Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide 2010 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
LSC-ix LSC-11
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Contents
LSC-11
LSC-12 LSC-12
Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence Ethernet Technology Overview LSC-13 Carrier Ethernet Services LSC-13 Ethernet Wire Service LSC-14 Ethernet Relay Service LSC-15 Ethernet Multipoint Service LSC-15 Ethernet Flow Point LSC-16 Ethernet Virtual Circuit LSC-16 Ethernet OAM Protocols LSC-16 Layer 2 VPN on Ethernet Interfaces LSC-17 Gigabit Ethernet Protocol Standards Overview LSC-18 IEEE 802.3 Physical Ethernet Infrastructure LSC-18 IEEE 802.3ab 1000BASE-T Gigabit Ethernet LSC-18 IEEE 802.3z 1000 Mbps Gigabit Ethernet LSC-18 IEEE 802.3ae 10 Gbps Ethernet LSC-18 General Ethernet Standards LSC-19 MAC Address LSC-19 Ethernet MTU LSC-19 Flow Control on Ethernet Interfaces LSC-20 VRRP LSC-20 HSRP LSC-20 Link Autonegotiation on Ethernet Interfaces LSC-21 What is an Ethernet Flow Point? LSC-21 EFP CLI Overview LSC-22 Egress EFP Filtering LSC-22 Identifying Frames of an EFP LSC-22 Applying Features LSC-24 Defining Data-Forwarding Behavior LSC-25 802.1Q VLAN LSC-25
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-i
Contents
802.1Q Tagged Frames LSC-26 Subinterfaces LSC-26 Subinterface MTU LSC-26 VLAN Subinterfaces on Ethernet Bundles Layer 2 VPN on VLANs LSC-26
LSC-26
How to Configure Layer 2 Features on Ethernet Interfaces LSC-28 Default Configuration Values for Gigabit Ethernet and 10-Gigabit Ethernet Configuring Ethernet Interfaces LSC-30 Configuring a 10-Gigabit Ethernet Interface LSC-30 Configuring a Gigabit Ethernet Interface LSC-32 What to Do Next LSC-34 Configuring an Attachment Circuit on an Ethernet Port LSC-35 Configuring Egress EFP Filtering LSC-38 Configuring 802.1Q VLAN Interfaces LSC-40 Configuring 802.1Q VLAN Subinterfaces LSC-40 Configuring Native VLAN LSC-42 Removing an 802.1Q VLAN Subinterface LSC-44 Configuration Examples LSC-47 Configuring an Ethernet Interface: Example LSC-47 Configuring a L2VPN AC: Example LSC-48 Configuring VPWS with Link Bundles: Example LSC-49 Physical Interfaces (Port mode) LSC-49 Sub Interfaces (EFP mode) LSC-49 Configuring Ethernet Bundle with L2 and L3 Services: Example Configuring VLAN Subinterfaces: Example LSC-50 Where to Go Next
LSC-51
LSC-28
LSC-50
Additional References LSC-51 Related Documents LSC-52 Standards LSC-52 MIBs LSC-52 RFCs LSC-52 Technical Assistance LSC-52 Ethernet Features Contents
LSC-53
Prerequisites for Implementing Ethernet Features Information About Implementing Ethernet Features Policy Based Forwarding LSC-54 Layer 2 Protocol Tunneling LSC-54
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-ii
OL-23107-02
Contents
L2PT Features LSC-54 L2PT in the Forward Mode LSC-55 L2PT in the Reverse Mode with Protocol Frame Tagging L2PT Configuration Notes LSC-60 How to Implement Ethernet Features LSC-61 Configuring Policy Based Forwarding LSC-61 Enabling Policy Based Forwarding LSC-61 Configuring Source Bypass Filter LSC-64 Configuration Examples LSC-67 Configuring Policy Based Forwarding: Example LSC-67 Configuring Layer 2 Protocol Tunneling: Example LSC-67 Configuring L2PT in forward mode LSC-67 Configuring L2PT in reverse mode LSC-68 Additional References LSC-70 Related Documents LSC-70 Standards LSC-70 MIBs LSC-70 RFCs LSC-70 Technical Assistance LSC-70 Configuring Link Bundles Contents
LSC-71 LSC-72 LSC-71
LSC-56
Information About Configuring Link Bundles LSC-72 Link Bundling Overview LSC-73 Characteristics of Cisco ASR 9000 Series Routers Link Bundles LSC-73 Link Aggregation Through LACP LSC-74 IEEE 802.3ad Standard LSC-74 QoS and Link Bundling LSC-75 VLANs on an Ethernet Link Bundle LSC-76 Link Bundle Configuration Overview LSC-76 Nonstop Forwarding During Card Failover LSC-76 Link Failover LSC-77 Bundle Interfaces: Redundancy, Load Sharing, Aggregation LSC-77 Multichassis Link Aggregation LSC-77 Failure Cases LSC-77 Interchassis Communication Protocol LSC-78 Access Network Redundancy Model LSC-79 Core Network Redundancy Model LSC-80
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-iii
Contents
Switchovers LSC-81 MC-LAG Topologies LSC-82 How to Configure Link Bundling LSC-85 Configuring Ethernet Link Bundles LSC-85 Configuring VLAN Bundles LSC-89 Configuring Multichassis Link Aggregation LSC-95 Configuring Link Bundles LSC-95 Configuring Interchassis Communication Protocol LSC-95 Configuring Multichassis Link Aggregation Control Protocol Session LSC-98 Configuring Multichassis Link Aggregation Control Protocol Bundle LSC-100 Configuring Dual-Homed Device LSC-102 Configuring Access Backup Pseudowire LSC-104 Configuring One-way Pseudowire Redundancy in MC-LAG LSC-107 Configuring VPWS cross-connects in MC-LAG LSC-109 Configuring VPLS in MC-LAG LSC-112 Configuration Examples for Link Bundles LSC-115 EtherChannel Bundle running LACP: Example LSC-115 Creating VLANs on a Ethernet Bundle: Example LSC-115 ASR 9000 Link Bundles connected to a Cisco 7600 EtherChannel: Example Configuring Multichassis Link Aggregation: Example LSC-120 Additional References LSC-125 Related Documents LSC-125 Standards LSC-125 MIBs LSC-125 RFCs LSC-125 Technical Assistance LSC-126 Implementing Point to Point Layer 2 Services Contents
LSC-128 LSC-128 LSC-128 LSC-127
LSC-116
Prerequisites for Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services Layer 2 Virtual Private Network Overview LSC-128 Layer 2 Local Switching Overview LSC-129 ATMoMPLS with L2VPN Overview LSC-129 Virtual Circuit Connection Verification on L2VPN LSC-129 Ethernet over MPLS LSC-130 Ethernet Port Mode LSC-130 VLAN Mode LSC-131 Inter-AS Mode LSC-132
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-iv
OL-23107-02
Contents
QinQ Mode LSC-132 QinAny Mode LSC-133 Quality of Service LSC-133 High Availability LSC-134 Preferred Tunnel Path LSC-134 Multisegment Pseudowire LSC-135 Pseudowire Redundancy LSC-135 Pseudowire Load Balancing LSC-136 Ethernet Wire Service LSC-136 IGMP Snooping LSC-137 IP Interworking LSC-138 Any Transport over MPLS LSC-139 High-level Data Link Control over MPLS PPP over MPLS LSC-140 Frame Relay over MPLS LSC-140
LSC-140
How to Implement Point to Point Layer 2 Services LSC-141 Configuring an Interface or Connection for L2VPN LSC-141 Configuring Local Switching LSC-144 Configuring Static Point-to-Point Cross-Connects LSC-146 Configuring Dynamic Point-to-Point Cross-Connects LSC-148 Configuring Inter-AS LSC-149 Configuring L2VPN Quality of Service LSC-150 Restrictions LSC-150 Configuring an L2VPN Quality of Service Policy in Port Mode LSC-150 Configuring an L2VPN Quality of Service Policy in VLAN Mode LSC-152 Configuring Preferred Tunnel Path LSC-154 Configuring Multisegment Pseudowire LSC-156 Provisioning a Multisegment Pseudowire Configuration LSC-156 Provisioning a Global Multisegment Pseudowire Description LSC-158 Provisioning a Cross-Connect Description LSC-159 Provisioning Switching Point TLV Security LSC-161 Enabling Multisegment Pseudowires LSC-162 Enabling Flow-based Load Balancing LSC-163 Enabling Flow-based Load Balancing for a Pseudowire Class LSC-164 Configuring Pseudowire Redundancy LSC-166 Configuring a Backup Pseudowire LSC-166 Configuring Point-to-Point Pseudowire Redundancy LSC-168 Forcing a Manual Switchover to the Backup Pseudowire LSC-170 Setting Up Your Multicast Connections LSC-171 Configuring AToM IP Interworking LSC-173
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-v
Contents
Configuration Examples for Point to Point Layer 2 Services LSC-175 L2VPN Interface Configuration: Example LSC-175 Local Switching Configuration: Example LSC-175 Point-to-Point Cross-connect Configuration: Examples LSC-176 Inter-AS: Example LSC-176 L2VPN Quality of Service: Example LSC-178 Preferred Path: Example LSC-178 Pseudowires: Examples LSC-178 Configuring Dynamic Pseudowires at T-PE1 Node: Example LSC-179 Configuring Dynamic Pseudowires at S-PE1 Node: Example LSC-179 Configuring Dynamic Pseudowires at T-PE2 Node: Example LSC-180 Configuring Dynamic Pseudowires and Preferred Paths at T-PE1 Node: Example Configuring Dynamic Pseudowires and Preferred Paths at S-PE1 Node: Example Configuring Dynamic Pseudowires and Preferred Paths at T-PE2 Node: Example Configuring Static Pseudowires at T-PE1 Node: Example LSC-182 Configuring Static Pseudowires at S-PE1 Node: Example LSC-182 Configuring Static Pseudowires at T-PE2 Node: Example LSC-182 Viewing Pseudowire Status: Example LSC-183 show l2vpn xconnect LSC-183 show l2vpn xconnect detail LSC-183 Configuring Any Transport over MPLS: Example LSC-185 Configuring AToM IP Interworking: Example LSC-185 Additional References LSC-186 Related Documents LSC-186 Standards LSC-186 MIBs LSC-186 RFCs LSC-186 Technical Assistance LSC-187 Implementing Multipoint Layer 2 Services Contents
LSC-190 LSC-190 LSC-190 LSC-189
Prerequisites for Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services Virtual Private LAN Services Overview LSC-191 Bridge Domain LSC-191 Pseudowires LSC-193 Virtual Forwarding Instance LSC-193 VPLS for an MPLS-based Provider Core LSC-193 VPLS Architecture LSC-194 VPLS for Layer 2 Switching LSC-195
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-vi
OL-23107-02
Contents
VPLS Discovery and Signaling LSC-195 BGP-based VPLS Autodiscovery LSC-196 BGP Auto Discovery With BGP Signaling LSC-196 BGP Auto Discovery With LDP Signaling LSC-197 MAC Address-related Parameters LSC-198 MAC Address Flooding LSC-199 MAC Address-based Forwarding LSC-199 MAC Address Source-based Learning LSC-199 MAC Address Aging LSC-199 MAC Address Limit LSC-200 MAC Address Withdrawal LSC-200 MAC Address Security LSC-201 LSP Ping over VPWS and VPLS LSC-201 Split Horizon Groups LSC-201 Layer 2 Security LSC-202 Port Security LSC-202 Dynamic Host Configuration Protocol Snooping LSC-203 How to Implement Multipoint Layer 2 Services LSC-204 Configuring a Bridge Domain LSC-204 Creating a Bridge Domain LSC-204 Configuring a Pseudowire LSC-206 Associating Members with a Bridge Domain LSC-209 Configuring Bridge Domain Parameters LSC-211 Disabling a Bridge Domain LSC-214 Blocking Unknown Unicast Flooding LSC-216 Changing the Flood Optimization Mode LSC-217 Configuring Layer 2 Security LSC-220 Enabling Layer 2 Security LSC-220 Attaching a Dynamic Host Configuration Protocol Profile LSC-221 Configuring a Layer 2 Virtual Forwarding Instance LSC-224 Adding the Virtual Forwarding Instance Under the Bridge Domain LSC-224 Associating Pseudowires with the Virtual Forwarding Instance LSC-226 Associating a Virtual Forwarding Instance to a Bridge Domain LSC-228 Attaching Pseudowire Classes to Pseudowires LSC-230 Configuring Any Transport over Multiprotocol Pseudowires By Using Static Labels Disabling a Virtual Forwarding Instance LSC-234 Configuring the MAC Address-related Parameters LSC-236 Configuring the MAC Address Source-based Learning LSC-236 Enabling the MAC Address Withdrawal LSC-239 Configuring the MAC Address Limit LSC-241
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-232
LSC-vii
Contents
Configuring the MAC Address Aging LSC-244 Disabling MAC Flush at the Bridge Port Level LSC-247 Configuring MAC Address Security LSC-249 Configuring an Attachment Circuit to the AC Split Horizon Group LSC-251 Adding an Access Pseudowire to the AC Split Horizon Group LSC-253 Configuring VPLS with BGP Autodiscovery and Signaling LSC-254 Configuring VPLS with BGP Autodiscovery and LDP Signaling LSC-257 Configuration Examples for Multipoint Layer 2 Services LSC-261 Virtual Private LAN Services Configuration for Provider Edge-to-Provider Edge: Example LSC-261 Virtual Private LAN Services Configuration for Provider Edge-to-Customer Edge: Example LSC-262 Displaying MAC Address Withdrawal Fields: Example LSC-263 Split Horizon Group: Example LSC-264 Blocking Unknown Unicast Flooding: Example LSC-265 Disabling MAC Flush: Examples LSC-265 Bridging on IOS XR Trunk Interfaces: Example LSC-266 Bridging on Ethernet Flow Points: Example LSC-270 Changing the Flood Optimization Mode: Example LSC-272 Configuring VPLS with BGP Autodiscovery and Signaling: Example LSC-273 LDP and BGP Configuration LSC-273 Minimum L2VPN Configuration for BGP Autodiscovery with BGP Signaling LSC-274 VPLS with BGP Autodiscovery and BGP Signaling LSC-274 Minimum Configuration for BGP Autodiscovery with LDP Signaling LSC-275 VPLS with BGP Autodiscovery and LDP Signaling LSC-276 Configuring Dynamic ARP Inspection: Example LSC-277 Configuring IP Source Guard: Example LSC-279 Additional References LSC-281 Related Documents LSC-281 Standards LSC-281 MIBs LSC-281 RFCs LSC-282 Technical Assistance LSC-282 Implementing IEEE 802.1ah Provider Backbone Bridge Contents
LSC-283 LSC-284 LSC-283
Information About Implementing 802.1ah Provider Backbone Bridge LSC-284 Benefits of IEEE 802.1ah standard LSC-284 IEEE 802.1ah Standard for Provider Backbone Bridging Overview LSC-285 Backbone Edge Bridges LSC-287 IB-BEB LSC-288
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-viii
OL-23107-02
Contents
How to Implement 802.1ah Provider Backbone Bridge LSC-289 Restrictions for Implementing 802.1ah Provider Backbone Bridge LSC-289 Configuring Ethernet Flow Points on CNP and PNP Ports LSC-289 Configuring PBB Edge Bridge Domain and Service Instance ID LSC-291 Configuring the PBB Core Bridge Domain LSC-293 Configuring Backbone VLAN Tag under the PBB Core Bridge Domain LSC-294 Configuring Backbone Source MAC Address LSC-296 Configuring Unknown Unicast Backbone MAC under PBB Edge Bridge Domain LSC-299 Configuring Static MAC addresses under PBB Edge Bridge Domain LSC-301 Configuration Examples for Implementing 802.1ah Provider Backbone Bridge LSC-303 Configuring Ethernet Flow Points: Example LSC-303 Configuring PBB Edge Bridge Domain and Service Instance ID: Example LSC-303 Configuring PBB Core Bridge Domain: Example LSC-304 Configuring Backbone VLAN Tag: Example LSC-304 Configuring Backbone Source MAC Address: Example LSC-304 Configuring Static Mapping and Unknown Unicast MAC Address under the PBB Edge Bridge Domain LSC-305 Additional References LSC-305 Related Documents LSC-305 Standards LSC-305 MIBs LSC-306 RFCs LSC-306 Technical Assistance LSC-306 Implementing Multiple Spanning Tree Protocol Contents
LSC-307 LSC-308 LSC-308 LSC-307
Prerequisites for Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol Spanning Tree Protocol Overview LSC-308 STP Protocol Operation LSC-309 Topology Changes LSC-309 Variants of STP LSC-309 Multiple Spanning Tree Protocol Overview LSC-310 MSTP Regions LSC-310 MSTP Port Fast LSC-311 MSTP Root Guard LSC-312 MSTP Topology Change Guard LSC-312 MSTP Supported Features LSC-313 BPDU Guard LSC-313 Flush Containment LSC-313
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-ix
Contents
Bringup Delay LSC-314 Restrictions for configuring MSTP LSC-314 Access Gateway LSC-315 Overview of Access Gateway LSC-316 Topology Change Propagation LSC-318 Preempt Delay LSC-318 Supported Access Gateway Protocols LSC-319 Restrictions LSC-319 Multiple VLAN Registration Protocol LSC-319 How to Implement Multiple Spanning Tree Protocol LSC-320 Configuring MSTP LSC-320 Enabling MSTP LSC-320 Configuring MSTP parameters LSC-320 Verifying MSTP LSC-326 Configuring MSTAG or REPAG LSC-327 Configuring an untagged subinterface LSC-327 Enabling MSTAG LSC-327 Configuring MSTAG parameters LSC-327 Configuring MSTAG Topology Change Propagation LSC-333 Verifying MSTAG LSC-333 Configuring PVSTAG or PVRSTAG LSC-333 Enabling PVSTAG LSC-333 Configuring PVSTAG parameters LSC-334 Configuring Subinterfaces LSC-339 Verifying PVSTAG LSC-340 Configuring MVRP-lite LSC-340 Enabling MVRP-lite LSC-340 Configuring MVRP-lite parameters LSC-340 Verifying MVRP-lite LSC-342 Configuration Examples for Implementing MSTP LSC-343 Configuring MSTP: Examples LSC-343 Configuring MSTAG: Examples LSC-347 Configuring PVSTAG: Examples LSC-350 Configuring MVRP-Lite: Examples LSC-350 Additional References LSC-352 Related Documents LSC-352 Standards LSC-352 MIBs LSC-352 RFCs LSC-352
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-x
OL-23107-02
Contents
Technical Assistance
LSC-353 LSC-355
LSC-356
Information About Implementing Layer 2 Access Lists LSC-356 Ethernet Services Access Lists Feature Highlights LSC-356 Purpose of Ethernet Services Access Lists LSC-356 How an Ethernet Services Access List Works LSC-356 Ethernet Services Access List Process and Rules LSC-357 Helpful Hints for Creating Ethernet Services Access Lists LSC-357 Source and Destination Addresses LSC-357 Ethernet Services Access List Entry Sequence Numbering LSC-358 Sequence Numbering Behavior LSC-358 How to Implement Layer 2 Access Lists LSC-358 Restrictions for Implementing Layer 2 Access Lists LSC-358 Configuring Ethernet Services Access Lists LSC-359 What to Do Next LSC-360 Applying Ethernet Services Access Lists LSC-360 Controlling Access to an Interface LSC-361 Copying Ethernet Services Access Lists LSC-363 Resequencing Access-List Entries LSC-363 Configuration Examples for Implementing Layer 2 Access Lists LSC-365 Resequencing Entries in an Access List: Example LSC-365 Adding Entries with Sequence Numbers: Example LSC-365 Additional References LSC-366 Related Documents LSC-366 Standards LSC-366 MIBs LSC-366 RFCs LSC-366 Technical Assistance LSC-367 System Considerations Scale Limitations
LSC-369
LSC-369
Additional References LSC-370 Related Documents LSC-370 Standards LSC-370 MIBs LSC-370 RFCs LSC-370 Technical Assistance LSC-371
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-xi
Contents
Index
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-xii
OL-23107-02
Preface
The Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide preface contains these sections:
Changes to This Document, page LSC-ix Obtaining Documentation and Submitting a Service Request, page LSC-x
Revision OL-23107-02
Added these features in the Implementing Point to Point Layer 2 Services module:
Pseudowire Load Balancing Any Transport over MPLS (AToM) features: HDLC over
Restructured the Implementing Multiple Spanning Tree Protocol module, and added these features:
PVST+ PVSTAG
OL-23107-01
September 2010
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-ix
Preface
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-x
OL-23107-02
Note
This module does not include configuration information for Management Ethernet interfaces. To set up a Management Ethernet interface and enable Telnet servers, see the Cisco ASR 9000 Series Aggregation Services Routers Getting Started Guide. To configure a Management Ethernet interface for routing or to modify the configuration of a Management Ethernet interface, see the Advanced Configuration and Modification of the Management Ethernet Interface on the Cisco ASR 9000 Series Router module.
