SVI EoMPLS

Similar Messages

• ASR 901 SVI based EoMPLS

  Hi,
  I'm trying to configure SVI based eompls on the 901, and this is the error I get:
  interface GigabitEthernet0/5
  service instance 202 ethernet
    encapsulation dot1q 202
    rewrite ingress tag pop 1 symmetric
    bridge-domain 202
  ASR-901-TEST(config)#int vlan 202
  ASR-901-TEST(config-if)#x
  ASR-901-TEST(config-if)#xconnect ?
    A.B.C.D  IP address of peer
  ASR-901-TEST(config-if)#xconnect 10.20.4.15 15 enc
  ASR-901-TEST(config-if)#xconnect 10.20.4.15 15 encapsulation m
  ASR-901-TEST(config-if)#xconnect 10.20.4.15 15 encapsulation mpls
  The Vl202 a vlan interface - command rejected.
  The box is running asr901-universalk9-mz.152-2.SNI code.
  I realise you can configure the xconnect on the EFP but we were looking to have multiple EVCs share one bridge domain and do the xconnect on the SVI.
  Am I missing something or is this feature not supported on the current code?
  Thanks.

  Hi Alfred,
  We won't have this on ASR901's radar, and in fact we implemented error message mechanism to alert our
  customers.  Its a ASIC and feature limitation on ASR901 alone. 
  Cheers,
  /Mani

• L3 vpn and VPLS on same SVI.

  Hi,
  Can anyone help me with this query?
  I am trying to connect a CE router with two redundant links to two seperate PEs. I need spanning tree to be run between the PEs for the resilence and failover so was thinking VPLS, but also need the CE to connect to a L3 vpn.
  Does anyone know if it is possible to have a vlan (SVI) in a VPLS instance and a L3 MPLS vpn?
  Thanks
  Wai-Lun

  Hello Wai,
  I may be wrong but I don't think you can at the same time over a single SVI to offer L3 VPN and L2 VPN services.
  However, I would suggest to divide your links/requirements: the two CE-PE1 and CE-PE2 links will be VRF access links from the PE point of view and you can use a dynamic protocol.
  Routing protols can provide all the failover and redundancy you are looking for.
  The PE Routers will be interconnected via MPLS backbone links.
  If you miss your own backbone infrastructure you can use CSC (Carrier Supporting Carrier) or lease simple EoMPLS /VPLS links from a provider (this may need some thoughts about MTU)
  hope to help
  best regards
  Giuseppe

• EoMPLS PW

  Guys I'm trying to make sense out of the attached Cisco Topology
  My test environment consists of, various core (P)and distribution(PE) 7600?s (Sup720 without OSM, SIP-600, SPA). Access node consists of a Ethernet DSLAM (although kind of irrelevant at this point).
  I?m focusing on layer 2 Access node ? Distribution (Active/backup) Redundancy (No aggregation layer) to two separate distribution PE?s. It seems as though its describing the classic triangular loop, completed by an inter-distribution EoMPLS PW. It then appears as if packets are been forwarded out of the layer 2 domain by an SVI on both distro?s, using HSRP as the floating gateway. The only issue is implementing PW on an interface and assigning an IP address. Unfortunately I cannot use VFI, though I?m not convinced this would help either. I cannot xconnect from an SVI either (due to restriction on non OSM, SPA modules). I?m guessing bridging using irb would be the only feasible solution (if it does work).
  1) Am I way off?
  2) Would VFI?s help in any way?
  3) What would you suggest?
  Any information related to this would be extremely useful. Many thanks in advance.

