实验,结果三层VPN和二层VPN都不通,郁闷中。。。。。。
升级其IOS,还是不行,只能在7304上做实验,结果。。。。。。。。
7206-test#sh run
Building configuration...
Current configuration : 1823 bytes
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname 7206-test
boot-start-marker
boot-end-marker
ip subnet-zero
ip cef
no ip domain-lookup
ip vrf xjccw1
rd ...
route-target export ...
route-target import ...
interface Loopback0
ip address 10.254.254.201 255.255.255.255
no ip directed-broadcast
interface FastEthernet0/0
no ip address
no ip directed-broadcast
duplex half
speed auto
interface FastEthernet0/0.101
description connect to sitB1_vc101_GSR
encapsulation dot1Q 101
no ip directed-broadcast
tag-switching ip
no cdp enable
xconnect 10.254.254.129 101 encapsulation mpls
interface FastEthernet0/0.105
description connect to xjccw1
encapsulation dot1Q 105
ip vrf forwarding xjccw1
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
duplex half
speed auto
interface POS2/0
description connect to GSR
ip address 10.4.10.205 255.255.255.252
no ip directed-broadcast
tag-switching ip
fair-queue 64 256 0
router ospf 1
log-adjacency-changes
network 10.4.10.204 0.0.0.3 area 0
network 10.254.254.201 0.0.0.0 area 0
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.254.254.129 remote-as 100
neighbor 10.254.254.129 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 10.254.254.129 activate
neighbor 10.254.254.129 send-community extended
exit-address-family
address-family ipv4 vrf xjccw1
redistribute connected
no auto-summary
no synchronization
exit-address-family
ip classless
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
no cns aaa enable
end -
EoMPLS over interface VLAN on 7600??
Hi all,
I ve read EoMPLS will not work on interface VLAN's in 7600 series routers... Is it for any specific IOS bug (if so is the same be fixed?) or the platform itsefl will not support...
Because we have an EoMPLS customer who is not able to work on interface VLAN..
Thanks in advance....I got the below message as well:
LAB-R5-7604-CDAC-II(config-if)#mpls ip
MPLS CONFIG on LAN NOT RECOMMENDED: Cross-connect is currently configured
on interface vlans and WAN interfaces are facing the MPLS core.
By configuring MPLS on LAN interfaces, AToM on vlan interfaces may be non
functional.
LAB-R5-7604-CDAC-II(config-if)#mpls mtu 1546 -
Hi dear all
Currently we are facing an issue in a VPLS network and I will appreciate your help if you know the solution, thanks in advance.
We have the following topology :
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;
mso-fareast-language:EN-US;}
All routers (PA,PB,PC) have Sup32-8GE-3B without any extra line cards . We configure VPLS on all routers. All routers have the following running configuration . Also verifications show that everything is ok .
1. Is it possible to configure VPLS on Sup32-GE-3B without any extra line cards?
2. Why configuration has been done but :
a. There is not communication between 3 Cust-A sites (L2 connectivity).
b. The following error message displayed when add “IP MPLS” command for uplinks.
MPLS CONFIG on LAN NOT RECOMMENDED: Cross-connect is currently configured on interface vlans and WAN interfaces are facing the MPLS core. By configuring MPLS on LAN interfaces, AToM on vlan interfaces may be non functional.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;
mso-fareast-language:EN-US;}
PA-7609#sh run
Building configuration...