Feature History for Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Routers
Release Modification
Release 3.7.2
This feature was introduced on the Cisco ASR 9000 Series Routers.
Contents
Prerequisites for Configuring Layer 2 Ethernet Interfaces, page 12 Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence, page 12 How to Configure Layer 2 Features on Ethernet Interfaces, page 28 Configuration Examples, page 47 Where to Go Next, page 51 Additional References, page 51
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-11
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Prerequisites for Configuring Layer 2 Ethernet Interfaces
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Confirm that at least one of these line cards is installed on the Cisco ASR 9000 Series Routers:
4-port 10-Gigabit Ethernet (4 x 10 GE) line card 8-port 10-Gigabit Ethernet (4 x 10 GE) line card 40-port 1-Gigabit Ethernet line card
You know the interface IP address. You know how to apply the specify the generalized interface name with the generalized notation rack/slot/module/port.
Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
To configure Ethernet interfaces, you must understand these concepts:
Ethernet Technology Overview, page 13 Carrier Ethernet Services, page 13 Layer 2 VPN on Ethernet Interfaces, page 17 Gigabit Ethernet Protocol Standards Overview, page 18 MAC Address, page 19 Ethernet MTU, page 19 Flow Control on Ethernet Interfaces, page 20 VRRP, page 20 HSRP, page 20 Link Autonegotiation on Ethernet Interfaces, page 21 What is an Ethernet Flow Point?, page 21 Egress EFP Filtering, page 22 802.1Q VLAN, page 25
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-12
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Ethernet Wire Service (EWS) Ethernet Relay Service (ERS) Ethernet Multipoint Service (EMS) Ethernet Flow Point (EFP) Ethernet Virtual Connection (EVC) CE (customer edge): The customer device connecting to the service provider PE (provider edge): The service provider device connecting to the customer UNI: The connection between the CE and PE AC: The physical or virtual circuit attaching a CE to a PE. Multiplexed UNI: A UNI supporting multiple VLAN flows Pseudowire: A term used to indicate an end-to-end path in a service provider network
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-13
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Figure 1
EWAN Terms
Billing Subscriber Database Identity Policy Address Mgmt Definitions
Business Corporate
Portal Monitoring
Service Exchange
STB Residential Business
Corporate
VoD TV DSL Access Node Aggregation Node Aggregation Node Distribution Node Business MSE
SIP
Content Network
253448
STB Residential
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-14
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
engineering to meet the specific objectives of a particular contract. However, if the customer's application requires a true wire rate transparent service, then an EPL servicedelivered using optical transmission devices such as DWDM (dense wavelength division multiplexing), CDWM (coarse wavelength division multiplexing), or SONET/SDHshould be considered.
CSC-CE
CSC-PE
Like Frame Relay, ERS allows a customer device to access multiple connections through a single physical port attached to the service provider network. The service offered by ERS can be thought of as being similar in concept to Frame Relay, in that a VLAN number is used as a virtual circuit identifier in a similar fashion to Frame Relay data link connection identifier (DLCI). Unlike EWS, ERS does not forward BPDUs, because IEEE 802.1Q (VLAN tagging) only sends BPDUs on a default VLAN. In a hub-and-spoke network, only one spoke at most would receive BPDUs, thus breaking the spanning tree in the rest of the network. Therefore, an ERS does not transmit any BPDUs and runs routing protocols instead of Ethernet Spanning Tree. The routing protocols give the customer and provider greater flexibility, traffic determination characteristics, and value-added services.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
121190
e1/0 10.0.0.1
e1/0 10.0.0.2
LSC-15
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
EMS Example
An EMS does not map an interface or VLAN to a specific point-to-point pseudowire. Instead, it models the operation of a virtual Ethernet switch: EMS uses the customer's MAC address to forward frames to the correct egress UNI within the service provider's network. An EMS emulates the service attributes of an Ethernet switch and learns source MAC to interface associations, floods unknown broadcast and multicast frames, and (optionally) monitors the service user's spanning tree protocol. One important point to note is that although the service provider may utilize spanning tree within the transport network, there is no interaction with the service user's spanning tree. This service works similar to an MPLS VPN, except it functions at L2 instead of L3. While a VPLS EMS is a viable solution, its scalability and QoS control are suspect compared to that of MPLS VPNs. In addition, it is much more difficult, and may be impossible, for the service provider to offer value-added Layer 3 services (this is discussed later in the document).
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-16
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Port ModeIn this mode, all packets reaching the port are sent over the pseudowire, regardless of any VLAN tags that are present on the packets. In VLAN mode, the configuration is performed under the l2transport configuration mode. VLAN ModeEach VLAN on a CE (customer edge) or access network to PE (provider edge) link can be configured as a separate L2VPN connection (using either VC type 4 or VC type 5). To configure L2VPN on VLANs, see the The Cisco ASR 9000 Series Routers Carrier Ethernet Model module in this manual. In VLAN mode, the configuration is performed under the individual subinterface. AC-to-PWTraffic reaching the PE is tunneled over a PW (pseudowire) (and conversely, traffic arriving over the PW is sent out over the AC). This is the most common scenario. Local switchingTraffic arriving on one AC is immediately sent out of another AC without passing through a pseudowire. PW stitchingTraffic arriving on a PW is not sent to an AC, but is sent back into the core over another PW. L2VPN links support QoS (Quality of Service) and MTU (maximum transmission unit) configuration. If your network requires that packets are transported transparently, you may need to modify the packets destination MAC (Media Access Control) address at the edge of the Service Provider (SP) network. This prevents the packet from being consumed by the devices in the SP network.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-17
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
IEEE 802.3 Physical Ethernet Infrastructure IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3z 1000 Mbps Gigabit Ethernet IEEE 802.3ae 10 Gbps Ethernet
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-18
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Ethernet II framing also known as DIX. IEEE 802.3 framing also includes LLC and LLC/SNAP protocol frame formats IEEE 802.1d MAC Bridges and Spanning TreeThis standard specifies the MAC learning and MAC aging in a bridging environment. It also defines the original spanning tree protocol. Also MSTP is defined in IEEE 802.1s and IEEE 802.1q. IEEE 802.1q VLAN taggingThis standard defines VLAN tagging, and also the traditional VLAN trunking between switches. Technically, it also defines QinQ tagging, and MSTP. The Cisco ASR 9000 Series Routers do NOT support ISL. IEEE 802.1ad Provider BridgesThis standard is a subset of 802.1q and is often referred to as 802.1ad. The Cisco ASR 9000 Series Routers do not adhere to the entire standard, but large portions of the standard's functionality are supported.
MAC Address
A MAC address is a unique 6-byte address that identifies the interface at L2.
Ethernet MTU
The Ethernet maximum transmission unit (MTU) is the size of the largest frame, minus the 4-byte frame check sequence (FCS), that can be transmitted on the Ethernet network. Every physical network along the destination of a packet can have a different MTU. Cisco IOS XR software supports two types of frame forwarding processes:
Fragmentation for IPV4 packetsIn this process, IPv4 packets are fragmented as necessary to fit within the MTU of the next-hop physical network.
Note
MTU discovery process determines largest packet sizeThis process is available for all IPV6 devices, and for originating IPv4 devices. In this process, the originating IP device determines the size of the largest IPv6 or IPV4 packet that can be sent without being fragmented. The largest packet is equal to the smallest MTU of any network between the IP source and the IP destination devices. If a packet is larger than the smallest MTU of all the networks in its path, that packet will be fragmented as necessary. This process ensures that the originating device does not send an IP packet that is too large.
Jumbo frame support is automatically enable for frames that exceed the standard frame size. The default value is 1514 for standard frames and 1518 for 802.1Q tagged frames. These numbers exclude the 4-byte frame check sequence (FCS).
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-19
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
VRRP
The Virtual Router Redundancy Protocol (VRRP) eliminates the single point of failure inherent in the static default routed environment. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VPN concentrators on a LAN. The VRRP VPN concentrator controlling the IP addresses associated with a virtual router is called the master, and forwards packets sent to those IP addresses. When the master becomes unavailable, a backup VPN concentrator takes the place of the master. For more information on VRRP, see the Implementing VRRP module of Cisco ASR 9000 Series Routers IP Addresses and Services Configuration Guide.
HSRP
Hot Standby Routing Protocol (HSRP) is a proprietary protocol from Cisco. HSRP is a routing protocol that provides backup to a router in the event of failure. Several routers are connected to the same segment of an Ethernet, FDDI, or token-ring network and work together to present the appearance of a single virtual router on the LAN. The routers share the same IP and MAC addresses and therefore, in the event of failure of one router, the hosts on the LAN are able to continue forwarding packets to a consistent IP and MAC address. The transfer of routing responsibilities from one device to another is transparent to the user. HSRP is designed to support non disruptive failover of IP traffic in certain circumstances and to allow hosts to appear to use a single router and to maintain connectivity even if the actual first hop router they are using fails. In other words, HSRP protects against the failure of the first hop router when the source host cannot learn the IP address of the first hop router dynamically. Multiple routers participate in HSRP and in concert create the illusion of a single virtual router. HSRP ensures that one and only one of the routers is forwarding packets on behalf of the virtual router. End hosts forward their packets to the virtual router. The router forwarding packets is known as the active router. A standby router is selected to replace the active router should it fail. HSRP provides a mechanism for determining active and standby routers, using the IP addresses on the participating routers. If an active router fails a standby router can take over without a major interruption in the host's connectivity. HSRP runs on top of User Datagram Protocol (UDP), and uses port number 1985. Routers use their actual IP address as the source address for protocol packets, not the virtual IP address, so that the HSRP routers can identify each other. For more information on HSRP, see the Implementing HSRP module of Cisco ASR 9000 Series Routers IP Addresses and Services Configuration Guide.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-20
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Note
Identifies all frames that belong to a particular flow on a given interface Provides a capability to perform ingress and egress Ethernet header manipulations Provides a capability to apply features to the identified frames Optionally defines how to forward those frames in the data path
You can perform a variety of operations on the traffic flows when a router is configured with EFPs on various interfaces. Also, you can bridge or tunnel the traffic by many ways from one or more of the routers ingress EFPs to one or more egress EFPs. This traffic is a mixture of VLAN IDs, single or double (QinQ) encapsulation, and ethertypes. Figure 3 shows the EFP model.
Figure 3 EFP Model
EFP
Tag Op Egress
Filter
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-21
247174
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
An EFP subinterface is configured to specify which traffic on ingress is vectored to that EFP. This is done by specifying a VLAN, range of VLANs, or QinQ tagging to match against on ingress. All traffic on ingress is compared to each EFPs matching criterion, and processed by that EFP if a match occurs. The processing performed by an EFP can change VLAN IDs, add or remove VLAN tags, and change ethertypes.
l2transport command - This command identifies a subinterface (or a physical port or bundle-port parent interface) as an EFP. encapsulation command - This command is used to specify matching criteria. rewrite command - This command is used to specify the VLAN tag rewrite criteria.
VLAN tag or tags MAC address (source address, destination address, or both) 802.1p CoS bits Logical conjunction of two or more of the above: VLAN, MAC, and CoS Default match (that is, any other traffic that has not matched a more specific EFP) Protocol ethertype Any information outside the outermost Ethernet frame header and its associated tags such as
IPv4, IPv6, or MPLS tag header data C-DMAC, C-SMAC, or C-VLAN
Logical disjunction of the valid frame matches above: VLAN, MAC, and CoS
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-22
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
The specific match criteria are covered in more detail in these sections.
EFP Identifier Static configuration on the ingress physical interface or a subinterface that uses the untagged keyword in the encapsulation command. There can be only one untagged subinterface. If an untagged subinterface has been created, traffic goes to this interface instead of the main interface. A priority-tagged frame is defined as having a single 802.1Q VLAN header, with a VLAN id of zero. Cisco ASR 9000 Series Routers do not support native VLAN. Use this command: encapsulation dot1q <vlan-id>, untagged
Native VLAN
802.1Q customer-tagged Ethernet frames 802.1Q (ethertype 0x8100) double tagged frames 802.1ad double tagged frames Legacy 0x9100 and 0x9200 double tagged frames
Default tagging
An EFP which has a maximum-match wildcard. The effect is to receive any traffic that does not match any other EFP on the same physical interface.
You can use wildcards as well as VLAN ranges while defining frames that map to a given EFP. EFPs can distinguish flows based on a single VLAN tag, a range of VLAN tags, a stack of VLAN tags or a combination of both (VLAN stack with wildcards). It provides the EFP model, a flexibility of being encapsulation agnostic, and allows it to be extensible as new tagging or tunneling schemes are added.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-23
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Logical Conjunction
All of the match criteria above can be selectively combined those frames that match all of the separate criteria.
Default Match
A single EFP can be defined that matches all other traffic that has not been matched by a more specific EFP.
Egress Behavior
The EFP matching criteria can also be used on egress to police the frames that can egress from the EFP, based on the platform support. Frames that do not match the criteria (source/destination MAC match criteria are reversed) are dropped.
Applying Features
After the frames are matched to a particular EFP, any appropriate features can be applied. In this context, features means any frame manipulations specified by the configuration as well as things such as QoS and ACLs. The Ethernet infrastructure provides an appropriate interface to allow the feature owners to apply their features to an EFP. Hence, IM interface handles are used to represent EFPs, allowing feature owners to manage their features on EFPs in the same way the features are managed on regular interfaces or subinterfaces. The only L2 features that can be applied on an EFP that is part of the Ethernet infrastructure are the L2 header encapsulation modifications. The L2 features are described in this section.
Encapsulation Modifications
EFP supports these L2 header encapsulation modifications on both ingress and egress:
Note
This modification can only pop tags that are matched as part of the EFP. Rewrite 1 or 2 VLAN tags:
Rewrite outer tag Rewrite outer 2 tags Rewrite outer tag and push an additional tag Remove outer tag and rewrite inner tag
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-24
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
The VLAN tag type, that is, C-VLAN, S-VLAN, or I-TAG. The ethertype of the 802.1Q C-VLAN tag is defined by the dot1q tunneling type command. The VLAN ID. 0 can be specified for an outer VLAN tag to generate a priority-tagged frame.
Note
For tag rewrites, the CoS bits from the previous tag should be preserved in the same way as the DEI bit for 802.1ad encapsulated frames.
L2 Switched Service (Bridging)The EFP is mapped to a bridge domain, where frames are switched based on their destination MAC address. This includes multipoint services:
Ethernet to Ethernet Bridging Virtual Private LAN Service (VPLS)
L2 Stitched Service (AC to AC xconnect)This covers point-to-point L2 associations that are statically established and do not require a MAC address lookup.
Ethernet to Ethernet Local SwitchingThe EFP is mapped to an S-VLAN either on the same
Tunneled Service (xconnect)The EFP is mapped to a Layer 3 tunnel. This covers point-to-point services only:
EoMPLS L2TPv3
L2 Terminated Service (Ethernet access to Layer 3 service)The EFP is mapped to an IP interface that has a global address or belongs to a VRF (includes both IP and MPLS Layer 3 VPNs).
802.1Q VLAN
A VLAN is a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, it is very flexible for user and host management, bandwidth allocation, and resource optimization. The IEEE's 802.1Q protocol standard addresses the problem of breaking large networks into smaller parts so broadcast and multicast traffic does not consume more bandwidth than necessary. The standard also helps provide a higher level of security between segments of internal networks. The 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames. Cisco IOS XR software supports VLAN subinterface configuration on Gigabit Ethernet and10-Gigabit Ethernet interfaces.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-25
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Subinterfaces
Subinterfaces are logical interfaces created on a hardware interface. These software-defined interfaces allow for segregation of traffic into separate logical channels on a single hardware interface as well as allowing for better utilization of the available bandwidth on the physical interface. Subinterfaces are distinguished from one another by adding an extension on the end of the interface name and designation. For instance, the Ethernet subinterface 23 on the physical interface designated TenGigE 0/1/0/0 would be indicated by TenGigE 0/1/0/0.23. Before a subinterface is allowed to pass traffic it must have a valid tagging protocol encapsulation and VLAN identifier assigned. All Ethernet subinterfaces always default to the 802.1Q VLAN encapsulation. However, the VLAN identifier must be explicitly defined.
Subinterface MTU
The subinterface maximum transmission unit (MTU) is inherited from the physical interface with an additional four bytes allowed for the 802.1Q VLAN tag.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-26
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Cisco ASR 9000 Series Routers Layer 2 Theory and Standards Adherence
Basic Dot1Q Attachment CircuitThe Attachment Circuit covers all frames that are received and sent with a specific VLAN tag. QinQ Attachment CircuitThe Attachment Circuit covers all frames received and sent with a specific outer VLAN tag and a specific inner VLAN tag. QinQ is an extension to Dot1Q that uses a stack of two tags. Q-in-Any Attachment CircuitThe Attachment Circuit covers all frames received and sent with a specific outer VLAN tag and any inner VLAN tag, as long as that inner VLAN tag is not Layer 3 terminated. Q-in-Any is an extension to QinQ that uses wildcarding to match any second tag.
Note
The Q-in-Any mode is a variation of the basic Dot1Q mode. In Q-in-Any mode, the frames have a basic QinQ encapsulation; however, in Q-in-Any mode the inner tag is not relevant, except for the fact that a few specific inner VLAN tags are siphoned for specific services. For example, a tag may be used to provide L3 services for general internet access.
Each VLAN on a CE-to-PE link can be configured as a separate L2VPN connection (using either VC type 4 or VC type 5). To configure L2VPN on VLANs, see the Removing an 802.1Q VLAN Subinterface section on page 44. Keep these in mind when configuring L2VPN on a VLAN:
Cisco IOS XR software supports 4000 Attachment Circuits per line card. In a point-to-point connection, the two Attachment Circuits do not have to be of the same type. For example, a port mode Ethernet Attachment Circuit can be connected to a Dot1Q Ethernet Attachment Circuit. Pseudowires can run in VLAN mode or in port mode. A pseudowire running in VLAN mode has a single Dot1Q tag, while a pseudo-wire running in port mode has no tags. Some interworking is required to connect these different types of circuits together. This interworking takes the form of popping, pushing, and rewriting tags. The advantage of L2VPN is that is simplifies the interworking required to connect completely different media types together. The Attachment Circuits on either side of an MPLS pseudowire can be different types. In this case, the appropriate conversion is carried out at one or both ends of the Attachment Circuit to pseudowire connection.