  Hi,
  In which mode your 7600 operates? to support MPLS features it should be either PFC3B or PFC3BXL. If you have any OSM module it will operate MPLS over OSM as long as the peer IP address is learned through WAN interface, though its not recommended.
  SIP-600 for 7600 comes with 3BXL but if there is any module with DFC3A the system will operate with common denominator which is PFC3A . so you can't run MPLS.
  Normally you cannot have both the IP and L2MPLS configuration on the same interface. and on 7600 we are restricted to one VLAN database, (i.e. even you configure routed ports you cannot reuse the same VLAN on two different physical ports under subinterface)
  Since we have to create another EoMPLS tunnel to outside we have to emulate a bridge domain and therefore we have to use VPLS where we have to configure VFI.
  If we have to configure any first-hop redundancy protocol where we can configure...?
  Rgds,
  Harin

• EoMPLS Question

  Does anyone know if you can configure EoMPLS on an SVI interface if you have the ES20 cards facing the core and the x6724 cards facing the CPE. The 7600 documentation for 12.2SR says you have to have an OSM or Enhanced Flex Wan module facing the core but this was befoere the ES20 cards came out. Below is an example of what I would like to do.
  CE--->(x6724--7600--ES20)---core---(ES20---7600---x6724)--->BRAS
  7600 facing the CE.
  vlan 10 name voice
  vlan 20 name video
  vlan 100 name data
  int gig4/1
  switchport
  switchport trunk ecap dot1q
  sw mode trunk
  switcport trunk allowed vlan 10,20,100
  int vlan 10
  ip add 10.10.1.1 255.255.255.0
  int vlan 20
  ip add 10.20.1.1 255.255.255.0
  int vlan 100
  xconnect 10.10.100.101 100 encapsulation mpls

  We tried this with x6724s facing the core and x6748s facing the CE and it didn't work and was told by TAC that we needed the OSM or Enhanced flex wan module. I'm hoping the ES20 card has the same functionality as the OSM or Enhanced flex wan. In reading over the data sheet last night it appears that it supports all the MPLS/AToM features that the OSM modules supports. I'm thinking if it doesn't work with an SVI it should work with sub-interfaces.

• QOS Features over EoMPLS

  Hello,
  Please clarify if the following features are supported over EoMPLS on 7600 platform (IOS 15.0) used as PE:
  DSCP classification on ES+ EVC when xconnect is under SVI.
  DSCP classification on SVI linked to ES20 EVC when xconnect is under SVI.
  Police & marking (as confom action) on ES+ EVC when xconnect is under SVI.
  Police & marking (as conform action) on SVI linked to ES20 EVC when xconnect is under SVI.
  Please highlight any caveats related to the above features and share any related document if you can.
  Best regards!

  Hi,
  as long as the bandwidth for all combined voip calls is smaller than the configured bandwidth "priority XXX", VoIp is ok.
  The reason is, that any voip packet will be serviced immediately and the data will be queued. So for voip the network looks like not being overloaded at all.
  Hope this helps! please rate all posts.
  Regards, Martin

• VRF on a SVI interface

  Hello,
  Just a quick question:
  If a have a 7600 without SIP, OSM or ES20 card I cannot do an EoMPLS circuit (xconnect) on a SVI interface (local switching).
  What about a VRF on a SVI interface? Can I do it without SIP or OSM?
  Thanks for your replies!
  Alex

  The configuration of a VRF on the SVI interface, either for VRF-lite or L3VPN, is supported natively on the PFC3b and therefore doesn't require any additional HW as it is the case with EoMPLS on the SVI interface or VPLS.
  Hope this helps,

• EoMPLS fail

  Hi,
  I am setting up EoMPLS (AToM) in my lab. Topology is simple, just have 2 Cat6509 (with native IOS) connect back-to-back. These 2 Catalyst act as PE. On each catalyst, there is one catalyst acting as host (CE). I am configuring 'mpls l2transport' under interface vlan, instead of subinterface. It is weird when i found that under subinterface, there is no command 'mpls l2transport' nor 'xconnect'. Both command is available only under interfce vlan and L3 interface.
  You all can check my configuration. Thanks fr every response.

  Hi,
  EoMPLS is not supported on Layer 3 VLAN interfaces for C6500/7600.
  If you need to configure EoMPLS on the SVI the core-facing card must be an OSM.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/pfc3mpls.htm#wp1279824
  Kind regards,
  Dmitriy.