Current configuration : 4030 bytes
! Last configuration change at 14:54:05 UTC Thu Jul 29 2010
! NVRAM config last updated at 14:07:27 UTC Thu Jul 29 2010
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service counters max age 5
hostname PA-7609
boot-start-marker
boot system sup-bootdisk:c7600s3223-advipservicesk9-mz.122-33.SRB7.bin
boot-end-marker
enable secret 5 $1$FIyH$5AHHV2qA0noZemUJhZBCL0
no aaa new-model
platform vfi dot1q-transparency
ip subnet-zero
ip vrf forwarding
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
vtp mode transparent
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action reset
mpls label protocol ldp
spanning-tree mode pvst
spanning-tree extend system-id
system flowcontrol bus auto
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
redundancy
mode rpr
main-cpu
auto-sync running-config
vlan internal allocation policy ascending
vlan dot1q tag native
vlan access-log ratelimit 2000
vlan 100
pseudowire-class mpls
encapsulation mpls
l2 router-id 10.1.1.1
l2 vfi VPLS1 autodiscovery
vpn id 100
interface Loopback1
ip address 10.1.1.1 255.255.255.255
interface GigabitEthernet5/1
no ip address
shutdown
interface GigabitEthernet5/2
no ip address
shutdown
interface GigabitEthernet5/3
no ip address
shutdown
interface GigabitEthernet5/4
no ip address
shutdown
interface GigabitEthernet5/5
no ip address
shutdown
interface GigabitEthernet5/6
no ip address
shutdown
interface GigabitEthernet5/7
no ip address
shutdown
interface GigabitEthernet5/8
no ip address
shutdown
interface GigabitEthernet5/9
no ip address
shutdown
interface GigabitEthernet6/1
ip address 192.168.0.1 255.255.255.252
mpls ip
interface GigabitEthernet6/2
ip address 172.16.0.1 255.255.255.252
mpls ip
interface GigabitEthernet6/3
ip address 192.168.1.18 255.255.255.252
mpls ip
interface GigabitEthernet6/3.200
encapsulation dot1Q 300
interface GigabitEthernet6/4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
interface GigabitEthernet6/5
no ip address
shutdown
interface GigabitEthernet6/6
no ip address
interface GigabitEthernet6/7
no ip address
interface GigabitEthernet6/8
no ip address
interface GigabitEthernet6/9
ip address 200.200.200.1 255.255.255.0
interface Vlan1
no ip address
shutdown
interface Vlan100
no ip address
xconnect vfi VPLS1
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp update-delay 1
neighbor 10.1.1.2 remote-as 1
neighbor 10.1.1.2 update-source Loopback1
neighbor 10.1.1.3 remote-as 1
neighbor 10.1.1.3 update-source Loopback1
address-family ipv4
no synchronization
no auto-summary
exit-address-family
address-family l2vpn vpls
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
ip classless
no ip http server
no ip http secure-server
mpls ldp router-id Loopback1
bridge 1 protocol vlan-bridge
control-plane
line con 0
stopbits 1
line vty 0 4
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 5 15
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 16
privilege level 15
password 7 055A545C606C0D
login
ntp master 1
mac-address-table synchronize
no mac-address-table learning vlan 2 module 5
mac-address-table learning vlan 100 module 5
no mac-address-table learning vlan 2 module 6
mac-address-table learning vlan 100 module 6
End
PB-7609#sh run
Building configuration...
Current configuration : 3683 bytes
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service counters max age 10
hostname PB-7609
boot-start-marker
boot system sup-bootdisk:c7600s3223-advipservicesk9-mz.122-33.SRB7.bin
boot-end-marker
enable secret 5 $1$1YCM$KJ9TC73PD.1v2x8jrVS3S/
no aaa new-model
ip subnet-zero
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action reset
mpls label protocol ldp
spanning-tree mode pvst
spanning-tree extend system-id
system flowcontrol bus auto
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
redundancy
mode rpr
main-cpu
auto-sync running-config
vlan internal allocation policy ascending
vlan dot1q tag native
vlan access-log ratelimit 2000
pseudowire-class mpls
encapsulation mpls
l2 router-id 10.1.1.2
l2 vfi VPLS1 autodiscovery
vpn id 100
interface Loopback1
ip address 10.1.1.2 255.255.255.255
interface GigabitEthernet5/1
no ip address
shutdown
interface GigabitEthernet5/2
no ip address
shutdown
interface GigabitEthernet5/3
no ip address
shutdown
interface GigabitEthernet5/4
no ip address
shutdown
interface GigabitEthernet5/5
no ip address
shutdown
interface GigabitEthernet5/6
no ip address
shutdown
interface GigabitEthernet5/7
no ip address
shutdown
interface GigabitEthernet5/8
no ip address
shutdown
interface GigabitEthernet5/9
no ip address
shutdown
interface GigabitEthernet6/1
ip address 192.168.0.2 255.255.255.252
mpls ip
interface GigabitEthernet6/2
ip address 172.16.0.5 255.255.255.252
mpls ip
interface GigabitEthernet6/3
no ip address
shutdown
interface GigabitEthernet6/4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
interface GigabitEthernet6/5
no ip address
shutdown
interface GigabitEthernet6/6
no ip address
shutdown
interface GigabitEthernet6/7
no ip address
interface GigabitEthernet6/8
no ip address
interface GigabitEthernet6/9
ip address 200.200.200.2 255.255.255.0
interface Vlan1
no ip address
shutdown
interface Vlan100
no ip address
xconnect vfi VPLS1
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp update-delay 1
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.1 update-source Loopback1
neighbor 10.1.1.3 remote-as 1
neighbor 10.1.1.3 update-source Loopback1
address-family ipv4
no synchronization
no auto-summary
exit-address-family
address-family l2vpn vpls
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
ip classless
no ip http server
no ip http secure-server
mpls ldp router-id Loopback1
control-plane
line con 0
stopbits 1
line vty 0 4
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 5 15
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 16
privilege level 15
password 7 1543595F450A68
login
mac-address-table synchronize
mac-address-table learning vlan 100 module 5
mac-address-table learning vlan 100 module 6
End
PC-7609#sh run
Building configuration...