Use the show interfaces command to display Attachment Circuit and pseudowire information.
Note
For more information on the show interfaces command, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-27
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Default Configuration Values for Gigabit Ethernet and 10-Gigabit Ethernet, page 28 Configuring Ethernet Interfaces, page 30 Configuring a Gigabit Ethernet Interface, page 32 Configuring an Attachment Circuit on an Ethernet Port, page 35 Configuring Egress EFP Filtering, page 38 Configuring 802.1Q VLAN Interfaces, page 40
Note
For more information on configuring interfaces, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide.
Note
You must use the shutdown command to bring an interface administratively down. The interface default is no shutdown. When a modular services card is first inserted into the router, if there is no established preconfiguration for it, the configuration manager adds a shutdown item to its configuration. This shutdown can be removed only be entering the no shutdown command.
Table 2
Gigabit Ethernet and 10-Gigabit Ethernet Modular Services Card Default Configuration Values
Configuration File Entry Default Value flow-control mtu egress on ingress off 1514 bytes for normal frames 1518 bytes for 802.1Q tagged frames 1522 bytes for QinQ frames Hardware burned-in address (BIA2) off/L3
L3 only L2 subinterfaces must have L3 main parent interface none physical main interfaces only
off off
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-28
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Table 2
Gigabit Ethernet and 10-Gigabit Ethernet Modular Services Card Default Configuration Values
Restrictions1 configured on main interface only; applied to subinterfaces only encapsulation command only subinterfaces
encapsulation
all frames for main interface; only ones specified for subinterfaces
1. The restrictions are applicable to L2 main interface, L2 subinterface, L3 main interface, interflex L2 interface etc. 2. burned-in address
1. burned-in address
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-29
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
For more information on configuring Ethernet interfaces, see the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide.
SUMMARY STEPS
1. 2. 3. 4. 5.
DETAILED STEPS
Command or Action
Step 1
configure interface TenGigE [instance]
Example:
RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# interface TenGigE 0/0/0/1
Step 2
l2transport
Enables Layer 2 transport mode on a port and enter Layer 2 transport configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if)#l2transport
Step 3
mtu bytes
Adjusts the maximum packet size or maximum transmission unit (MTU) size for the bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-if-l2)# mtu 1448
Use the bytes argument to specify the MTU size, in bytes. The range is from 64 to 65535.
Step 4
no shutdown
Example:
RP/0/RSP0/CPU0:router(config-if-l2)# no shutdown
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-30
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 5
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if-l2)# end
or
RP/0/RSP0/CPU0:router(config-if-l2)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-31
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure interface type interface-path-id ipv4 address ip-address mask flow-control {bidirectional | egress | ingress} mtu bytes mac-address value1.value2.value3 negotiation auto (on Gigabit Ethernet interfaces only) no shutdown end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure terminal
Step 2
Enters interface configuration mode and specifies the Ethernet interface name and notation rack/slot/module/port.
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/1/0/0
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-32
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 3
ipv4 address ip-address mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 172.18.189.38 255.255.255.224
Replace ip-address with the primary IPv4 address for the interface. Replace mask with the mask for the associated IP subnet. The network mask can be specified in either of two ways:
The network mask can be a four-part dotted
decimal address. For example, 255.0.0.0 indicates that each bit equal to 1 means that the corresponding address bit belongs to the network address.
The network mask can be indicated as a slash (/)
and number. For example, /8 indicates that the first 8 bits of the mask are ones, and the corresponding bits of the address are network address.
Step 4
flow-control {bidirectional| egress | ingress}
(Optional) Enables the sending and processing of flow control pause frames.
Example:
RP/0/RSP0/CPU0:router(config-if)# flow control ingress
egressEnables the sending of flow control pause frames in egress. ingressEnables the processing of received pause frames on ingress. bidirectionalEnables the sending of flow control pause frames in egress and the processing of received pause frames on ingress. The default is 1514 bytes for normal frames and 1518 bytes for 802.1Q tagged frames. The range for Gigabit Ethernet and 10-Gigabit Ethernet mtu values is 64 bytes to 65535 bytes.
Step 5
mtu bytes
Example:
RP/0/RSP0/CPU0:router(config-if)# mtu 1448
Step 6
mac-address value1.value2.value3
(Optional) Sets the MAC layer address of the Management Ethernet interface.
Example:
RP/0/RSP0/CPU0:router(config-if)# mac address 0001.2468.ABCD
The values are the high, middle, and low 2 bytes, respectively, of the MAC address in hexadecimal. The range of each 2-byte value is 0 to ffff.
Step 7
negotiation auto
Example:
RP/0/RSP0/CPU0:router(config-if)# negotiation auto
Autonegotiation must be explicitly enabled on both ends of the connection, or speed and duplex settings must be configured manually on both ends of the connection. If autonegotiation is enabled, any manually configured speed or duplex settings take precedence. The negotiation auto command is available on Gigabit Ethernet interfaces only.
Note
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-33
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 8
no shutdown
Purpose Removes the shutdown configuration, which forces an interface administratively down.
Example:
RP/0/RSP0/CPU0:router(config-if)# no shutdown
Step 9
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 10
Example:
RP/0/RSP0/CPU0:router# show interfaces TenGigE 0/3/0/0
What to Do Next
To configure an 802.1Q VLAN subinterface on the Ethernet interface, see the The Cisco ASR 9000 Series Routers Carrier Ethernet Model module later in this manual. To configure an AC on the Ethernet port for L2VPN implementation, see the Configuring an Attachment Circuit on an Ethernet Port section later in this module.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-34
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Note
The steps in this procedure configure the L2VPN Ethernet port to operate in EFP mode.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure interface [GigabitEthernet | TenGigE] instance.subinterface l2transport encapsulation dot1q vlan-id interface [GigabitEthernet | TenGigE] instance.subinterface l2transport encapsulation dot1q vlan-id l2vpn bridge group group-name bridge-domain domain-name interface [GigabitEthernet | TenGigE] instance.subinterface
or commit
12. show run interface [GigabitEthernet | TenGigE] instance.subinterface
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-35
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
interface [GigabitEthernet | TenGigE] instance.subinterface l2transport Example: RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/5/0/0.20 l2transport
Enters subinterface configuration mode and specifies the interface type, location, and subinterface number.
Ethernet bundle instance. Naming notation is rack/slot/module/port, and a slash between values is required as part of the notation.
Ethernet bundle instance. Range is from 1 through
65535.
Step 3
encapsulation dot1q vlan-id
Replace the subinterface argument with the subinterface value. Range is from 0 through 4095. Naming notation is instance.subinterface, and a period between arguments is required as part of the notation.
Example:
RP/0/RSP0/CPU0:router(config-subif)#encapsulati on dot1q 50
Step 4
interface [GigabitEthernet | TenGigE] instance.subinterface l2transport Example: RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/5/0/0.20 l2transport
Enters subinterface configuration mode and specifies the interface type, location, and subinterface number.
Ethernet bundle instance. Naming notation is rack/slot/module/port, and a slash between values is required as part of the notation.
Ethernet bundle instance. Range is from 1 through
65535.
Step 5
encapsulation dot1q vlan-id
Replace the subinterface argument with the subinterface value. Range is from 0 through 4095. Naming notation is instance.subinterface, and a period between arguments is required as part of the notation.
Example:
RP/0/RSP0/CPU0:router(config-subif)#encapsulati on dot1q 50
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-36
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 6
l2vpn
Example:
RP/0/RSP0/CPU0:router(config-subif)#l2vpn
Step 7
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group ce-doc-examples
Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Enters configuration mode for the named bridge domain. This creates a new bridge domain modifies the existing bridge domain if it already exists.
Step 8
bridge-domain domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge- domain ac-example
Step 9
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20
Adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. The interface EFP now becomes an attachment circuit on this bridge domain.
Step 10
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#in terface GigabitEthernet0/5/0/1.15
Adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. The interface EFP now becomes an attachment circuit on this bridge domain.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-37
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 11
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 12
Example:
RP/0/RSP0/CPU0:router#show run interface GigabitEthernet0/5/0/1.15
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-38
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Note
Output drops counter displays the drops occurred due to egress EFP filtering in the show interface display for that interface. Output drops counter is a summation of drops from multiple causes and not necessarily due to egress EFP filtering. By using the ethernet egress-filter command, you can configure egress EFP filtering in either global or L2 subinterface mode:
ethernet egress-filter strict configures Egress EFP Filtering in global configuration mode. ethernet egress-filter {strict | disabled} configures Egress EFP Filtering in L2 subinterface mode.
SUMMARY STEPS
1. 2. 3. 4. 5.
configure ethernet egress-filter strict interface {GigabitEthernet | TenGigE | FastEthernet | Bundle-Ether} instance.subinterface ethernet egress-filter {strict | disabled} exit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:PE44_ASR-9010# config Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:PE44_ASR-9010(config)#
Step 2
Example:
RP/0/RSP0/CPU0:PE44_ASR-9010(config)# ethernet egress-filter strict
Step 3
Creates an L2 subinterface.
Example:
RP/0/RSP0/CPU0:PE44_ASR-9010(config)# interface GigabitEthernet 0/1/0/1.1 RP/0/RSP0/CPU0:PE44_ASR-9010(config-subif )#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-39
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 4
ethernet egress-filter {strict | disabled}
Purpose Allows egress filtering to be explicitly enabled or disabled on any L2 subinterface. It can also be used to override global settings.
Example:
RP/0/RSP0/CPU0:PE44_ASR-9010(config-subif )# ethernet egress-filter strict
Step 5
exit
Example:
RP/0/RSP0/CPU0:PE44_ASR-9010(config-subif )# exit RP/0/RSP0/CPU0:PE44_ASR-9010(config)# exit
Configuring 802.1Q VLAN Subinterfaces, page 40 Configuring Native VLAN, page 42 Removing an 802.1Q VLAN Subinterface, page 44 Removing an 802.1Q VLAN Subinterface, page 44
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure interface {GigabitEthernet | TenGigE | Bundle-Ether} instance.subinterface l2transport encapsulation dot1q vlan-id ethernet egress-filter strict end or commit show ethernet trunk bundle-ether instance (Optional)
7.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-40
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Enters subinterface configuration mode and specifies the interface type, location, and subinterface number.
Example:
RP/0/RSP0/CPU0:router(config)# interface TenGigE 0/2/0/4.10
Ethernet bundle instance. Naming notation is rack/slot/module/port, and a slash between values is required as part of the notation.
Ethernet bundle instance. Range is from 1 through
65535.
Step 3
l2transport
Replace the subinterface argument with the subinterface value. Range is from 0 through 4095. Naming notation is instance.subinterface, and a period between arguments is required as part of the notation.
Enables Layer 2 transport mode on a port and enter Layer 2 transport configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-subif)#l2transport
Step 4
Example:
RP/0/RSP0/CPU0:router(config-subif-l2)# encapsulation dot1q 100
Replace the vlan-id argument with a subinterface identifier. Range is from 1 to 4094 inclusive (0 and 4095 are reserved). To configure a basic Dot1Q Attachment Circuit, use this syntax:
encapsulation dot1q vlan-id
Note
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-41
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 5
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config)# end
or
RP/0/RSP0/CPU0:router(config)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 6
(Optional) Displays the interface configuration. The Ethernet bundle instance range is from 1 through 65535.
Example:
RP/0/RSP0/CPU0:router# show ethernet trunk bundle-ether 5
SUMMARY STEPS
1. 2. 3. 4.
configure interface [GigabitEthernet | TenGigE | Bundle-Ether] instance.subinterface l2transport encapsulation dot1q <vlan-id>, untagged end or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-42
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Enters subinterface configuration and specifies the interface type, location, and subinterface number.
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/2/0/4.2 l2transport
Ethernet bundle instance. Naming notation is rack/slot/module/port, and a slash between values is required as part of the notation.
Ethernet bundle instance. Range is from 1 through
65535.
Note
Replace the subinterface argument with the subinterface value. Range is from 0 through 4095. Naming notation is instance.subinterface, and a period between arguments is required as part of the notation. You must include the l2transport keyword in the command string; otherwise, the configuration creates a Layer 3 subinterface rather than an Attachment Circuit.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-43
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 3
encapsulation [dot1q vlan-id, untagged]
Purpose Defines the Native VLAN, associated with an 802.1Q trunk interface.
Example:
RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 400
The vlan-id argument is the ID of the subinterface. Range is from 1 through 4094 inclusive (0 and 4095 are reserved).
It is possible to receive both dot1q 400 and untagged frames by issuing the encapsulation command with the untagged keyword.
Step 4
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-subif)# end
or
RP/0/RSP0/CPU0:router(config-subif)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
SUMMARY STEPS
1. 2. 3. 4.
configure no interface {GigabitEthernet | TenGigE | Bundle-Ether] instance.subinterface Repeat Step 2 to remove other VLAN subinterfaces. end or commit show ethernet trunk bundle-ether instance (Optional)
5.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-44
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Removes the subinterface, which also automatically deletes all the configuration applied to the subinterface.
Example:
RP/0/RSP0/CPU0:router(config)# no interface TenGigE 0/2/0/4.10
Ethernet bundle instance. Naming notation is rack/slot/module/port, and a slash between values is required as part of the notation.
Ethernet bundle instance. Range is from 1 through
65535.
Replace the subinterface argument with the subinterface value. Range is from 0 through 4095.
Naming notation is instance.subinterface, and a period between arguments is required as part of the notation.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-45
The Cisco ASR 9000 Series Routers Carrier Ethernet Model How to Configure Layer 2 Features on Ethernet Interfaces
Command or Action
Step 3 Step 4
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config)# end
or
RP/0/RSP0/CPU0:router(config)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 5
(Optional) Displays the interface configuration. The Ethernet bundle instance range is from 1 through 65535.
Example:
RP/0/RSP0/CPU0:router# show ethernet trunk bundle-ether 5
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-46
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Configuration Examples
Configuration Examples
This section provides these configuration examples:
Configuring an Ethernet Interface: Example Configuring a L2VPN AC: Example Configuring VPWS with Link Bundles: Example Configuring Ethernet Bundle with L2 and L3 Services: Example Configuring VLAN Subinterfaces: Example
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-47
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Configuration Examples
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-48
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Configuration Examples
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-49
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Configuration Examples
This example shows how to configure an Ethernet bundle subinterface with L3 services:
configure interface Bundle-Ether 100.1 ipv4 address 13.13.13.2 255.255.255.0 !
This example shows how to configure an Ethernet bundle interface with L2 services:
configure interface Bundle-Ether 101 l2transport !
This example shows how to configure an Ethernet bundle interface with L2 services:
configure interface Bundle-Ether1.1 l2transport !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-50
OL-23107-02
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Where to Go Next
This example shows how to create two VLAN subinterfaces on an Ethernet bundle at one time:
RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)# interface Bundle-Ether 1 l2transport RP/0/RSP0/CPU0:router(config-if-l2)# exit RP/0/RSP0/CPU0:router(config)# interface Bundle-Ether 1.1 l2transport RP/0/RSP0/CPU0:router(config-subif-l2)# encapsulation dot1q 10 RP/0/RSP0/CPU0:router(config-subif)# exit RP/0/RSP0/CPU0:router(config)# interface Bundle-Ether 1.2 l2transport RP/0/RSP0/CPU0:router(config-subif-l2)# encapsulation dot1q 20 RP/0/RSP0/CPU0:router(config-subif)# exit
Where to Go Next
When you have configured an Ethernet interface, you can configure individual VLAN subinterfaces on that Ethernet interface. For information about configuring VLAN subinterfaces, see the The Cisco ASR 9000 Series Routers Carrier Ethernet Model module later in this document. For information about IPv6 see the Implementing Access Lists and Prefix Lists module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Debug Command Reference.
Additional References
These sections provide references related to implementing Gigabit and 10-Gigabit Ethernet interfaces.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-51
The Cisco ASR 9000 Series Routers Carrier Ethernet Model Additional References
Related Documents
Related Topic Cisco IOS XR master command reference Document Title Cisco IOS XR Master Commands List
Standards
Standards Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
MIBs There are no applicable MIBs for this module. MIBs Link To locate and download MIBs for selected platforms using Cisco IOS XR Software, use the Cisco MIB Locator found at this URL: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. Title
Technical Assistance
Description The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Link http://www.cisco.com/techsupport
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-52
OL-23107-02
Ethernet Features
This module describes how to configure Layer 2 (L2) Ethernet features on the Cisco ASR 9000 Series Aggregation Services Routers supporting Cisco IOS XR software. For more information on configuring Ethernet interfaces, refer to The Cisco ASR 9000 Series Routers Carrier Ethernet Model module of this configuration guide.
Feature History for Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Routers
Release Modification
Release 3.9.1
Support for Policy Based Forwarding and Layer 2 Protocol Tunneling features was added.
Contents
Prerequisites for Implementing Ethernet Features, page 53 Information About Implementing Ethernet Features, page 54 How to Implement Ethernet Features, page 61 Configuration Examples, page 67 Additional References, page 70
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-53
forwardthe frame is switched or routed with no exceptional handling. dropthe frame is discarded on the router. terminatethe router recognizes that the frame is an L2 protocol frame, and therefore sends it to the router's control plane for protocol processing. tunnelthe router encapsulates the frame to hide its identity as a protocol frame. This prevents the frame from being terminated on other routers. The opposite end of the tunnel performs a decapsulation, returning the frame to its original state.
L2PT Features
The Cisco ASR 9000 Series Routers offer these functions:
L2PT encapsulates and decapsulates protocol frames that have VLAN headers. Supports capability of handling enormous frame rates. The Cisco ASR 9000 Series Routers perform L2PT encapsulation and decapsulation at the interface line rates.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-54
OL-23107-02
Note
There are no dedicated L2PT counters. There are no L2PT-specific adjustments for QoS or other miscellaneous parameters.
Gig0/5/0/2.1
A Service Provider network (S-network) is depicted in Figure 1. The customer network (C-network) connects to router R1 at the GigabitEthernet subinterface 0/1/0/1.1, and to router R2 at the GigabitEthernet subinterface 0/5/0/2.1. The C-network is not shown in the diagram; however, the C-network sends L2 traffic through the S-network, and the S-network switches the traffic from end to end. The customer traffic also carries L2 protocol frames. The purpose of L2PT is to allow these protocol frames to pass through the S-network. In forward mode, L2PT is applied to the customer facing interfaces of the S-network, R1 GigabitEthernet 0/1/0/1.1 and R2 GigabitEthernet 0/5/0/2.1. Figure 1 depicts the configuration for L2PT in forward mode: R1:
! interface GigabitEthernet0/1/0/1 negotiation auto ! interface GigabitEthernet0/1/0/1.1 l2transport encapsulation default l2protocol cpsv tunnel ! interface GigabitEthernet0/1/0/2 negotiation auto ! interface GigabitEthernet0/1/0/2.1 l2transport encapsulation default ! l2vpn xconnect group examples p2p r1-connect interface GigabitEthernet0/1/0/1.1 interface GigabitEthernet0/1/0/2.1 ! ! !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-55
R2:
! interface GigabitEthernet0/5/0/1 negotiation auto ! interface GigabitEthernet0/5/0/1.1 l2transport encapsulation default ! interface GigabitEthernet0/5/0/2 negotiation auto ! interface GigabitEthernet0/5/0/2.1 l2transport encapsulation default l2protocol cpsv tunnel ! l2vpn xconnect group examples p2p r2-connect interface GigabitEthernet0/5/0/1.1 interface GigabitEthernet0/5/0/2.1 ! ! !