• MAC-Learning in EoMPLS

  I was wondering if in a EWS circuit, does the MPLS PE Router learn the MAC-Address or is it dependent on the way the Circuit is configured i.e. Type-4 and Type-5 or Sub-interface based or SVI based.
  Is there any way this MAC-learning can be disabled...Also, if MAC-learning is enabled does this have a direct impact on the number of MAC-addresses I can learn in any other service like VPLS or ERS etc....

  PE should not and does not need to learn MAC-address for EoMPLS, this is irrelevant of circuit type.
  Cat6K has mac-limiting feature which you can limit the number of MACs can be learned on per-vlan bases.

• ME6524 EoMPLS

  Hi,
  I have to carry many few  L2 circuits of same customer with a ME6524 as  a uPE device. As SVI based EoMPLS is not possible on this device.
  Can I do the following , (if yes,  this solves the same purpose as SVI based EoMPLS).
  I use vlan 200 for this customer & I assume MuxUNI support works well on Uplink port aswell. ( I know it works on Downlink port -- customer facing port)
  int Gig 1
  switchport mode access
  Switchport access vlan 200
  Int Gig 2
  switchport mode access
  Switchport access vlan 200
  Int Gig 25
  description << Uplink to MPLS cloud>>
  mpls ip
  ip address 1.1.1.1 255.255.255.0
  Int Gig 25.200
  encap dot1q 200
  Xconnect 5.0.0.5 2000 encap mpls
  Is it possible and any comment..Have anybody done this practically..
  Thx,
  gaurav

  You can use port based EoMPLS on the ME6524
  See example below..
  ME3400a--dot1q--ME6524-A ---EoMPLS ----ME6524-b--dot1q--ME3400b
  ME6524-A#sh run (fragments)
  interface Loopback0
  ip address 10.99.99.15 255.255.255.255
  interface GigabitEthernet1/5
  mtu 9216
  no ip address
  logging event link-status
  logging event trunk-status
  logging event spanning-tree status
  logging event subif-link-status
  load-interval 30
  xconnect 10.99.99.11 15 encapsulation mpls
  interface GigabitEthernet1/32
  mtu 9216
  ip address 10.99.98.64 255.255.255.254
  logging event link-status
  logging event trunk-status
  logging event spanning-tree status
  logging event subif-link-status
  load-interval 30
  mpls ip
  router ospf 1
  router-id 10.99.99.10
  log-adjacency-changes
  area 10 nssa
  network 10.99.98.0 0.0.0.255 area 10
  network 10.99.99.10 0.0.0.0 area 10
  mpls ldp router-id Loopback0 force
  ME6524-B#sh run (fragments)
  interface Loopback0
  ip address 10.99.99.11 255.255.255.255
  interface GigabitEthernet1/5
  mtu 9216
  no ip address
  logging event link-status
  logging event trunk-status
  logging event spanning-tree status
  logging event subif-link-status
  load-interval 30
  xconnect 10.99.99.15 15 encapsulation mpls
  interface GigabitEthernet1/32
  mtu 9216
  ip address 10.99.98.65 255.255.255.254
  logging event link-status
  logging event trunk-status
  logging event spanning-tree status
  logging event subif-link-status
  load-interval 30
  mpls ip
  ME6524-A#sh mpls l2transport vc 15 detail
  Local interface: Gi1/5 up, line protocol up, Ethernet up
  Destination address: 10.99.99.11, VC ID: 15, VC status: up
  Output interface: Gi1/32, imposed label stack {16}
  Preferred path: not configured
  Default path: active
  Next hop: 10.99.98.65
  Create time: 00:16:27, last status change time: 00:02:57
  Signaling protocol: LDP, peer 10.99.99.11:0 up
  MPLS VC labels: local 16, remote 16
  Group ID: local 0, remote 0
  MTU: local 9216, remote 9216
  Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
  packet totals: receive 140, send 163
  byte totals: receive 17640, send 21306
  packet drops: receive 0, send 0

• QinQ EoMPLS

  I have a SUP720(port based mpls) and a SUP2 (SVI based mpls.) I can get the VC to come up if I wanted to do one vlan accross my network.
  I am having issues getting a port to trunk across my EoMPLS to a 7200 router.
  Currently, I have a Flex-wan module for the SUP2 side, which supports this, but I am getting different views based off the QinQ.
  Any ideas?