Current configuration : 3896 bytes
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service counters max age 10
hostname PC-7609
boot-start-marker
boot system sup-bootdisk:c7600s3223-advipservicesk9-mz.122-33.SRB7.bin
boot-end-marker
enable secret 5 $1$cL//$YpRw8OQfCv2vYXZIvORkU.
no aaa new-model
ip subnet-zero
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
vtp mode transparent
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action reset
mpls ldp explicit-null
mpls label protocol ldp
spanning-tree mode pvst
spanning-tree extend system-id
system flowcontrol bus auto
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
redundancy
mode sso
main-cpu
auto-sync running-config
vlan internal allocation policy ascending
vlan dot1q tag native
vlan access-log ratelimit 2000
vlan 100
pseudowire-class mpls
encapsulation mpls
l2 router-id 10.1.1.3
l2 vfi VPLS1 autodiscovery
vpn id 100
interface Loopback1
ip address 10.1.1.3 255.255.255.255
interface GigabitEthernet5/1
no ip address
shutdown
interface GigabitEthernet5/2
no ip address
shutdown
interface GigabitEthernet5/3
no ip address
shutdown
interface GigabitEthernet5/4
no ip address
shutdown
interface GigabitEthernet5/5
no ip address
shutdown
interface GigabitEthernet5/6
no ip address
shutdown
interface GigabitEthernet5/7
no ip address
shutdown
interface GigabitEthernet5/8
no ip address
shutdown
interface GigabitEthernet5/9
no ip address
shutdown
interface GigabitEthernet6/1
ip address 172.16.0.2 255.255.255.252
mpls ip
interface GigabitEthernet6/2
ip address 172.16.0.6 255.255.255.252
mpls ip
interface GigabitEthernet6/3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
interface GigabitEthernet6/4
ip address 192.168.1.9 255.255.255.252
mpls ip
interface GigabitEthernet6/5
no ip address
no cdp enable
interface GigabitEthernet6/6
no ip address
interface GigabitEthernet6/7
no ip address
interface GigabitEthernet6/8
no ip address
interface GigabitEthernet6/9
ip address 200.200.200.3 255.255.255.0
speed 10
duplex half
interface Vlan1
no ip address
shutdown
interface Vlan100
no ip address
xconnect vfi VPLS1
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp update-delay 1
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.1 update-source Loopback1
neighbor 10.1.1.2 remote-as 1
neighbor 10.1.1.2 update-source Loopback1
address-family ipv4
no synchronization
no auto-summary
exit-address-family
address-family l2vpn vpls
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
ip classless
no ip http server
no ip http secure-server
mpls ldp router-id Loopback1
bridge 1 protocol vlan-bridge
control-plane
line con 0
stopbits 1
line vty 0 4
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 5 15
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 16
privilege level 15
password 7 075E731F0F295A
login
mac-address-table synchronize
no mac-address-table learning vlan 4
mac-address-table learning vlan 100 module 5
no mac-address-table learning vlan 4 module 6
mac-address-table learning vlan 100 module 6
end
Verification
PA-7609#sh mpls ldp neighbor
Peer LDP Ident: 200.200.200.2:0; Local LDP Ident 200.200.200.1:0
TCP connection: 200.200.200.2.11362 - 200.200.200.1.646
State: Oper; Msgs sent/rcvd: 136/137; Downstream
Up time: 01:40:27
LDP discovery sources:
GigabitEthernet6/1, Src IP addr: 192.168.0.2
Targeted Hello 10.1.1.1 -> 10.1.1.2, active, passive
Addresses bound to peer LDP Ident:
200.200.200.2 192.168.0.2 172.16.0.5 10.1.1.2
Peer LDP Ident: 200.200.200.3:0; Local LDP Ident 200.200.200.1:0
TCP connection: 200.200.200.3.64421 - 200.200.200.1.646
State: Oper; Msgs sent/rcvd: 137/130; Downstream
Up time: 01:40:26
LDP discovery sources:
Targeted Hello 10.1.1.1 -> 10.1.1.3, active, passive
GigabitEthernet6/2, Src IP addr: 172.16.0.2
Addresses bound to peer LDP Ident:
200.200.200.3 172.16.0.2 172.16.0.6 10.1.1.3
PA-7609#sh ip bgp l2vpn vpls all
BGP table version is 18, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:100
*> 1:100:10.1.1.1/96 0.0.0.0 32768 ?
*>i1:100:10.1.1.2/96 10.1.1.2 0 100 0 ?
*>i1:100:10.1.1.3/96 10.1.1.3 0 100 0 ?