Protocol traffic enters router R1 at the GigabitEthernet subinterface 0/1/0/1.1. Router R1 detects the frames as protocol frames, and performs L2PT encapsulation at the customer facing interface. Inside R1, the local connection r1-connect connects R1's customer-facing and service provider-facing interfaces. The traffic then flows out of router R1 on GigabitEthernet subinterface 0/1/0/2.1 through several other service provider network routers or switches (switch cloud) into router R2 at GigabitEthernet subinterface 0/5/0/1.1. Router R2 connects the customer-facing and service provider-facing interfaces through a local connection r2-connect. Therefore, traffic is sent to the customer-facing interface GigabitEthernet 0/5/0/2.1. At this interface, an L2PT decapsulation occurs and the protocol traffic flows out of router R2 into the customer network. Without L2PT being configured the customer protocol frames that are sent into R1 are terminated. The customer traffic can consist of a variety of traffic; the protocol frames comprise a small percentage of the overall traffic stream.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-56
OL-23107-02
Figure 2
Gig0/5/0/5.1
When L2PT is configured in the reverse mode, the L2PT encapsulation occurs when the frame exits the interface. Likewise, in reverse mode decapsulation is performed when the frame enters the interface. Therefore, the L2PT tunnel is formed between the service provider-facing interfaces, instead of the customer-facing interfaces. In this example, once the protocol traffic enters router R1, a VLAN tag is added to it. Before the traffic is sent through the service provider network, a second VLAN tag is added (100). The Cisco ASR 9000 Series Routers perform the L2PT encapsulation on a double-tagged protocol frame. Figure 2 shows four customer-facing interfaces (R1: GigabitEthernet subinterface 0/1/0.1.1, GigabitEthernet subinterface 0/1/0/2.1 and R2: GigabitEthernet subinterface 0/5/0/5.1, GigabitEthernet subinterface 0/5/0/6.1) and two service provider-facing interfaces (R1: GigabitEthernet subinterface 0/1/0/3.1 and R2: GigabitEthernet subinterface 0/5/0/4.1). Figure 2 depicts the configuration for L2PT in reverse mode: At R1:
! interface GigabitEthernet0/1/0/1 negotiation auto ! interface GigabitEthernet0/1/0/1.1 l2transport encapsulation untagged rewrite ingress tag push dot1q 100 symmetric ethernet egress-filter strict ! interface GigabitEthernet0/1/0/2 negotiation auto ! interface GigabitEthernet0/1/0/2.1 l2transport encapsulation untagged rewrite ingress tag push dot1q 200 symmetric ethernet egress-filter strict ! interface GigabitEthernet0/1/0/3 negotiation auto ! interface GigabitEthernet0/1/0/3.1 l2transport encapsulation dot1q 500 rewrite ingress tag pop 1 symmetric l2protocol cpsv reverse-tunnel ethernet egress-filter strict ! l2vpn bridge group examples bridge-domain r1-bridge interface GigabitEthernet0/1/0/1.1 ! interface GigabitEthernet0/1/0/2.1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-57
! interface GigabitEthernet0/1/0/3.1 ! ! ! !
At R2:
! interface GigabitEthernet0/5/0/4 negotiation auto ! interface GigabitEthernet0/5/0/4.1 l2transport encapsulation dot1q 500 rewrite ingress tag pop 1 symmetric l2protocol cpsv reverse-tunnel ethernet egress-filter strict ! interface GigabitEthernet0/5/0/5 negotiation auto ! interface GigabitEthernet0/5/0/5.1 l2transport encapsulation untagged rewrite ingress tag push dot1q 100 symmetric ethernet egress-filter strict ! interface GigabitEthernet0/5/0/6 negotiation auto ! interface GigabitEthernet0/5/0/6.1 l2transport encapsulation untagged rewrite ingress tag push dot1q 200 symmetric ethernet egress-filter strict ! l2vpn bridge group examples bridge-domain r2-bridge interface GigabitEthernet0/5/0/4.1 ! interface GigabitEthernet0/5/0/5.1 ! interface GigabitEthernet0/5/0/6.1 ! ! ! !
Customer traffic entering router R1 is trunked, that is all traffic is tagged. The only untagged traffic is the protocol traffic, which arrives from the customer network. The Customer-facing interfaces GigabitEthernet 0/1/0/1 at router R1 and Gigabit Ethernet 0/5/0/5 at router R2 belong to the same customer. Customer-facing interfaces GigabitEthernet 0/1/0/2 at router R1 and GigabitEthernet 0/5/0/6 at router R2 belong to a different customer. Traffic from different customers remain segregated. Only L2 protocol traffic is sent through the customer-facing interfaces. L2 protocol traffic entering the customer-facing interfaces is untagged. Traffic must be L2PT encapsulated to successfully pass through the switch cloud.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-58
OL-23107-02
The purpose of this topology is that router R1 and R2 must receive customer protocol traffic from multiple customer interfaces, and multiplex the traffic across a single service provider interface and link. At the decapsulation end, the reverse is performed. Traffic entering router R1 on the GigabitEthernet subinterface 0/1/0/1.1 exits router R2 from the GigabitEthernet subinterface 0/5/0/5.1 only while traffic entering router R1 at GigabitEthernet subinterface 0/1/0/2.1 exits router R2 from GigabitEthernet subinterface 0/5/0/6.1 only. A protocol frame entering router R1 on GigabitEthernet interface 0/1/0/1 travels through the network in this manner:
The protocol frame is directed to GigabitEthernet subinterface 0/1/0/1.1, as the frame is untagged. The rewrite statement with GigabitEthernet subinterface 0/1/0/1.1 causes a tag of ID 100 to be added to the frame. The frame enters router R1s bridge domain r1-bridge. The bridge (r1-bridge) floods the frame to all attachment circuits (AC) on the bridge domain, except the originating AC (split horizon AC). Ethernet egress filtering on GigabitEthernet subinterface 0/1/0/2.1 detects a tag ID mismatch, and drops the frame. In this way, the bridge domains flooded traffic is prevented from exiting other customer interfaces. A flooded copy of the frame is sent to GigabitEthernet subinterface 0/1/0/3.1. GigabitEthernet subinterface 0/1/0/3.1 adds a second tag. The frame receives an L2PT encapsulation by GigabitEthernet subinterface 0/1/0/3.1 before it leaves router R1 through the GigabitEthernet interface 0/1/0/3.
Note
The frame is now double-tagged (100 inner, 500 outer) and has the L2PT MAC DA. The frame passes to router R2 GigabitEthernet interface 0/5/0/4 because of the L2PT encapsulation. The frame after having entered router R2 on GigabitEthernet interface 0/5/0/4 is directed to GigabitEthernet subinterface 0/5/0/4.1. On entering GigabitEthernet subinterface 0/5/0/4.1, an L2PT decapsulation operation is performed on the frame. The outer tag ID 500 is removed by GigabitEthernet subinterface 0/5/0/4.1 Router R2s bridge (r2-bridge) floods the frames to all ACs. Ethernet egress filtering drops the frames on all ACs except the AC through which the frame exits. As the frame exits router R2 from GigabitEthernet subinterface 0/5/0/5.1, the tag of ID 100 is removed. The frame that exits router R2 from GigabitEthernet interface 0/5/0/5 is identical to the original frame that entered router R1 through GigabitEthernet interface 0/1/0/1.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-59
The l2protocol command can be configured on either a main or L2 subinterface. The l2protocol command can be configured on physical or bundle interfaces. When the l2protocol and ethernet filtering commands are configured on the same interface, L2PT encapsulation occurs before ethernet filtering. This means that L2PT prevents the CDP, STP, and VTP protocol frames from being dropped by ethernet filtering. When L2PT is configured with other interface features, L2PT encapsulation occurs before the processing for other interface features. L2PT encapsulation and decapsulation is supported for untagged protocol frames, single-tagged, and double-tagged frames. Tag Ethertypes of 0x8100, 0x88A8, and 0x9100 are supported, however, 0x9100 is not.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-60
OL-23107-02
Configuring Policy Based Forwarding, page 61 Configuring Layer 2 Protocol Tunneling: Example, page 67
Note
For information on configuring Ethernet interfaces, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide.
Enabling Policy Based Forwarding, page 61 Configuring Source Bypass Filter, page 64
SUMMARY STEPS
1. 2. 3.
configure interface type interface-path-id.subinterface l2transport encapsulation or encapsulation or encapsulation or encapsulation or encapsulation dot1q vlan-id ingress source-mac mac-address dot1ad vlan-id ingress source-mac mac-address untagged ingress source-mac mac-address dot1ad vlan-id dot1q vlan-id ingress source-mac mac-address dot1q vlan-id second-dot1q vlan-id ingress source-mac mac-address
4.
rewrite ingress tag translate 1-to-1 dot1q vlan-id symmetric or rewrite ingress tag push dot1q vlan-id symmetric ethernet egress-filter strict end or commit
5. 6.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-61
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Enters subinterface configuration mode and enables Layer 2 transport mode on a port and enters Layer 2 transport configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/2/0/4.10 l2transport
Step 3
encapsulation dot1q vlan-id ingress source-mac mac-address or encapsulation dot1ad vlan-id ingress source-mac mac-address or encapsulation untagged ingress source-mac mac-address or encapsulation dot1ad vlan-id dot1q vlan-id ingress source-mac mac-address or encapsulation dot1q vlan-id second-dot1q vlan-id ingress source-mac mac-address
Example:
RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 10 ingress source-mac 0.1.2 or RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1ad 10 ingress source-mac 0.1.4 or RP/0/RSP0/CPU0:router(config-subif)# encapsulation untagged ingress source-mac 0.1.3 or RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1ad 10 dot1q 10 ingress source-mac 0.1.2 or RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 10 second-dot1q 20 ingress source-mac 0.1.2
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-62
OL-23107-02
Command or Action
Step 4
rewrite ingress tag translate 1-to-1 dot1q vlan-id symmetric or rewrite ingress tag push dot1q vlan-id symmetric Example: RP/0/RSP0/CPU0:router(config-subif)# rewrite ingress tag translate 1-to-1 dot1q 100 symmetric or rewrite ingress tag push dot1q 101 symmetric
Purpose Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.
Step 5
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-subif)# end
or
RP/0/RSP0/CPU0:router(config-subif)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-63
SUMMARY STEPS
1. 2. 3.
configure interface type interface-path-id.subinterface l2transport encapsulation or encapsulation or encapsulation or encapsulation or encapsulation dot1q vlan-id dot1ad vlan-id untagged dot1ad vlan-id dot1q vlan-id dot1q vlan-id second-dot1q vlan-id
4. 5. 6. 7.
rewrite ingress tag translate 1-to-1 dot1q vlan-id symmetric ethernet egress-filter disable ethernet source bypass egress-filter end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Enters subinterface configuration mode and enables Layer 2 transport mode on a port and enters Layer 2 transport configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/2/0/4.1 l2transport
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-64
OL-23107-02
Command or Action
Step 3
encapsulation or encapsulation or encapsulation or encapsulation or encapsulation vlan-id dot1q vlan-id dot1ad vlan-id untagged dot1ad vlan-id dot1q vlan-id dot1q vlan-id second-dot1q
Example:
RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 10 or RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1ad 10 or RP/0/RSP0/CPU0:router(config-subif)# encapsulation untagged or RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1ad 10 dot1q 10 or RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 10 second-dot1q 20
Step 4
rewrite ingress tag translate 1-to-1 dot1q vlan-id symmetric Example: RP/0/RSP0/CPU0:router(config-subif)# rewrite ingress tag translate 1-to-1 dot1q 100 symmetric
Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.
Step 5
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-65
Command or Action
Step 6
ethernet source bypass egress-filter Example: RP/0/RSP0/CPU0:router(config-subif)# ethernet source bypass egress-filter
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-subif)# end
or
RP/0/RSP0/CPU0:router(config-subif)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-66
OL-23107-02
Configuration Examples
This section provides these configuration examples:
Configuring Policy Based Forwarding: Example Configuring Layer 2 Protocol Tunneling: Example
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-67
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-68
OL-23107-02
interface GigabitEthernet0/1/0/3.1 l2transport encapsulation dot1q 500 rewrite ingress tag pop 1 symmetric l2protocol cpsv reverse-tunnel ethernet egress-filter strict ! l2vpn bridge group examples bridge-domain r1-bridge interface GigabitEthernet0/1/0/1.1 ! interface GigabitEthernet0/1/0/2.1 ! interface GigabitEthernet0/1/0/3.1 ! ! ! !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-69
Additional References
These sections provide references related to implementing Gigabit and 10-Gigabit Ethernet interfaces.
Related Documents
Related Topic Cisco IOS XR master command reference Document Title Cisco IOS XR Master Commands List
Standards
Standards Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
MIBs There are no applicable MIBs for this module. MIBs Link To locate and download MIBs for selected platforms using Cisco IOS XR Software, use the Cisco MIB Locator found at this URL: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. Title
Technical Assistance
Description The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content. Link http://www.cisco.com/techsupport
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-70
OL-23107-02
Note
This feature was introduced on the Cisco ASR 9000 Series Routers. Support for Multichassis Link Aggregation feature was added.
Contents
This chapter includes these sections:
Prerequisites for Configuring Link Bundles, page 72 Information About Configuring Link Bundles, page 72 How to Configure Link Bundling, page 85 Configuration Examples for Link Bundles, page 115 Additional References, page 125
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-71
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
You know the interface IP address. You know which links should be included in the bundle you are configuring. If you are configuring an Ethernet link bundle, you have at least one of these Ethernet line cards installed in the router:
4-port 10-Gigabit Ethernet line card 8-port 10-Gigabit Ethernet line card 40-port Gigabit Ethernet line card
Note
For more information about physical interfaces, PLIMs, and modular services cards, refer to the Cisco ASR 9000 Series Routers Hardware Installation Guide.
Link Bundling Overview, page 73 Characteristics of Cisco ASR 9000 Series Routers Link Bundles, page 73 Link Aggregation Through LACP, page 74 QoS and Link Bundling, page 75 VLANs on an Ethernet Link Bundle, page 76 Link Bundle Configuration Overview, page 76 Nonstop Forwarding During Card Failover, page 76 Link Failover, page 77 Bundle Interfaces: Redundancy, Load Sharing, Aggregation, page 77 Multichassis Link Aggregation, page 77
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-72
OL-23107-02
Multiple links can span several line cards to form a single interface. Thus, the failure of a single link does not cause a loss of connectivity. Bundled interfaces increase bandwidth availability, because traffic is forwarded over all available members of the bundle. Therefore, traffic can flow on the available links if one of the links within a bundle fails. Bandwidth can be added without interrupting packet flow.
Although the individual links within a single bundle can have varying speeds, all links within a bundle must be of the same type. Cisco IOS XR software supports these methods of forming bundles of Ethernet interfaces:
IEEE 802.3adStandard technology that employs a Link Aggregation Control Protocol (LACP) to ensure that all the member links in a bundle are compatible. Links that are incompatible or have failed are automatically removed from a bundle. EtherChannelCisco proprietary technology that allows the user to configure links to join a bundle, but has no mechanisms to check whether the links in a bundle are compatible.
Any type of Ethernet interfaces can be bundled, with or without the use of LACP (Link Aggregation Control Protocol). Bundle membership can span across several line cards that are installed in a single router. A single bundle supports maximum of eight physical links. If you add more than eight links to a bundle, only eight of the links are in distributing state, and the remaining links are in waiting state. A single Cisco ASR 9000 Series Routers supports a maximum of 128 bundles. Different link speeds are allowed within a single bundle, with a maximum of four times the speed difference between the members of the bundle. Physical layer and link layer configuration are performed on individual member links of a bundle. Configuration of network layer protocols and higher layer applications is performed on the bundle itself. A bundle can be administratively enabled or disabled. Each individual link within a bundle can be administratively enabled or disabled. Ethernet link bundles are created in the same way as Ethernet channels, where the user enters the same configuration on both end systems. The MAC address that is set on the bundle becomes the MAC address of the links within that bundle. When LACP configured, each link within a bundle can be configured to allow different keepalive periods on different members. Load balancing (the distribution of data between member links) is done by flow instead of by packet. Data is distributed to a link in proportion to the bandwidth of the link in relation to its bundle. QoS is supported and is applied proportionally on each bundle member.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-73
Link layer protocols, such as CDP and HDLC keepalives, work independently on each link within a bundle. Upper layer protocols, such as routing updates and hellos, are sent over any member link of an interface bundle. Bundled interfaces are point to point. A link must be in the up state before it can be in distributing state in a bundle. All links within a single bundle must be configured either to run 802.3ad (LACP) or Etherchannel (non-LACP). Mixed links within a single bundle are not supported. A bundle interface can contain physical links and VLAN subinterfaces only. Access Control List (ACL) configuration on link bundles is identical to ACL configuration on regular interfaces. Multicast traffic is load balanced over the members of a bundle. For a given flow, internal processes select the member link and all traffic for that flow is sent over that member.
All links terminate on the same two systems. Both systems consider the links to be part of the same bundle. All links have the appropriate settings on the peer.
LACP transmits frames containing the local port state and the local view of the partner systems state. These frames are analyzed to ensure both systems are in agreement.
A globally unique local system identifier An identifier (operational key) for the bundle of which the link is a member An identifier (port ID) for the link The current aggregation status of the link
This information is used to form the link aggregation group identifier (LAG ID). Links that share a common LAG ID can be aggregated. Individual links have unique LAG IDs. The system identifier distinguishes one router from another, and its uniqueness is guaranteed through the use of a MAC address from the system. The bundle and link identifiers have significance only to the router assigning them, which must guarantee that no two links have the same identifier, and that no two bundles have the same identifier.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-74
OL-23107-02
The information from the peer system is combined with the information from the local system to determine the compatibility of the links configured to be members of a bundle. Bundle MAC addresses in the Cisco ASR 9000 Series Routers come from a set of reserved MAC addresses in the backplane.This MAC address stays with the bundle as long as the bundle interface exists. The bundle uses this MAC address until the user configures a different MAC address. The bundle MAC address is used by all member links when passing bundle traffic. Any unicast or multicast addresses set on the bundle are also set on all the member links.
Note
We recommend that you avoid modifying the MAC address, because changes in the MAC address can affect packet forwarding.
hi priority /lo priorityMaximum bandwidth is calculated as a percentage of the bundle interface bandwidth. This percentage is then applied to every member link on the egress, or to the local bundle instance on ingress. guaranteed bandwidthProvided in percentage and applied to every member link. traffic shapingProvided in percentage and applied to every member link. WREDMinimum and maximum parameters are converted to the right proportion per member link or bundle instance, and then are applied to the bundle. markingProcess of changing the packet QoS level according to a policy. tail drop Packets are dropped when the queue is full.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-75
The maximum number of VLANs allowed per bundle is 4000. The maximum number of bundled VLANs allowed per router is 16000.