  No I kept the MTU at 1500.
  What I mean by that is that it seems everyone is doing it slightly different from another.
  I've been all over Cisco's site and I cannot find any clear definite way that other engineers are setting this up.
  Also, it seems that this topic is considered part of two different departments at Cisco, so not one department is able to go over the entire setup because they either know MPLS or they know dot1q.
  I just wish there was a document that was like, "this is what you need to do this."

• Routing issue: SVI vs Firewall interface

  Greetings
  I have several switches interconnected in my network and multiple VLANs configured with SVI assigned to each. InterVLAN routing works just fine. The switchport connected to corporate firewall is the first port on the main switch (interface GigabitEthernet1/0/1 I recon).
  The firewall is VLAN unaware and it is managed by third party; I do not have access to it. The firewall is configured to route below two ranges only, and that is fine:
  155.111.215.254/25 (servers)
  10.15.245.254/24 (end users)
  In my network, these ranges are broken down to sub-ranges and assigned VLAN ip address. Other ranges that I have in my network (192.168.x.x) are used by peripheral devices within LAN only and do not need to reach the firewall (neither internet).
  So here is the problem I have:
  If I point end user machines and servers to corresponding firewall interfaces (assign default gateway accordingly), they can reach each other and have access to internet. But they would not be able to reach peripheral devices in 192.168.x.x range which are pointed to respective VLAN IP address (SVI).
  If I point end user machines and servers to respective VLAN IP address, they would reach peripheral devices, but there would be no connection to the internet. So what I need is access to internet for computers with ip address within firewall configured range, but with SVI as the default gateway rather than the firewall interfaces.  
  My request to add each VLAN to the firewall was rejected because it would cost money.
  For a workaround, I wonder whether there is something to do with the switchport connected to the firewall, or it is adding some rules on the firewall I need (like NAT). If it is the latter, then how to make a proper request to the firewall management team.
  I would appreciate a suggestion on how to deal with this.  Many thanks.
  PS: Attaching main switch config file just in case.

  Hi,
  You can tweak something in the firewall to make this work... you can have the firewall has the gateway for all VLAN's.... you can do NAT exemption in the firewall to reach those pheripheral devices.... and you should have the route from the firewall to reach that and access-list should allow that......
  same-security-traffic permit intra interface - to permit access to flow through same interface......
  Make sure you are able to reach those pheripheral vlan from ASA 1st... then do setp by step.... acl's, NAT exemption, same-sec., route... route shouwld be pointed to core devices, since that has the direct connectviity from pheripheral devices VLAN...
  Regards
  Karthik

• Nexus 7K SVI interaction with if-mgr timed out

  try to create a new SVI in 7K , but got this information
  int vlan 120
  ERROR: Vlan 120 interaction with if-mgr timed out
  any one have the same issue?
  by the way , there are 200 other SVI in this 7K

  Hi,
  Do these 2 problematic 2960 switches running the same IOS as all the other switches?
  Is there anything in the logs?
  HTH

• EoMPLS problem with 6500 and IOS SXF6 + SXE5

  My EoMPLS stopped working after one ge-wan interface gone down and up.
  Before the down it was working fine.
  The connection is between two 6500 switches, trough GE-WAN (OSM+4GEWAN) ports.
  One swith have IOS 12.2(18)SXF6 and the other is using 12.2(18)SXE5
  Any incompatibilities between the IOS ?
  or maybe another problem or BUG ?

  Did this help ? What I meen is: have you had another up/down after you have changed the OSM and did the EoMPLS worked fine after this up/down ?

• Can a Catalyst switch terminate a QinQ (double vlan tagged) connection on an SVI?

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.