PA-7609#show xconnect all
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP vfi VPLS1 UP mpls 10.1.1.2:100 UP
UP vfi VPLS1 UP mpls 10.1.1.3:100 UP
UP ac Vl100 100(Eth VLAN) UP vfi VPLS1 UP
PA-7609#sh mac-address-table dynamic
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
No entries present.Hi,
If you need to run VPLS then you core facing card need to do imposition/disposition. I doubt if the sup32 gig ports can do so. For VPLS to work on 7600 any one of following card is needed.
PWAN2 (OSM)
ES+ (ES40)
ES20
SIP-400
SIP-600
If you have say a lan card like 6748 or 6724 towards core and try to bring up VPLS, it will allow you to provision but VC might not come up. The other message you are getting is normal when you try to enable mpls on a lan card. I think this can be safely ignored.
Thanks,
Madhu -
hi, i am novice in MPLS
please help me to config below scenario , i want to config DHCP service on CE router (in picture:: CE2: Customer B )
which other CE (like CE1) can get IP address
assume that we have different IP range
i want to enable DHCP only on CE router Not on PE
if possible please please put me sample config :)
tnx a lotdear friend please help me......
-
MPLS over GRE sample config....
can any body paste a working of MPLS over GRE....
i am looking for tunnel config and any related global config...
thanks
UmarYou can try this link for GRE configuration
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml -
RV042 - Does it support Mode Config?
Hello,
I have a question regarding the RV042 and its IP-Sec capabilities.
Does it support "Mode Config", an IP-Sec extension.
If yes, is it documented somewhere?
Regards,
DanielNo, the rv042 does not support mode config. That is for the cisco enterprise edition routers, with the command line configuration.
-
Greetings,
I have the following network.
A Satellite Internet Connection into WAN1 of the RV042 IP = 99.196.170.134 DNS WAN1 = 12.213.112.61
A Verizon USB Modem via a cradlepoint router into WAN2 of the RV042 IP = 192.168.0.196 DNS WAN2 = 192.168.0.1
(For testing connected each one of these independently to a laptop and verified operation)
The RV042 is set up as a GatewayThe default Gateway is checked for both WAN1 and WAN2
DDNS is off for both WAN1 and WAN2
LAN IP = 172.16.0.1
Subnet 255.255.255.0
Both WAN1 and WAN2 Obtain IP address automatically
If I set the RV042 to Smart Link Backup WAN1 I can access the web but NOT email via outlook. Outlook says it failed contact your network administrator.
If I set the RV042 to Load Balancing I can access email via Outlook but can not access the web. Web pages timeout when trying to lookup a doamin name
I prefer to have the RV042 set up for load balancing.
Please help me sort this out.
Thank you,
Ron WensleyNever mind I figured it out.
-
BRAS Config for MPLS carrying PPPoE
Hi all
DSLAM----(PPPoE)---7600----(Xconnect)----7600----(VLAN/PPPoE)---(BRAS ASR1K)
we currently have a distributed access network where the DSLAMs send us PPPoE packets which we are wrapping into xconnects back to a central BRAS.
the xconnects terminate on the upstream device to the BRAS. The BRAS is connected by a VLAN trunk and each DSLAM is identified by a unique VLAN-ID.
so the BRAS gets native PPPoE frames.
I wish to extend the MPLS to the BRAS itself. So that the xconnect ( or VPLS ) terminates on the BRAS itself.
I cant see how to stitch in the PPPoE features to get this to work.
I was thinking about an external looping cable on the same BRAS device but thats a bit crap
Is there a more elegant solution?
many thanksHi,
You can try pseudowire headend configuration. But I am not sure its avaliable for AS1K.
http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.1/lxvpn/configuration/guide/vc41vpls.html#wp1323446
Maybe you are looking for
-
HT1420 transferring music from iphone to newly authorised computer
how do I transfer music from my iphone to a newly authorised computer
-
Error when configuring SES PeopleSoft
Hi All, I am trying to Configure Oracle SES with PeopleSoft Portal 9.2,I have done all the configurations,but when i try to test proxy login i am getting the below error, Proxy login failed : Error with IdentityPlugin.validateUser: oracle.search.sdk.
-
What does cpu intensive mean?
I downloaded free trial of adobe audition 3, when trying to remove vocals to make karaoke song a message came up saying cpu intensive can anyone please tell me what this means, and the vocals where still there. Thank you mimsypoo
-
Interesting issue in PS CS5.
Doing some testing with CS5 to see if a move is worthy from CS4, I have come across a weird issue. When running liquefy, the screen does not auto update as you work, but shows the edits after you hit OK. I cannot find a solution for this, nor any men
-
Hi All , I have a requirement where in the timecard approval notifications should go to a specific employee (not to the supervisor) . I see in the Approval styles window , we have options like Workflow or Formula Mechanism . Can someone please throw