Note
The memory requirement for bundle VLANs is slightly higher than standard physical interfaces. To create a VLAN subinterface on a bundle, include the VLAN subinterface instance with the interface Bundle-Ether command: interface Bundle-Ether instance.subinterface After you create a VLAN on an Ethernet link bundle, all physical VLAN subinterface configuration is supported on that link bundle.
In global configuration mode, create a link bundle. To create an Ethernet link bundle, enter the interface Bundle-Ether command. Assign an IP address and subnet mask to the virtual interface using the ipv4 address command. Add interfaces to the bundle you created in Step 1 with the bundle id command in the interface configuration submode. You can add up to 32 links to a single bundle.
Note
A link is configured to be a member of a bundle from the interface configuration submode for that link.
Note
Note
You do not need to configure anything to guarantee that the standby interface configurations are maintained.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-76
OL-23107-02
Link Failover
When one member link in a bundle fails, traffic is redirected to the remaining operational member links and traffic flow remains uninterrupted.
Multichassis Link Aggregation Control Protocol (mLACP) Interchassis Communication Protocol (ICCP)
The mLACP protocol defines the expected behavior between the two devices and uses the Interchassis Control Protocol (ICCP) to exchange TLVs and identify peer devices to operate with. At the edge of a provider's network, a simple customer edge (CE) device that only supports standard LACP is connected to two provider edge (PE) devices. Thus the CE device is dual-homed, providing better L2 redundancy from the provider's side. In mLACP terminology, the CE device is referred to as a dual-homed device (DHD) and each PE device is known as a point of attachment (POA). The POA forwarding traffic for the bundle is the active device for that bundle, while the other POA is the standby device.
Failure Cases
MC-LAG provides redundancy, switching traffic to the unaffected POA while presenting an unchanged bundle interface to the DHD, for the following failure events:
Link failure: A port or link between the DHD and one of the POAs fails. Device failure: Meltdown or reload of one of the POAs, with total loss of connectivity (to the DHD, the core and the other POA).
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-77
Core isolation: A POA loses its connectivity to the core network, and therefore is of no value, being unable to forward traffic to or from the DHD.
A loss of connectivity between the POAs leads both devices to assume that the other has experienced device failure, causing them to attempt to take on the Active role. This is known as a split brain scenario and can happen in either of the following cases:
All other connectivity remains; only the link between POAs is lost. One POA is isolated from the core network (i.e. a core isolation scenario where the connection between the two POAs was over the core network).
MC-LAG by itself does not provide a means to avoid this situation; resiliency in the connection between the POAs is a requirement. The DHD is given the responsibility of mitigating the problem by setting a limit on the number of links, within the bundle, that can be active. As such only the links connected to one of the POAs can be active at any one point of time.
ICCP Protocol
LDP
279531
Two POAs communicate with each other over an LDP link using the Interchassis Communication Protocol (ICCP). ICCP is an LDP based protocol wherein an LDP session is created between the POAs in a redundancy group, and the ICCP messages are carried over that LDP session. The PE routers in a redundancy group may be a single-hop (directly connected) or a multi-hop away from one another. The ICCP protocol manages the setup and controls the redundancy groups. It also establishes, maintains, and tears down ICCP connections. The ICCP protocol uses route-watch to monitor the connectivity to the PEs in a given redundancy group. It is also responsible for tracking core isolation failures. It notifies all client applications of failure (core isolation and active PE failure). To operate ICCP, the devices are configured as members of redundancy groups (RGs).
Note
In the mLACP configuration, two devices are configured to be members of each RG (until a device-level failure occurs leaving only a single member). However, each device can be a member of more than one RG. In each redundancy group, a POA's mLACP peer is the other POA in that group, with which it communicates using mLACP over ICCP. For each bundle, the POA and DHD at each end are LACP partners, communicating using the standard LACP protocol.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-78
OL-23107-02
Redundancy Group
The CE is also called dual-homed device (DHD) and the PE is also called point of attachment (POA). The pair of POAs that is connected to the single DHD forms a redundancy group (RG). At any given time, only one POA is active for a bundle. Only the set of links between the DHD and the active POA actively sends traffic. The set of links between the DHD and the standby POA does not forward traffic. When the multichassis link bundle software detects that the connection to the active POA has failed, the software triggers the standby POA to become the active POA, and the traffic flows using the links between the DHD and newly active POA. The ICCP protocol operates between the active and the standby POAs, and allows the POAs to coordinate their configuration, determine which POA is active, and trigger a POA to become active. Applications running on the two POAs (mLACP, IGMP snooping, DHCP snooping or ANCP) synchronize their state using ICCP.
Failure Modes
The mLACP feature provides network resiliency by protecting against port, link, and node failures. Figure 3 depicts the various failure modes.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
279533
LSC-79
Figure 3
Failure Modes
Standby PoA
ADHD uplink port failure. The port on the DHD that is connected to the POA fails. BDHD uplink failure. The connection between the DHD and the POA fails. CActive POA downlink port failure. DActive POA node failure. EActive POA uplink failure (network isolation). The links between the active POA and the core network fails
T-PE1
primary PW CE1 backup PW
T-PE3
279530
CE2
T-PE4
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-80
OL-23107-02
279535
T-PE1 (active)
primary PW DHD-1 A backup PW ICCP S backup PW backup PW primary PW backup PW
T-PE3 (active)
A ICCP S
DHD-2
T-PE2 (standby)
T-PE4 (standby)
Switchovers
Switchovers, which is changing the Active/Standby roles of the POAs, are performed using dynamic priority management or brute force behavior.
A configured priority which can either be configured explicitly, or defaults to 32768 An operational priority used in LACP negotiations, which may differ from the configured priority if switchovers have occurred.
Higher priority LACP links are always selected ahead of lower priority LACP links. This means the operational priorities can be manipulated to force the standard LACP Selection Logic (on the POAs and on the DHD) to select desired links on both ends. For example, consider a case where the DHD has two links to each POA, and each POA is configured with minimum-active links is 2. (This means the bundle goes down on the POA if the number of active links falls below 2.) The operational priorities for the member links are 1 on POA-1 and 2 on POA-2. This means that POA-1 is active (being higher priority) and the links on POA-2 are held in Standby state. The sequence of events in a switchover is as follows:
1. 2. 3. 4.
A link fails on POA-1, causing the number of active links to fall below the minimum of 2. POA-1 changes the operational priority of both its links to 3, so the links on POA 2 are now higher priority. POA-1 sends a LACP message to the DHD and an mLACP message to POA-2, informing both devices of the change. The DHD tries to activate the links connected to POA-2 as these now have the highest priority.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
279528
primary PW
primary PW
LSC-81
5.
POA-2 also ensures that its links have the highest priority and activates its links to the DHD.
MC-LAG Topologies
This section illustrates the supported MC-LAG topologies.
Figure 6 VPWS One-way Pseudowire Redundancy in Redundancy Group
PE2 L4 DHD2
Figure 7
PE2 L4 DHD2
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-82
OL-23107-02
Figure 8
PE2 L4 DHD2
Figure 9
PE2 L4 DHD2
Figure 10
EoMPLS
VPLS
VFI 1
VFI 3
uPE1 DHD1 L2
PW 2 PW 1 PW 3
nPE2
PW 5 PW 6 PW 7
nPE3
VFI 2
VFI 4
nPE2
PW 8
nPE4
199883
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-83
Figure 11
EoMPLS
VPLS
VFI 1
VFI 3
uPE1 DHD1 L2
PW 2 PW 1 PW 3
nPE2
PW 5 PW 6 PW 7
nPE3
VFI 2
VFI 4
nPE2
PW 8
nPE4
199885
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-84
OL-23107-02
Configuring Ethernet Link Bundles, page 85 Configuring VLAN Bundles, page 89 Configuring Multichassis Link Aggregation, page 95
Note
Note
In order for an Ethernet bundle to be active, you must perform the same configuration on both connection endpoints of the bundle.
SUMMARY STEPS
The creation of an Ethernet link bundle involves creating a bundle and adding member interfaces to that bundle, as shown in the steps that follow.
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure interface Bundle-Ether bundle-id ipv4 address ipv4-address mask bundle minimum-active bandwidth kbps (Optional) bundle minimum-active links links (Optional) bundle maximum-active links links (Optional) bundle maximum-active links links hot-standby (Optional) exit interface {GigabitEthernet | TenGigE} instance
10. bundle id bundle-id [mode {active | on | passive} 11. no shutdown 12. exit 13. Repeat Step 8 through Step 11 to add more links to the bundle you created in Step 2. 14. end
or commit
15. exit 16. exit 17. Perform Step 1 through Step 15 on the remote end of the connection. 18. show bundle Bundle-Ether bundle-id [reasons]
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-85
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Creates and names a new Ethernet link bundle. This interface Bundle-Ether command enters you into the interface configuration submode, where you can enter interface specific configuration commands are entered. Use the exit command to exit from the interface configuration submode back to the normal global configuration mode. Assigns an IP address and subnet mask to the virtual interface using the ipv4 address configuration subcommand.
Example:
RP/0/RSP0/CPU0:router#(config)# interface Bundle-Ether 3
Step 3
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 10.1.2.3 255.0.0.0
Step 4
(Optional) Sets the minimum amount of bandwidth required before a user can bring up a bundle.
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle minimum-active bandwidth 580000
Step 5
(Optional) Sets the number of active links required before you can bring up a specific bundle.
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle minimum-active links 2
Step 6
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle maximum-active links 1
(Optional) Designates one active link and one link in standby mode that can take over immediately for a bundle if the active link fails (1:1 protection). The default number of active links allowed in a single bundle is 8.
Note
If the bundle maximum-active command is issued, then only the highest-priority link within the bundle is active. The priority is based on the value from the bundle port-priority command, where a lower value is a higher priority. Therefore, we recommend that you configure a higher priority on the link that you want to be the active link.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-86
OL-23107-02
Command or Action
Step 7
bundle maximum-active links links hot-standby
Purpose The hot-standby keyword helps to avoid bundle flaps on a switchover or switchback event during which the bundle temporarily falls below the minimum links or bandwidth threshold. It sets default values for the wait-while timer and suppress-flaps timer to achieve this. Exits interface configuration submode for the Ethernet link bundle.
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle maximum-active links 1 hot-standby
Step 8
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 9
Enters the interface configuration mode for the specified interface. Enter the GigabitEthernet or TenGigE keyword to specify the interface type. Replace the instance argument with the node-id in the rack/slot/module format. Adds the link to the specified bundle. To enable active or passive LACP on the bundle, include the optional mode active or mode passive keywords in the command string. To add the link to the bundle without LACP support, include the optional mode on keywords with the command string.
Note
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 1/0/0/0
Step 10
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle-id 3
If you do not specify the mode keyword, the default mode is on (LACP is not run over the port).
Step 11
no shutdown
Example:
RP/0/RSP0/CPU0:router(config-if)# no shutdown
(Optional) If a link is in the down state, bring it up. The no shutdown command returns the link to an up or down state depending on the configuration and state of the link. Exits interface configuration submode for the Ethernet interface.
Step 12
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 13
(Optional) Repeat Step 8 through Step 11 to add more links to the bundle.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-87
Command or Action
Step 14
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 15
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 16
exit
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 17 Step 18
Brings up the other end of the link bundle. (Optional) Shows information about the specified Ethernet link bundle.
Example:
RP/0/RSP0/CPU0:router# show bundle Bundle-Ether 3 reasons
Step 19
(Optional) Shows detailed information about LACP ports and their peers.
Example:
RP/0/RSP0/CPU0:router# show lacp Bundle-Ether 3
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-88
OL-23107-02
Create an Ethernet bundle. Create VLAN subinterfaces and assign them to the Ethernet bundle. Assign Ethernet links to the Ethernet bundle.
Note
In order for a VLAN bundle to be active, you must perform the same configuration on both ends of the bundle connection.
SUMMARY STEPS
The creation of a VLAN link bundle is described in the steps that follow.
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure interface Bundle-Ether bundle-id ipv4 address ipv4-address mask bundle minimum-active bandwidth kbps (Optional) bundle minimum-active links links (Optional) bundle maximum-active links links (Optional) exit interface Bundle-Ether bundle-id.vlan-id encapsulation dot1q vlan-id
10. ipv4 address ipv4-address mask 11. no shutdown 12. exit 13. Repeat Step 7 through Step 12 to add more VLANs to the bundle you created in Step 2. 14. end
or commit
15. exit 16. exit 17. show ethernet trunk bundle-Ether instance 18. configure 19. interface {GigabitEthernet | TenGigE} instance 20. bundle id bundle-id [mode {active | on | passive}] 21. no shutdown 22. Repeat Step 19 through Step 21 to add more Ethernet interfaces to the bundle you created in Step 2.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-89
23. end
or commit
24. Perform Step 1 through Step 23 on the remote end of the connection. 25. show bundle Bundle-Ether bundle-id [reasons] 26. show ethernet trunk bundle-Ether instance
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Creates and names a new Ethernet link bundle. This interface Bundle-Ether command enters you into the interface configuration submode, where you can enter interface-specific configuration commands. Use the exit command to exit from the interface configuration submode back to the normal global configuration mode. Assigns an IP address and subnet mask to the virtual interface using the ipv4 address configuration subcommand.
Example:
RP/0/RSP0/CPU0:router#(config)# interface Bundle-Ether 3
Step 3
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 10.1.2.3 255.0.0.0
Step 4
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle minimum-active bandwidth 580000
(Optional) Sets the minimum amount of bandwidth required before a user can bring up a bundle.
Step 5
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle minimum-active links 2
(Optional) Sets the number of active links required before you can bring up a specific bundle.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-90
OL-23107-02
Command or Action
Step 6
bundle maximum-active links links
Purpose (Optional) Designates one active link and one link in standby mode that can take over immediately for a bundle if the active link fails (1:1 protection).
Note
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle maximum-active links 1
The default number of active links allowed in a single bundle is 8. If the bundle maximum-active command is issued, then only the highest-priority link within the bundle is active. The priority is based on the value from the bundle port-priority command, where a lower value is a higher priority. Therefore, we recommend that you configure a higher priority on the link that you want to be the active link.
Note
Step 7
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 8
Creates a new VLAN, and assigns the VLAN to the Ethernet bundle you created in Step 2. Replace the bundle-id argument with the bundle-id you created in Step 2. Replace the vlan-id with a subinterface identifier. Range is from 1 to 4094 inclusive (0 and 4095 are reserved).
Note
Example:
RP/0/RSP0/CPU0:router#(config)# interface Bundle-Ether 3.1
When you include the .vlan-id argument with the interface Bundle-Ether bundle-id command, you enter subinterface configuration mode.
Step 9
Assigns a VLAN to the subinterface. Replace the vlan-id argument with a subinterface identifier. Range is from 1 to 4094 inclusive (0 and 4095 are reserved). Assigns an IP address and subnet mask to the subinterface.
Example:
RP/0/RSP0/CPU0:router#(config-subif)# encapsulation dot1q 10
Step 10
Example:
RP/0/RSP0/CPU0:router#(config-subif)# ipv4 address 10.1.2.3/24
Step 11
no shutdown
Example:
RP/0/RSP0/CPU0:router#(config-subif)# no shutdown
(Optional) If a link is in the down state, bring it up. The no shutdown command returns the link to an up or down state depending on the configuration and state of the link.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-91
Command or Action
Step 12
exit
Example:
RP/0/RSP0/CPU0:router(config-subif)# exit
Step 13 Step 14
Repeat Step 7 through Step 12 to add more VLANs to the bundle you created in Step 2.
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-subif)# end
or
RP/0/RSP0/CPU0:router(config-subif)# commit
to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration
session and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 15
exit
Example:
RP/0/RSP0/CPU0:router(config-subif)# exit
Step 16
exit
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 17
(Optional) Displays the interface configuration. The Ethernet bundle instance range is from 1 through 65535.
Example:
RP/0/RP0/CPU0:router# show ethernet trunk bundle-ether 5
Step 18
configure
Example:
RP/0/RSP0/CPU0:router # configure
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-92
OL-23107-02
Command or Action
Step 19
interface {GigabitEthernet | TenGigE} instance
Purpose Enters the interface configuration mode for the Ethernet interface you want to add to the Bundle. Enter the GigabitEthernet or TenGigE keyword to specify the interface type. Replace the instance argument with the node-id in the rack/slot/module format.
Note
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 1/0/0/0
A VLAN bundle is not active until you add an Ethernet interface on both ends of the link bundle.
Step 20
Adds an Ethernet interface to the bundle you configured in Step 2 through Step 13. To enable active or passive LACP on the bundle, include the optional mode active or mode passive keywords in the command string. To add the interface to the bundle without LACP support, include the optional mode on keywords with the command string.
Note
Example:
RP/0/RSP0/CPU0:router(config-if)# bundle-id 3
If you do not specify the mode keyword, the default mode is on (LACP is not run over the port).
Step 21
no shutdown
Example:
RP/0/RSP0/CPU0:router(config-if)# no shutdown
(Optional) If a link is in the down state, bring it up. The no shutdown command returns the link to an up or down state depending on the configuration and state of the link.
Step 22
Repeat Step 19 through Step 21 to add more Ethernet interfaces to the VLAN bundle.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-93
Command or Action
Step 23
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-subif)# end
or
RP/0/RSP0/CPU0:router(config-subif)# commit
to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration
session and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 24 Step 25
Perform Step 1 through Step 23 on the remote end of the VLAN bundle connection.
show bundle Bundle-Ether bundle-id [reasons]
Brings up the other end of the link bundle. (Optional) Shows information about the specified Ethernet link bundle. The show bundle Bundle-Ether command displays information about the specified bundle. If your bundle has been configured properly and is carrying traffic, the State field in the show bundle Bundle-Ether command output will show the number 4, which means the specified VLAN bundle port is distributing. (Optional) Displays the interface configuration. The Ethernet bundle instance range is from 1 through 65535.
Example:
RP/0/RSP0/CPU0:router# show bundle Bundle-Ether 3 reasons
Step 26
Example:
RP/0/RP0/CPU0:router# show ethernet trunk bundle-ether 5
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-94
OL-23107-02
Configuring Link Bundles, page 95 Configuring Interchassis Communication Protocol, page 95 Configuring Multichassis Link Aggregation Control Protocol Session, page 98 Configuring Multichassis Link Aggregation Control Protocol Bundle, page 100 Configuring Dual-Homed Device, page 102 Configuring Access Backup Pseudowire, page 104 Configuring One-way Pseudowire Redundancy in MC-LAG, page 107 Configuring VPWS cross-connects in MC-LAG, page 109 Configuring VPLS in MC-LAG, page 112
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure redundancy iccp group group-id member neighbor neighbor-ip-address backbone interface interface-type-id isolation recovery-delay delay end or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-95
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
redundancy iccp group group-id Example: RP/0/RSP0/CPU0:router#(config-redundancy-iccp-group) # redundancy iccp group 100
Step 3
Configures ICCP members. This is the ICCP peer for this redundancy group. Only one neighbor can be configured per redundancy group. The IP address is the LDP router-ID of the neighbor. This configuration is required for ICCP to function. Configures ICCP backbone interfaces. This is an optional configuration to detect isolation from the network core, and triggers switchover to the peer POA if the POA on which the failure is occurring is active. Multiple backbone interfaces can be configured for each redundancy group. When all backbone interfaces are not UP, this is an indication of core isolation. When one or more backbone interfaces are UP, then the POA is not isolated from the network core. Backbone interfaces are typically the interfaces which L2VPN pseudowires can use.
Step 4
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-96
OL-23107-02
Command or Action
Step 5
isolation recovery-delay delay Example: RP/0/RSP0/CPU0:router#(config-redundancy-iccp-group) # isolation recovery-delay 30
Purpose Configures the isolation parameters and specifies delay before clearing isolation condition after recovery from failure. Isolation recovery delay timer is started once the core isolation condition has cleared. When the timer expires, the POA can take over as the active POA (depending on other conditions like bundle recovery delay timer). This allows:
the network core to reconverge after the backbone interfaces have come up ICCP state to be exchanged in order for POAs to know what state they are supposed to be in so that MCLAG bundles do not flap excessively.
This is an optional configuration; if not configured, the delay is set to 180 seconds, by default.
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-redundancy-iccp-group)# end
or
RP/0/RSP0/CPU0:router(config-redundancy-iccp-group)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-97
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure redundancy iccp group group-id mlacp system mac mac-id mlacp system priority priority mlacp node node-id end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
redundancy iccp group group-id Example: RP/0/RSP0/CPU0:router#(config-redundancy-iccp-group) # redundancy iccp group 100
Step 3
Example:
RP/0/RSP0/CPU0:router#(config-redundancy-iccp-group) # mlacp system mac 1.1.1
The mac-id is a user configured value for the LACP system LAG-ID to be used by the POAs. It is highly recommended that the mac-ids have the same value on both POAs. You can have different LAG-IDs for different groups.
Step 4
Example:
RP/0/RSP0/CPU0:router#(config-redundancy-iccp-group) # mlacp system priority 10
It is recommended that system priority of the POAs be configured to a lower numerical value (higher priority) than the LACP LAG ID of the DHD. If the DHD has higher system priority then dynamic priority management cannot work and brute force switchover is automatically used.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-98
OL-23107-02
Command or Action
Step 5
mlacp node node-id
Purpose Sets the LACP system priority to be used in this ICCP Group.
Note
Example:
RP/0/RSP0/CPU0:router#(config-redundancy-iccp-group) # mlacp node 1
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-99
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
configure interface Bundle-Ether bundle-id mac-address mac-id bundle wait-while milliseconds lacp switchover suppress-flaps milliseconds mlacp iccp-group group-id mlacp port-priority priority end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Example:
RP/0/RSP0/CPU0:router#(config)# interface Bundle-Ether 3
Step 3
mac-address mac-id
Example:
RP/0/RSP0/CPU0:router#(config-if)# mac-address 1.1.1
Step 4
Example:
RP/0/RSP0/CPU0:router#(config-if)# bundle wait-while 100
Step 5
Sets the time for which to suppress flaps during a LACP switchover.
Note
Example:
RP/0/RSP0/CPU0:router#(config-if)# lacp switchover suppress-flaps 300
It is recommended that the value used for the milliseconds argument is greater than that for the wait-while timer of the local device (and the DHD).
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-100
OL-23107-02
Command or Action
Step 6
mlacp iccp-group group-id
Purpose Configures the ICCP redundancy group in which this bundle should operate.
Example:
RP/0/RSP0/CPU0:router#(config-if)# mlacp iccp-group 10
Step 7
Sets the starting priority for all member links on this device when running mLACP.
Note
Example:
RP/0/RSP0/CPU0:router#(config-if)# mlacp port-priority 10
Lower value indicates higher priority. If you are using dynamic priority management the priority of the links change when switchovers occur. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 8
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-101
Note
If an ASR 9000 Series Router is to be used as a DHD, it is recommended that you configure the bundle maximum-active links links command where links is the number of links connecting the DHD to one of the POAs.
SUMMARY STEPS
1. 2. 3. 4. 5.
configure interface Bundle-Ether bundle-id bundle wait-while milliseconds lacp switchover suppress-flaps milliseconds end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Example:
RP/0/RSP0/CPU0:router#(config-if)# interface Bundle-Ether 3
Step 3
Example:
RP/0/RSP0/CPU0:router#(config-if)# bundle wait-while 100
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-102
OL-23107-02
Command or Action
Step 4
lacp switchover suppress-flaps milliseconds
Purpose Sets the time for which to suppress flaps during a LACP switchover.
Example:
RP/0/RSP0/CPU0:router#(config-if)# lacp switchover suppress-flaps 300
Step 5
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
The members added to the bundle on one POA go Active, and the members on the other POA are in Standby state. This can be verified by using the show bundle command on either POA to display the membership information for correctly configured members on both the POAs:
RP/0/0/CPU0:router#show bundle Bundle-Ether1 Status: Local links <active/standby/configured>: Local bandwidth <effective/available>: MAC address (source): Minimum active links / bandwidth: Maximum active links: Wait while timer: LACP: Flap suppression timer: mLACP: ICCP Group: Role: Foreign links <active/configured>: Switchover type: Recovery delay: Maximize threshold: IPv4 BFD:
Up 1 / 0 / 1 1000000 (1000000) kbps 0000.deaf.0000 (Configured) 1 / 1 kbps 64 100 ms Operational 300 ms Operational 1 Active 0 / 1 Non-revertive 300 s Not configured Not configured
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-103
Device --------------Local
State ----------Active
Note
To switch to an active POA, use the mlacp switchover Bundle-Ether command on the currently active router.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group name bridge-domain bridge-domain name neighbor A.B.C.D pw-id pseudowire-id pw-class {class-name} backup neighbor A.B.C.D pw-id pseudowire-id pw-class {class-name} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-104
OL-23107-02
Command or Action
Step 3
bridge group bridge-group-name
Purpose Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.2.2.2 pw-id 2000
Step 6
pw-class {class-name}
Configures the pseudowire class template name to use for the pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# pw-class class1
Step 7
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# backup neighbor 10.2.2.2 pw-id 2000
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-105
Command or Action
Step 8
pw-class {class-name}
Purpose Configures the pseudowire class template name to use for the backup pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# pw-class class2
Step 9
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-106
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn pw-class {class-name} encapsulation mpls redundancy one-way end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
pw-class {class-name}
Configures the pseudowire class template name to use for the pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pw-class class1
Step 4
encapsulation mpls
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# encapsulation mpls
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-107
Command or Action
Step 5
redundancy one-way
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-mpls)# redundancy one-way
The redundancy one-way command is effective only if the redundancy group is configured.
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-108
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn pw-status xconnect group group-name p2p xconnect-name interface type interface-path-id neighbor A.B.C.D pw-id pseudowire-id pw-class {class-name} backup neighbor A.B.C.D pw-id pseudowire-id
or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
pw-status
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pw-status
When the attachment circuit changes redundancy state to Active, Active pw-status is sent over the primary and backup pseudowires. When the attachment circuit changes redundancy state to Standby, Standby pw-status is sent over the primary and backup pseudowires.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-109
Command or Action
Step 4
xconnect group group-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group grp_1
Step 5
p2p xconnect-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p p1
Step 6
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# interface Bundle-Ether 1.1
Step 7
Configures the pseudowire segment for the cross-connect. Optionally, you can disable the control word or set the transport-type to Ethernet or VLAN. Configures the pseudowire class template name to use for the pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.2.2.2 pw-id 2000
Step 8
pw-class {class-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# pw-class c1
Step 9
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# backup neighbor 10.2.2.2 pw-id 2000
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-110
OL-23107-02
Command or Action
Step 10
pw-class {class-name}
Purpose Configures the pseudowire class template name to use for the backup pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup) # pw-class c2
Step 11
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup) # end
or
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup) # commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-111
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn pw-status bridge group bridge-group-name bridge-domain bridge-domain-name interface type interface-path-id vfi vfi-name neighbor A.B.C.D pw-id pseudowire-id pw-class {class-name} or commit
10. end
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
pw-status
(Optional) Enables pseudowire status. All the pseudowires in the VFI are always active, independent of the attachment circuit redundancy state. Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pw-status
Step 4
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-112
OL-23107-02
Command or Action
Step 5
bridge-domain bridge-domain-name
Purpose Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 6
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface Bundle-Ether 1.1
Step 7
vfi {vfi-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# vfi vfi-east
Step 8
Configures the pseudowire segment for the cross-connect. Optionally, you can disable the control word or set the transport-type to Ethernet or VLAN.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.2.2.2 pw-id 2000
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-113
Command or Action
Step 9
pw-class {class-name}
Purpose Configures the pseudowire class template name to use for the pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# pw-class canada
Step 10
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-114
OL-23107-02
EtherChannel Bundle running LACP: Example Creating VLANs on a Ethernet Bundle: Example ASR 9000 Link Bundles connected to a Cisco 7600 EtherChannel: Example Configuring Multichassis Link Aggregation: Example
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-115
IOS XR side:
hostname PE44_ASR-9010 interface Bundle-Ether16 description Connect to P19_C7609-S Port-Ch mtu 9216 no ipv4 address bundle maximum-active links 1 ! interface Bundle-Ether16.160 l2transport description Connect to P19_C7609-S Port-Ch encapsulation dot1q 160 ! interface Bundle-Ether16.161 l2transport description Connect to P19_C7609-S Port-Ch encapsulation dot1q 161 ! interface Bundle-Ether16.162 description Connect to P19_C7609-S Port-Ch ipv4 address 10.194.8.44 255.255.255.0 encapsulation dot1q 162 ! interface Bundle-Ether16.163 description Connect to P19_C7609-S Port-Ch ipv4 address 10.194.12.44 255.255.255.0 encapsulation dot1q 163 !
16
16 EFP 160
16 EFP 161
16.162
16.163
interface GigabitEthernet0/1/0/16 description Connected to P19_C7609-S GE 8/0/16 bundle id 16 mode active bundle port-priority 1 ! interface GigabitEthernet0/1/0/17 description Connected to P19_C7609-S GE 8/0/17 bundle id 16 mode active bundle port-priority 2 !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-116
OL-23107-02
hostname PE65_ME-C3400 ! vlan 160 ! interface GigabitEthernet0/1 description Connected to PE64_C3750-ME GE 1/0/1 port-type nni
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-117
switchport trunk allowed vlan 160 switchport mode trunk ! interface Vlan160 description VLAN 160 over BE 16.160 on PE44 ip address 160.0.0.65 255.255.255.0 !
IOS side:
hostname P19_C7609-S port-channel load-balance src-dst-port ! interface Port-channel16 description Connected to PE44_ASR-9010 BE 16 mtu 9202 no ip address logging event link-status logging event status speed nonegotiate mls qos trust dscp lacp fast-switchover lacp max-bundle 1 service instance 160 ethernet description Connected to PE44_ASR-9010 BE 16.160 encapsulation dot1q 160 ! service instance 161 ethernet description Connected to PE44_ASR-9010 BE 16.161 encapsulation dot1q 161 ! ! interface Port-channel16.162 description Connected to PE44_ASR-9010 BE 16.162 encapsulation dot1Q 162 ip address 10.194.8.19 255.255.255.0 ! interface Port-channel16.163 description Connected to PE44_ASR-9010 BE 16.163 encapsulation dot1Q 163 ip address 10.194.12.19 255.255.255.0 ! interface GigabitEthernet8/0/16 no shut description Connected to PE44_ASR-9010 GE 0/1/0/16 mtu 9202 no ip address logging event link-status logging event status speed nonegotiate no mls qos trust dscp lacp port-priority 1 channel-protocol lacp channel-group 16 mode active ! interface GigabitEthernet8/0/17 no shut description Connected to PE44_ASR-9010 GE 0/1/0/17 mtu 9202 no ip address
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-118
OL-23107-02
logging event link-status logging event status speed nonegotiate no mls qos trust dscp lacp port-priority 2 channel-protocol lacp channel-group 16 mode active !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-119
hostname PE63_ME-C3400 ! vlan 160 ! interface GigabitEthernet0/1 description Connected to PE62_C3750-ME GE 1/0/1 port-type nni switchport trunk allowed vlan 160 switchport mode trunk ! interface Vlan160 description VLAN 160 over Port-Chan 16 on P19 ip address 160.0.0.63 255.255.255.0 !
Standby POA
interface Bundle-Ether10 mlacp iccp-group 1 mlacp port-priority 20
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-120
OL-23107-02
LACP: Flap suppression timer: mLACP: ICCP Group: Role: Foreign links <active/configured>: Switchover type: Recovery delay: Maximize threshold: IPv4 BFD: Port -------------------Gi0/0/0/0 Link is Active Gi0/0/0/0 Link is marked as Device --------------Local
Operational 300 ms Operational 1 Active 0 / 1 Non-revertive 300 s Not configured Not configured State ----------Active Port ID -------------0x8001, 0x9001 0x8002, 0xa001 B/W, kbps ---------1000000 1000000
RP/0/0/CPU0:router#mlacp switchover Bundle-Ether 1 This will trigger the peer device (Node 5.4.3.2 in IG 1) to become active for Bundle-Ether1. This may result in packet loss on the specified bundle. Proceed with switch over? [confirm] RP/0/0/CPU0:Jan 31 23:46:44.666 : BM-DISTRIB[282]: %L2-BM-5-MLACP_BUNDLE_ACTIVE : This device is no longer the active device for Bundle-Ether1 RP/0/0/CPU0:Jan 31 23:46:44.668 : BM-DISTRIB[282]: %L2-BM-6-ACTIVE : GigabitEthernet0/0/0/0 is no longer Active as part of Bundle-Ether1 (Not enough links available to meet minimum-active threshold) RP/0/0/CPU0:router#show bundle Mon Jun 7 06:04:17.778 PDT Bundle-Ether1 Status: Local links <active/standby/configured>: Local bandwidth <effective/available>: MAC address (source): Minimum active links / bandwidth: Maximum active links: Wait while timer: LACP: Flap suppression timer: mLACP: ICCP Group: Role: Foreign links <active/configured>: Switchover type: Recovery delay: Maximize threshold: IPv4 BFD: Port Device -------------------- --------------Gi0/0/0/0 Local mLACP peer is active Gi0/0/0/0 5.4.3.2 Link is Active RP/0/0/CPU0:router#
mLACP hot standby 0 / 1 / 1 0 (0) kbps 0000.deaf.0000 (Configured) 1 / 1 kbps 64 100 ms Operational 300 ms Operational 1 Standby 1 / 1 Non-revertive 300 s Not configured Not configured Port ID -------------0x8003, 0x9001 0x8002, 0xa001 B/W, kbps ---------1000000 1000000
This example shows how to add a backup pseudowire to a VPLS access pseudowire:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-121
l2vpn bridge group bg1 bridge-domain bd1 neighbor 101.101.101.101 pw-id 5000 pw-class class1 backup neighbor 102.102.102.102 pw-id 3000 pw-class class1 ! ! ! !
This example shows how to configure one-way pseudowire redundancy behavior when redundancy group is configured:
l2vpn pw-class class_mpls encapsulation mpls redundancy one-way ! !
On POA 1:
redundancy iccp group 1 mlacp node 1 mlacp system mac 000d.000e.000f mlacp system priority 1 member neighbor 5.4.3.2 ! ! ! ! interface Bundle-Ether1 lacp switchover suppress-flaps 300 mlacp iccp-group 1 mac-address 0.deaf.0 bundle wait-while 100 ! interface Loopback0 ipv4 address 5.4.3.1 255.255.255.255 ! interface GigabitEthernet0/0/0/0 description Connected to DHD Gi0/0/0/0 bundle id 1 mode active lacp period short no shutdown
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-122
OL-23107-02
! interface GigabitEthernet0/0/0/3 description Connected to POA2 Gi0/0/0/3 ipv4 address 1.2.3.1 255.255.255.0 proxy-arp no shutdown ! router static address-family ipv4 unicast 5.4.3.2/32 1.2.3.2 ! ! mpls ldp router-id 5.4.3.1 discovery targeted-hello accept log neighbor ! interface GigabitEthernet0/0/0/3 ! !
On POA 2:
redundancy iccp group 1 mlacp node 2 mlacp system mac 000d.000e.000f mlacp system priority 1 member neighbor 5.4.3.1 ! ! ! ! interface Bundle-Ether1 lacp switchover suppress-flaps 300 mlacp iccp-group 1 mac-address 0.deaf.0 bundle wait-while 100 ! interface Loopback0 ipv4 address 5.4.3.2 255.255.255.255 ! interface GigabitEthernet0/0/0/0 description Connected to DHD Gi0/0/0/3 bundle id 1 mode active lacp period short no shutdown ! interface GigabitEthernet0/0/0/3 description Connected to POA1 Gi0/0/0/3 ipv4 address 1.2.3.2 255.255.255.0 proxy-arp no shutdown ! router static address-family ipv4 unicast 5.4.3.1/32 1.2.3.1 ! ! mpls ldp router-id 5.4.3.2
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-123
On the DHD:
interface Bundle-Ether1 lacp switchover suppress-flaps 300 bundle wait-while 100 ! interface GigabitEthernet0/0/0/0 description Connected to POA1 Gi0/0/0/0 bundle id 1 mode active lacp period short no shutdown ! interface GigabitEthernet0/0/0/3 description Connected to POA2 Gi0/0/0/0 bundle id 1 mode active lacp period short no shutdown !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-124
OL-23107-02
Additional References
These sections provide references related to link bundle configuration.
Related Documents
Related Topic Cisco ASR 9000 Series Routers master command reference Cisco ASR 9000 Series Routers interface configuration commands Document Title Cisco ASR 9000 Series Routers Master Commands List Cisco ASR 9000 Series Routers Interface and Hardware Component Command Reference
Initial system bootup and configuration information for Cisco ASR 9000 Series Routers Getting Started Guide a Cisco ASR 9000 Series Routers using the Cisco IOS XR Software. Information about user groups and task IDs Information about configuring interfaces and other components on the Cisco ASR 9000 Series Routers from a remote Craft Works Interface (CWI) client management application Cisco ASR 9000 Series Routers Interface and Hardware Component Command Reference Cisco ASR 9000 Series Routers Craft Works Interface Configuration Guide
Standards
Standards Title No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
MIBs There are no applicable MIBs for this module. MIBs Link To locate and download MIBs for selected platforms using Cisco IOS XR Software, use the Cisco MIB Locator found at this URL: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. Title
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-125
Technical Assistance
Description Link The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-126
OL-23107-02
local switchingA point-to-point circuit internal to a single Cisco ASR 9000 Series Router, also known as local connect. pseudowiresA virtual point-to-point circuit from a Cisco ASR 9000 Series Router. Pseudowires are implemented over MPLS.
Note
For more information about MPLS Layer 2 VPN on the Cisco ASR 9000 Series Router and for descriptions of the commands listed in this module, see the Related Documents section. To locate documentation for other commands that might appear while executing a configuration task, search online in the Cisco IOS XR software master command index.
Feature History for Implementing MPLS Layer 2 VPN on Cisco ASR 9000 Series Routers
Release Modification
This feature was introduced on Cisco ASR 9000 Series Routers. Scale enhancements were introduced. See Table 4 on page 369 for more information on scale enhancements. Support was added for Any Transport over MPLS (AToM) features. Support was added for these features:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-127
Contents
Prerequisites for Implementing Point to Point Layer 2 Services, page LSC-128 Information About Implementing Point to Point Layer 2 Services, page LSC-128 How to Implement Point to Point Layer 2 Services, page LSC-141 Configuration Examples for Point to Point Layer 2 Services, page LSC-175 Additional References, page LSC-186
Layer 2 Virtual Private Network Overview, page LSC-128 ATMoMPLS with L2VPN Overview, page LSC-129 Virtual Circuit Connection Verification on L2VPN, page LSC-129 Ethernet over MPLS, page LSC-130 Quality of Service, page LSC-133 High Availability, page LSC-134 Preferred Tunnel Path, page LSC-134 Multisegment Pseudowire, page LSC-135 Pseudowire Redundancy, page LSC-135 Any Transport over MPLS, page LSC-139
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-128
OL-23107-02
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Building a L2VPN system requires coordination between the ISP and the customer. The ISP provides L2 connectivity; the customer builds a network using data link resources obtained from the ISP. In an L2VPN service, the ISP does not require information about a the customer's network topology, policies, routing information, point-to-point links, or network point-to-point links from other ISPs. The ISP requires provider edge (PE) routers with these capabilities:
Encapsulation of L2 protocol data units (PDU) into Layer 3 (L3) packets. Interconnection of any-to-any L2 transports. Emulation of L2 quality-of-service (QoS) over a packet switch network. Ease of configuration of the L2 service. Support for different types of tunneling mechanisms (MPLS, IPSec, GRE, and others). L2VPN process databases include all information related to circuits and their connections.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-129
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Type 1Specifies normal Ethernet-over-MPLS (EoMPLS) data packets. Type 2Specifies VCCV packets.
Cisco ASR 9000 Series Routers supports Label Switched Path (LSP) VCCV Type 1, which uses an inband control word if enabled during signaling. The VCCV echo reply is sent as IPv4 that is the reply mode in IPv4. The reply is forwarded as IP, MPLS, or a combination of both. VCCV pings counters that are counted in MPLS forwarding on the egress side. However, on the ingress side, they are sourced by the route processor and do not count as MPLS forwarding counters.
Ethernet Port Mode, page LSC-130 VLAN Mode, page LSC-131 Inter-AS Mode, page LSC-132 QinQ Mode, page LSC-132 QinAny Mode, page LSC-133
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-130
OL-23107-02
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Figure 12
Ether CE
Ether PE
Tunnel label VC label Control Word Payload Payload Payload VC label Control Word Payload Payload
Packet flow
VLAN Mode
In VLAN mode, each VLAN on a customer-end to provider-end link can be configured as a separate L2VPN connection using virtual connection (VC) type 4 or VC type 5. VC type 5 is the default mode. As illustrated in Figure 13, the Ethernet PE associates an internal VLAN-tag to the Ethernet port for switching the traffic internally from the ingress port to the pseudowire; however, before moving traffic into the pseudowire, it removes the internal VLAN tag.
Figure 13 VLAN Mode Packet Flow
Ether CE tagged
Ether PE tagged
Ether CE
Tunnel label VC label Control Word VLAN tag Payload VLAN tag Payload Payload VC label Control Word Payload VLAN tag Payload VLAN tag Payload
158393
Packet flow
At the egress VLAN PE, the PE associates a VLAN tag to the frames coming off of the pseudowire and after switching the traffic internally, it sends out the traffic on an Ethernet trunk port.
Note
Because the port is in trunk mode, the VLAN PE doesn't remove the VLAN tag and forwards the frames through the port with the added tag.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-131
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Inter-AS Mode
Inter-AS is a peer-to-peer type model that allows extension of VPNs through multiple provider or multi-domain networks. This lets service providers peer up with one another to offer end-to-end VPN connectivity over extended geographical locations. EoMPLS support can assume a single AS topology where the pseudowire connecting the PE routers at the two ends of the point-to-point EoMPLS cross-connects resides in the same autonomous system; or multiple AS topologies in which PE routers can reside on two different ASs using iBGP and eBGP peering. Figure 14 illustrates MPLS over Inter-AS with a basic double AS topology with iBGP/LDP in each AS.
Figure 14 EoMPLS over Inter-AS: Basic Double AS Topology
AS 200
RT/CE
PE2 AS 300
ASBR2
243671
QinQ Mode
QinQ is an extension of 802.1Q for specifying multiple 802.1Q tags (IEEE 802.1QinQ VLAN Tag stacking). Layer 3 VPN service termination and L2VPN service transport are enabled over QinQ sub-interfaces. The Cisco ASR 9000 Series Routers implement the Layer 2 tunneling or Layer 3 forwarding depending on the subinterface configuration at provider edge routers. This function only supports up to two QinQ tags on the SPA and fixed PLIM:
Layer 2 QinQ VLANs in L2VPN attachment circuit: QinQ L2VPN attachment circuits are configured under the Layer 2 transport subinterfaces for point-to-point EoMPLS based cross-connects using both virtual circuit type 4 and type 5 pseudowires and point-to-point local-switching-based cross-connects including full interworking support of QinQ with 802.1q VLANs and port mode. Layer 3 QinQ VLANs: Used as a Layer 3 termination point, both VLANs are removed at the ingress provider edge and added back at the remote provider edge as the frame is forwarded. IPv4 unicast and multicast
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-132
eBGP
PE1
P1
ASBR1
OL-23107-02
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
IPv6 unicast and multicast MPLS Connectionless Network Service (CLNS) for use by Intermediate System-to-Intermediate System (IS-IS) Protocol
In QinQ mode, each CE VLAN is carried into an SP VLAN. QinQ mode should use VC type 5, but VC type 4 is also supported. On each Ethernet PE, you must configure both the inner (CE VLAN) and outer (SP VLAN). Figure 15 illustrates QinQ using VC type 4.
Figure 15 EoMPLS over QinQ Mode
Ether CE tagged
Ether PE tagged
Ether CE
210606
QinAny Mode
In the QinAny mode, the service provider VLAN tag is configured on both the ingress and the egress nodes of the provider edge VLAN. QinAny mode is similar to QinQ mode using a Type 5 VC, except that the customer edge VLAN tag is carried in the packet over the pseudowire, as the customer edge VLAN tag is unknown.
Quality of Service
Using L2VPN technology, you can assign a quality of service (QoS) level to both Port and VLAN modes of operation. L2VPN technology requires that QoS functionality on PE routers be strictly L2-payload-based on the edge-facing interfaces (also know as attachment circuits). Figure 16 illustrates L2 and L3 QoS service policies in a typical L2VPN network.
Figure 16 L2VPN QoS Feature Application
Layer-3 (MPLS/IP) QoS Policy Layer-2 QoS Policy CE1 PE1 PE1 P Layer-3 (MPLS/IP) QoS Policy Layer-2 QoS Policy PE2 CE2
AC Pseudo Wire
AC
158280
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-133
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Figure 17 shows four packet processing paths within a provider edge device where a QoS service policy can be attached. In an L2VPN network, packets are received and transmitted on the edge-facing interfaces as L2 packets and transported on the core-facing interfaces as MPLS (EoMPLS) packets.
Figure 17 L2VPN QoS Reference Model
Layer-3 (MPLS/IP) QoS Policy Layer-2 QoS Policy PE1 PE1 P Layer-3 (MPLS/IP) QoS Policy Layer-2 QoS Policy PE2
Packet flow
High Availability
L2VPN uses control planes in both route processors and line cards, as well as forwarding plane elements in the line cards. The availability of L2VPN meets these requirements:
A control plane failure in either the route processor or the line card will not affect the circuit forwarding path. The router processor control plane supports failover without affecting the line card control and forwarding planes. L2VPN integrates with existing Label Distribution Protocol (LDP) graceful restart mechanism.
Note
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-134
OL-23107-02
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Multisegment Pseudowire
Pseudowires transport Layer 2 protocol data units (PDUs) across a public switched network (PSN). A multisegment pseudowire is a static or dynamically configured set of two or more contiguous pseudowire segments. These segments act as a single pseudowire, allowing you to:
Manage the end-to-end service by separating administrative or provisioning domains. Keep IP addresses of provider edge (PE) nodes private across interautonomous system (inter-AS) boundaries. Use IP address of autonomous system boundary routers (ASBRs) and treat them as pseudowire aggregation routers. The ASBRs join the pseudowires of the two domains.
A multisegment pseudowire can span either an inter-AS boundary or two multiprotocol label switching (MPLS) networks. A pseudowire is a tunnel between two PE nodes. There are two types of PE nodes:
multisegment pseudowire.
Switches control and data planes of the preceding and succeeding pseudowire segments of the
multisegment pseudowire.
Pseudowire Redundancy
Pseudowire redundancy allows you to configure your network to detect a failure in the network and reroute the Layer 2 service to another endpoint that can continue to provide service. This feature provides the ability to recover from a failure of either the remote provider edge (PE) router or the link between the PE and customer edge (CE) routers. L2VPNs can provide pseudowire resiliency through their routing protocols. When connectivity between end-to-end PE routers fails, an alternative path to the directed LDP session and the user data takes over. However, there are some parts of the network in which this rerouting mechanism does not protect against interruptions in service. Pseudowire redundancy enables you to set up backup pseudowires. You can configure the network with redundant pseudowires and redundant network elements. Prior to the failure of the primary pseudowire, the ability to switch traffic to the backup pseudowire is used to handle a planned pseudowire outage, such as router maintenance.
Note
Pseudowire redundancy is provided only for point-to-point Virtual Private Wire Service (VPWS) pseudowires.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-135
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Note
Enabling virtual circuit (VC) label based load balancing for a pseudowire class overrides global flow based load balancing under L2VPN.
E-Line Service
E-Line service provides a point-to-point EVC between two UNIs. There are two types of E-Line services:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-136
OL-23107-02
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
E-LAN service provides multipoint connectivity (can connect two or more UNIs). All sites have Ethernet connectivity with each other (inside the cloud is a multipoint-to-multipoint EVC).
Types of E-LAN services:
The Cisco Ethernet Relay Service concept corresponds to the MEF Ethernet Virtual Private Line concept. The Cisco Ethernet Wire Service concept corresponds to the MEF Ethernet Private Line concept. The Cisco Multipoint Service concept corresponds to the MEF Transparent LAN Service concept. The Cisco Multipoint Relay Service concept corresponds to the MEF Ethernet Virtual Connection Service concept. A UNI is the demarcation between the CE and the provider edge (PE). Ethernet service is what the Service Provider provides between UNIs.
Ethernet Line service (E-Line) point-to-point Ethernet LAN service (E-LAN) multipoint Ethernet Tree service (E-Tree) point-to-multipoint
This is Carrier Ethernet. This can replace Frame Relay/ATM within the cloud with the benefits including faster speeds (GigE and 10GigE). VPLS (Virtual Private LAN Service) is an end-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services. It is Virtual because multiple instances of this service share the same physical infrastructure. It is Private because each instance of the service is independent and isolated from one another. It is LAN Service because it emulates Layer 2 multipoint connectivity between subscribers.
IGMP Snooping
IGMP snooping provides a way to constrain multicast traffic at Layer 2. By snooping the IGMP membership reports sent by hosts in the bridge domain, the IGMP snooping application can set up Layer 2 multicast forwarding tables to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast traffic. Configured at Layer 3, IGMP provides a means for hosts in an IPv4 multicast network to indicate which multicast traffic they are interested in and for routers to control and limit the flow of multicast traffic in the network (at Layer 3). IGMP snooping uses the information in IGMP membership report messages to build corresponding information in the forwarding tables to restrict IP multicast traffic at Layer 2. The forwarding table entries are in the form <Route, OIF List>, where:
Route is a <*, G> route or <S, G> route. OIF List comprises all bridge ports that have sent IGMP membership reports for the specified route plus all Multicast Router (mrouter) ports in the bridge domain. Basic IGMP snooping reduces bandwidth consumption by reducing multicast traffic that would otherwise flood an entire VPLS bridge domain.
The IGMP snooping feature can provide these benefits to a multicast network:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-137
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
With optional configuration options, IGMP snooping can provide security between bridge domains by filtering the IGMP reports received from hosts on one bridge port and preventing leakage towards the hosts on other bridge ports. With optional configuration options, IGMP snooping can reduce the traffic impact on upstream IP multicast routers by suppressing IGMP membership reports (IGMPv2) or by acting as an IGMP proxy reporter (IGMPv3) to the upstream IP multicast router.
Refer to the Implementing Layer 2 Multicast with IGMP Snooping module in the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide for information on configuring IGMP snooping. The applicable IGMP snooping commands are described in the Cisco ASR 9000 Series Aggregation Services Router Multicast Command Reference.
IP Interworking
Customer deployments require a solution to support AToM with disparate transport at network ends. This solution must have the capability to translate transport on one customer edge (CE) device to another transport, for example, Frame relay to Ethernet. The Cisco ASR 9000 Series SPA Interface Processor-700 and the Cisco ASR 9000 Series Ethernet line cards enable the Cisco ASR 9000 Series Routers to support multiple legacy services. IP Interworking is a solution for transporting Layer 2 traffic over an IP/MPLS backbone. It accommodates many types of Layer 2 frames such as Ethernet and Frame Relay using AToM tunnels. It encapsulates packets at the provider edge (PE) router, transports them over the backbone to the PE router on the other side of the cloud, removes the encapsulation, and transports them to the destination. The transport layer can be Ethernet on one end and Frame relay on the other end. IP interworking occurs between disparate endpoints of the AToM tunnels.
Note
Only routed interworking is supported between Ethernet and Frame Relay based networks for MPLS and Local-connect scenarios. Figure 18 shows the interoperability between an Ethernet attachment VC and a Frame Relay attachment VC.
Figure 18 IP Interworking over MPLS Core
Attachment VC
Attachment Circuit
FR/Ether Link CE1 PE1 P router P router MPLS Network P router PE2
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-138
OL-23107-02
279532
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
An attachment circuit (AC) is a physical or logical port or circuit that connects a CE device to a PE device. A pseudowire (PW) is a bidirectional virtual connection (VC) connecting two ACs. In an MPLS network, PWs are carried inside an LSP tunnel. The core facing line card on the PE1 and PE2 could be a Cisco ASR 9000 Series SPA Interface Processor-700 or a Cisco ASR 9000 Series Ethernet line card. In the IP Interworking mode, the Layer 2 (L2) header is removed from the packets received on an ingress PE, and only the IP payload is transmitted to the egress PE. On the egress PE, an L2 header is appended before the packet is transmitted out of the egress port. In Figure 18, CE1 and CE2 could be a Frame Relay (FR) interface or a GigabitEthernet (GigE) interface. Assuming CE1 is a FR and CE2 is either a GigE or dot1q, or QinQ. For packets arriving from an Ethernet CE (CE2), ingress LC on the PE (PE2) facing the CE removes L2 framing and forwards the packet to egress PE (PE1) using IPoMPLS encapsulation over a pseudowire. The core facing line card on egress PE removes the MPLS labels but preserves the control word and transmits it to the egress line card facing FR CE (CE1). At the FR PE, after label disposition, the Layer 3 (L3) packets are encapsulated over FR. Similarly, IP packets arriving from the FR CE are translated into IPoMPLS encapsulation over the pseudowire. At the Ethernet PE side, after label disposition, the PE adds L2 Ethernet packet header back to the packet before transmitting it to the CE, as the packets coming out from the core carry only the IP payload. These modes support IP Interworking on AToM:
Ethernet to Frame Relay Packets arriving from the Ethernet CE device have MAC (port-mode, untagged, single, double tag), IPv4 header and data. The Ethernet line card removes the L2 framing and then forwards the L3 packet to the egress line card. The egress line card adds the FR L2 header before transmitting it from the egress port.
Ethernet to Ethernet Both the CE devices are Ethernet. Each ethernet interface can be port-mode, untagged, single, or double tag, although this is not a typical scenario for IP interworking.
The type of Layer 2 data that will be transported across the pseudowire, such as Ethernet and Frame Relay. The IP address of the loopback interface of the peer PE router, which enables the PE routers to communicate A unique combination of peer PE IP address and VC ID that identifies the pseudowire
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-139
Implementing Point to Point Layer 2 Services Information About Implementing Point to Point Layer 2 Services
Note
The Data Link Connection Identifier (DLCI) DCLI-DLCI mode is supported. A control word (required for DLCI-DLCI mode) is used to carry additional control information. When a Provider Edge (PE) router receives a Frame Relay protocol packet from a subscriber site, it removes the Frame Relay header and Frame Check Sequence (FCS) and appends the appropriate Virtual Circuit (VC) label. The removed Backward Explicit Congestion Notification (BECN), Forward Explicit Congestion Notification (FECN), Discard Eligible (DE) and Command/Response (C/R) bits are (for DLCI-DLCI mode) sent separately using a control word.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-140
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Configuring an Interface or Connection for L2VPN, page LSC-141 Configuring Local Switching, page LSC-144 Configuring Static Point-to-Point Cross-Connects, page LSC-146 Configuring Dynamic Point-to-Point Cross-Connects, page LSC-148 Configuring Inter-AS, page LSC-149 Configuring L2VPN Quality of Service, page LSC-150 Configuring Preferred Tunnel Path, page LSC-154 Configuring Multisegment Pseudowire, page LSC-156 Enabling Flow-based Load Balancing, page LSC-163 Enabling Flow-based Load Balancing for a Pseudowire Class, page LSC-164 Configuring Pseudowire Redundancy, page LSC-166 Setting Up Your Multicast Connections, page LSC-171 Configuring AToM IP Interworking, page LSC-173
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure interface type interface-path-id l2transport exit interface type interface-path-id end or commit show interface type interface-id
7.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-141
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/0/0/0
Step 3
l2transport
Example:
RP/0/RSP0/CPU0:router(config-if)# l2transport
Step 4
exit
Example:
RP/0/RSP0/CPU0:router(config-if-l2)# exit
Step 5
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/0/0/0
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-142
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 7
(Optional) Displays the configuration settings you committed for the interface.
Example:
RP/0/RSP0/CPU0:router# show interface gigabitethernet 0/0/0/0
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-143
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
configure l2vpn xconnect group group-name p2p xconnect-name interface type interface-path-id interface type interface-path-id end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group grp_1
Step 4
p2p xconnect-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p vlan1
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# interface TenGigE 0/7/0/6.5
GigabitEthernet: Gigabit Ethernet/IEEE 802.3 interfaces. TenGigE: TenGigabit Ethernet/IEEE 802.3 interfaces.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-144
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 6
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# interface GigabitEthernet0/4/0/30
GigabitEthernet: Gigabit Ethernet/IEEE 802.3 interfaces. TenGigE: TenGigabit Ethernet/IEEE 802.3 interfaces.
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-145
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
An cross-connect is uniquely identified with the pair; the cross-connect name must be unique within a group. A segment (an attachment circuit or pseudowire) is unique and can belong only to a single cross-connect. A static VC local label is globally unique and can be used in one pseudowire only. No more than 16,000 cross-connects can be configured per router.
Note
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
configure l2vpn xconnect group group-name p2p xconnect-name interface type interface-path-id neighbor A.B.C.D pw-id pseudowire-id mpls static label local {value} remote {value} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group grp_1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-146
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 4
p2p xconnect-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p vlan1
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# interface gigabitethernet 0/1/0/9
Step 6
Configures the pseudowire segment for the cross-connect. Use the A.B.C.D argument to specify the IP address of the cross-connect peer.
Note
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.2.2.2 pw-id 2000
Optionally, you can disable the control word or set the transport-type to Ethernet or VLAN.
Step 7
mpls static label local {value} remote {value}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# mpls static label local 699 remote 890
Step 8
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-147
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Note
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn xconnect group group-name p2p xconnect-name interface type interface-path-id neighbor A.B.C.D pw-id pseudowire-id end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group grp_1
Step 4
p2p xconnect-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p vlan1
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# interface GigabitEthernet0/0/0/0.1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-148
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 6
neighbor A.B.C.D pw-id pseudowire-id
Purpose Configures the pseudowire segment for the cross-connect. Optionally, you can disable the control word or set the transport-type to Ethernet or VLAN.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.2.2.2 pw-id 2000
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Configuring Inter-AS
The Inter-AS configuration procedure is identical to the L2VPN cross-connect configuration tasks (see Configuring Static Point-to-Point Cross-Connects section on page MPC-146 and Configuring Dynamic Point-to-Point Cross-Connects section on page MPC-148) except that the remote PE IP address used by the cross-connect configuration is now reachable through iBGP peering.
Note
You must be knowledgeable about IBGP, EBGP, and ASBR terminology and configurations to complete this configuration.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-149
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Restrictions
The l2transport command cannot be used with any IP address, L3, or CDP configuration.
Note
In port mode, the interface name format does not include a subinterface number; for example, GigabitEthernet0/1/0/1.
SUMMARY STEPS
1. 2. 3. 4. 5.
configure interface type interface-path-id l2transport service-policy [input | output] [policy-map-name] end or commit show qos interface type interface-path-id service-policy [input | output] [policy-map-name]
6.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/0/0/0
Step 3
l2transport
Example:
RP/0/RSP0/CPU0:router(config-if)# l2transport
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-150
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 4
service-policy [input | output] [policy-map-name]
Purpose Attaches a QoS policy to an input or output interface to be used as the service policy for that interface.
Example:
RP/0/RSP0/CPU0:router(config-if)# service-policy input servpol1
Step 5
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 6
Example:
RP/0/RSP0/CPU0:router# show qos interface gigabitethernet 0/0/0/0 input serpol1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-151
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Note
SUMMARY STEPS
1. 2. 3. 4.
configure interface type interface-path-id.subinterface l2transport service-policy [input | output] [policy-map-name] end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
In VLAN Mode, you must enter the l2transport keyword on the same line as the interface.
Example:
RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/0/0/0.1 l2transport
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-152
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 3
service-policy [input | output] [policy-map-name]
Purpose Attaches a QoS policy to an input or output interface to be used as the service policy for that interface.
Example:
RP/0/RP0/CPU0:router(config-if)# service-policy input servpol1
Step 4
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RP0/CPU0:router(config-if)# end
or
RP/0/RP0/CPU0:router(config-if)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-153
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Note
The tunnel used for the preferred path configuration is an MPLS Traffic Engineering (MPLS-TE) tunnel.
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn pw-class {name} encapsulation mpls preferred-path {interface} {tunnel-te value} [fallback disable] end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
pw-class {name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pw-class path1
Step 4
encapsulation mpls
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# encapsulation mpls
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-154
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 5
preferred-path {interface} {tunnel-te value} [fallback disable]
Purpose Configures preferred path tunnel settings. If the fallback disable configuration is used and once the TE tunnel is configured as the preferred path goes down, the corresponding pseudowire can also go down.
Note
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encap- mpls)# preferred-path interface tunnel-te 11 fallback disable
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encap- mpls)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encap- mpls-if)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-155
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Provisioning a Multisegment Pseudowire Configuration, page LSC-156 Provisioning a Global Multisegment Pseudowire Description, page LSC-158 Provisioning a Cross-Connect Description, page LSC-159 Provisioning Switching Point TLV Security, page LSC-161 Configuring Pseudowire Redundancy, page LSC-166 Enabling Multisegment Pseudowires, page LSC-162
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn xconnect group group-name p2p xconnect-name neighbor A.B.C.D pw-id value pw-class class-name exit neighbor A.B.C.D pw-id value pw-class class-name
10. commit
DETAILED STEPS
Command
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-156
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command
Step 3
xconnect group group-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group MS-PW1
Step 4
p2p xconnect-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p ms-pw1
Step 5
Configures a pseudowire for a cross-connect. The IP address is that of the corresponding PE node. The pw-id must match the pw-id of the PE node. Enters pseudowire class submode, allowing you to define a pseudowire class template.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.165.200.25 pw-id 100
Step 6
pw-class class-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# pw-class dynamic_mpls
Step 7
exit
Exits pseudowire class submode and returns the router to the parent configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# exit
Step 8
Configures a pseudowire for a cross-connect. The IP address is that of the corresponding PE node. The pw-id must match the pw-id of the PE node. Enters pseudowire class submode, allowing you to define a pseudowire class template.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.165.202.158 pw-id 300
Step 9
pw-class class-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# pw-class dynamic_mpls
Step 10
commit
Saves configuration changes to the running configuration file and remains in the configuration session.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-157
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
SUMMARY STEPS
1. 2. 3. 4.
DETAILED STEPS
Command
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
description value
Populates the Pseudowire Switching Point TLV. This TLV records all the switching points the pseudowire traverses. Each multisegment pseudowire can have its own description. If it does not have one, this global description is used. Saves configuration changes to the running configuration file and remains in the configuration session.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# description S-PE1
Step 4
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-158
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn xconnect group group-name p2p xconnect-name description value commit
DETAILED STEPS
Command
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group MS-PW1
Step 4
p2p xconnect-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p ms-pw1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-159
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command
Step 5
description value
Purpose Populates the Pseudowire Switching Point TLV. This TLV records all the switching points the pseudowire traverses. Each multisegment pseudowire can have its own description. If it does not have one, a global description is used. For more information, see the Provisioning a Multisegment Pseudowire Configuration section on page MPC-156. Saves configuration changes to the running configuration file and remains in the configuration session.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# description MS-PW from T-PE1 to T-PE2
Step 6
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-160
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn pw-class class-name encapsulation mpls protocol ldp switching-tlv hide commit
DETAILED STEPS
Command
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router (config)# l2vpn
Step 3
pw-class class-name
Enters pseudowire class submode, allowing you to define a pseudowire class template.
Example:
RP/0/RSP0/CPU0:router (config-l2vpn)# pw-class dynamic_mpls
Step 4
encapsulation mpls
Example:
RP/0/RSP0/CPU0:router (config-l2vpn-pwc)# encapsulation mpls
Step 5
protocol ldp
Example:
RP/0/RSP0/CPU0:router (config-l2vpn-pwc-encap-mpls)# protocol ldp
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-161
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command
Step 6
switching-tlv hide
Example:
RP/0/RSP0/CPU0:router (config-l2vpn-pwc-encap-mpls)# switching-tlv hide
Step 7
commit
Saves configuration changes to the running configuration file and remains in the configuration session.
Example:
RP/0/RSP0/CPU0:router (config-l2vpn-pwc-encap-mpls)# commit
SUMMARY STEPS
1. 2. 3. 4.
DETAILED STEPS
Command
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router (config)# l2vpn
Step 3
pw-status
Example:
RP/0/RSP0/CPU0:router (config-l2vpn)# pw-status
Step 4
commit
Saves configuration changes to the running configuration file and remains in the configuration session.
Example:
RP/0/RSP0/CPU0:router (config-l2vpn)# commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-162
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
SUMMARY STEPS
1. 2. 3. 4.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-163
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 3
load-balancing flow {src-dst-mac | src-dst-ip}
Purpose Enables flow based load balancing for all the pseudowires and bundle EFPs under L2VPN, unless otherwise explicitly specified for pseudowires via pseudowire class and bundles via EFP-hash. Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# load-balancing flow src-dst-ip
Step 4
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn pw-class {name} encapsulation mpls load-balancing pw-label end or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-164
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
pw-class {name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pw-class path1
Step 4
encapsulation mpls
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# encapsulation mpls
Step 5
load-balancing pw-label
Enables all pseudowires using the defined class to use virtual circuit based load balancing.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encap- mpls)# load-balancing pw-label
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encap- mpls)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-encap- mpls)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-165
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Configuring a Backup Pseudowire, page LSC-166 Configuring Point-to-Point Pseudowire Redundancy, page LSC-168 Forcing a Manual Switchover to the Backup Pseudowire, page LSC-170
Note
When you reprovision a primary pseudowire, traffic resumes in two seconds. However, when you reprovision a backup pseudowire, traffic will resume after a delay of 45 to 60 seconds. This is the expected behavior.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn xconnect group group-name p2p {xconnect-name} neighbor {A.B.C.D} {pw-id value} backup {neighbor A.B.C.D} {pw-id value} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-166
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 3
xconnect group group-name
Example:
RP/O/RSP0/CPU0:router(config-l2vpn)# xconnect group A RP/0/RSP0/CPU0:router(config-l2vpn-xc)#
Step 4
p2p {xconnect-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p xc1 RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)#
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.1.1.2 pw-id 2
Step 6
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# backup neighbor 10.2.2.2 pw-id 5 RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)#
Use the neighbor keyword to specify the peer to cross-connect. The IP address argument (A.B.C.D) is the IPv4 address of the peer. Use the pw-id keyword to configure the pseudowire ID. The range is from 1 to 4294967295. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 7
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)# commit
to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration
session and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-167
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn pw-class {class-name} backup disable {delay value | never} exit xconnect group group-name p2p {xconnect-name} neighbor {A.B.C.D} {pw-id value} pw-class {class-name}
or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
pw-class {class-name}
Example:
RP/O/RSP0/CPU0:router(config-l2vpn)# pw-class path1 RP/0/RSP0/CPU0:router(config-l2vpn-pwc)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-168
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 4
backup disable {delay value | never}
Purpose This command specifies how long the primary pseudowire should wait after it becomes active to take over for the backup pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# backup disable delay 20
Use the delay keyword to specify the number of seconds that elapse after the primary pseudowire comes up before the secondary pseudowire is deactivated. The range, in seconds, is from 0 to 180. Use the never keyword to specify that the secondary pseudowire does not fall back to the primary pseudowire if the primary pseudowire becomes available again, unless the secondary pseudowire fails.
Step 5
exit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc)# exit RP/O/RSP0/CPU0:router(config-l2vpn)#
Step 6
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group A RP/0/RSP0/CPU0:router(config-l2vpn-xc)#
Step 7
p2p {xconnect-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p xc1 RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)#
Step 8
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor 10.1.1.2 pw-id 2 RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)#
Step 9
pw-class {class-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# pw-class path1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-169
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 10
backup {neighbor A.B.C.D} {pw-id value}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw)# backup neighbor 10.2.2.2 pw-id 5 RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)#
Use the neighbor keyword to specify the peer to the cross-connect. The A.B.C.D argument is the IPv4 address of the peer. Use the pw-id keyword to configure the pseudowire ID. The range is from 1 to 4294967295. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 11
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)# commit
to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration
session and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-170
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure multicast-routing address-family ipv4 nsf interface all enable accounting per-prefix router pim vrf default address-family ipv4 rp-address
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# multicast-routing
These multicast processes are started: MRIB, MFWD, PIM, and IGMP. For IPv4, IGMP version 3 is enabled by default. For IPv4, use the address-family ipv4 keywords.
Step 3
Enables multicast routing and forwarding on all new and existing interfaces.
Example:
RP/0/RSP0/CPU0:router(config-mcast-ipv4)# interface all enable
Step 4
exit
Exits multicast routing configuration mode, and returns the router to the parent configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mcast-ipv4)# exit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-171
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 5
router igmp
Example:
RP/0/RSP0/CPU0:router(config)# router igmp
Step 6
version {1 | 2 | 3}
(Optional) Selects the IGMP version that the router interface uses.
Example:
RP/0/RSP0/CPU0:router(config-igmp)# version 3
The default for IGMP is version 3. Host receivers must support IGMPv3 for PIM-SSM operation. If this command is configured in router IGMP configuration mode, parameters are inherited by all new and existing interfaces. You can override these parameters on individual interfaces from interface configuration mode. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 7
end or commit
Example:
RP/0/RSP0/CPU0:router(config-igmp)# end
or
RP/0/RSP0/CPU0:router(config-igmp)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 8
Example:
RP/0//CPU0:router# show pim ipv4 group-map
Step 9
show pim [vrf vrf-name] [ipv4] topology [source-ip-address [group-ip-address] | entry-flag flag | interface-flag | summary] [route-count]
(Optional) Displays PIM topology table information for a specific group or all groups.
Example:
RP/0/RSP0/CPU0:router# show pim topology
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-172
OL-23107-02
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn xconnect group group-name p2p xconnect-name interworking ipv4 end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# xconnect group grp_1
Step 4
p2p xconnect-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)# p2p vlan1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-173
Implementing Point to Point Layer 2 Services How to Implement Point to Point Layer 2 Services
Command or Action
Step 5
interworking ipv4
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p)# interworking ipv4
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RP0/CPU0:router(config-if)# end
or
RP/0/RP0/CPU0:router(config-if)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-174
OL-23107-02
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
L2VPN Interface Configuration: Example, page LSC-175 Local Switching Configuration: Example, page LSC-175 Point-to-Point Cross-connect Configuration: Examples, page LSC-176 Inter-AS: Example, page LSC-176 L2VPN Quality of Service: Example, page LSC-178 Preferred Path: Example, page LSC-178 Pseudowires: Examples, page LSC-178 Viewing Pseudowire Status: Example, page LSC-183 Configuring AToM IP Interworking: Example, page LSC-185
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-175
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
Static Configuration
This example shows how to configure a static point-to-point cross-connect:
configure l2vpn xconnect group vlan_grp_1 p2p vlan1 interface GigabitEthernet0/0/0/0.1 neighbor 10.2.1.1 pw-id 1 commit
Dynamic Configuration
This example shows how to configure a dynamic point-to-point cross-connect:
configure l2vpn xconnect group vlan_grp_1 p2p vlan1 interface GigabitEthernet0/0/0/0.1 neighbor 10.2.1.1 pw-id 1 commit
Inter-AS: Example
This example shows how to set up an AC to AC cross-connect from AC1 to AC2:
router-id Loopback0 interface Loopback0 ipv4 address 10.0.0.5 255.255.255.255 ! interface GigabitEthernet0/1/0/0.1 l2transport encapsulation dot1q 1 ! ! interface GigabitEthernet0/0/0/3 ipv4 address 10.45.0.5 255.255.255.0 keepalive disable ! interface GigabitEthernet0/0/0/4 ipv4 address 10.5.0.5 255.255.255.0 keepalive disable ! router ospf 100 log adjacency changes detail area 0 interface Loopback0 ! interface GigabitEthernet0/0/0/3 ! interface GigabitEthernet0/0/0/4 ! ! !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-176
OL-23107-02
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
router bgp 100 address-family ipv4 unicast allocate-label all ! neighbor 10.2.0.5 remote-as 100 update-source Loopback0 address-family ipv4 unicast ! address-family ipv4 labeled-unicast ! ! ! l2vpn xconnect group cisco p2p cisco1 interface GigabitEthernet0/1/0/0.1 neighbor 10.0.1.5 pw-id 101 ! p2p cisco2 interface GigabitEthernet0/1/0/0.2 neighbor 10.0.1.5 pw-id 102 ! p2p cisco3 interface GigabitEthernet0/1/0/0.3 neighbor 10.0.1.5 pw-id 103 ! p2p cisco4 interface GigabitEthernet0/1/0/0.4 neighbor 10.0.1.5 pw-id 104 ! p2p cisco5 interface GigabitEthernet0/1/0/0.5 neighbor 10.0.1.5 pw-id 105 ! p2p cisco6 interface GigabitEthernet0/1/0/0.6 neighbor 10.0.1.5 pw-id 106 ! p2p cisco7 interface GigabitEthernet0/1/0/0.7 neighbor 10.0.1.5 pw-id 107 ! p2p cisco8 interface GigabitEthernet0/1/0/0.8 neighbor 10.0.1.5 pw-id 108 ! p2p cisco9 interface GigabitEthernet0/1/0/0.9 neighbor 10.0.1.5 pw-id 109 ! p2p cisco10 interface GigabitEthernet0/1/0/0.10 neighbor 10.0.1.5 pw-id 110 ! ! ! mpls ldp router-id Loopback0 log neighbor ! interface GigabitEthernet0/0/0/3 !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-177
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
Pseudowires: Examples
The examples include these devices and connections:
T-PE2 node
Cross-connect with an AC interface (facing CE2) Pseudowire to S-PE1 node IP address 209.165.200.254
S-PE1 node
Multisegment pseudowire cross-connect with a pseudowire segment to T-PE1 node Pseudowire segment to T-PE2 node IP address 209.165.202.158
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-178
OL-23107-02
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-179
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-180
OL-23107-02
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-181
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
RP/0/RSP0/CPU0:T-PE2(config-l2vpn-xc-p2p)# neighbor 10.165.200.254 pw-id 300 RP/0/RSP0/CPU0:T-PE2(config-l2vpn-xc-p2p-pw)# pw-class dynamic_mpls RP/0/RSP0/CPU0:T-PE2(config-l2vpn-xc-p2p-pw)# commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-182
OL-23107-02
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved, LU = Local Up, RU = Remote Up, CO = Connected XConnect Group Name ST Segment 1 Description ST Segment 2 Description ST
-----------------------MS-PW1 ms-pw1 UP
------------------------10.165.200.225 100 UP
------------------------10.165.202.158 300 UP
--------------------------------------------------------------------------------
------------ ------------------------------ ----------------------------Label Group ID Interface MTU 16004 0x2000400 GigabitEthernet0/1/0/2.2 1500 16006 0x2000700 GigabitEthernet0/1/0/0.3 1500 enabled Ethernet VLAN 0x2 (LSP ping verification) 0x7 (control word) (router alert label) (TTL expiry) (TTL expiry)
VCCV CV type 0x2 (LSP ping verification) VCCV CC type 0x5 (control word)
------------ ------------------------------ ----------------------------Incoming PW Switching TLVs (Label Mapping message): None Incoming Status (PW Status TLV and accompanying PW Switching TLV): Status code: 0x0 (no fault) in Notification message Outgoing PW Switching TLVs (Label Mapping message):
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-183
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
Local IP Address: 10.165.200.254 , Remote IP address: 10.165.202.158 , PW ID: 300 Description: S-PE1 MS-PW between 10.165.200.225 and 10.165.202.158 Outgoing Status (PW Status TLV and accompanying PW Switching TLV): Status code: 0x0 (no fault) in Notification message Local IP Address: 10.165.200.254 Create time: 04/04/2008 23:18:24 (00:01:24 ago) Last time status changed: 04/04/2008 23:19:30 (00:00:18 ago) Statistics: packet totals: receive 0 byte totals: receive 0 PW: neighbor 10.165.202.158 , PW ID 300, state is up ( established ) PW class not set Encapsulation MPLS, protocol LDP PW type Ethernet VLAN, control word enabled, interworking none PW backup disable delay 0 sec Sequencing not set PW Status TLV in use MPLS Local Remote
------------ ------------------------------ ----------------------------Label Group ID Interface MTU 16004 0x2000800 GigabitEthernet0/1/0/0.3 1500 16006 0x2000200 GigabitEthernet0/1/0/2.2 1500 enabled Ethernet VLAN 0x2 (LSP ping verification) 0x7 (control word) (router alert label) (TTL expiry) (TTL expiry)
VCCV CV type 0x2 (LSP ping verification) VCCV CC type 0x5 (control word)
------------ ------------------------------ ----------------------------Incoming PW Switching TLVs (Label Mapping message): None Incoming Status (PW Status TLV and accompanying PW Switching TLV): Status code: 0x0 (no fault) in Notification message Outgoing PW Switching TLVs (Label Mapping message): Local IP Address: 10.165.200.254 , Remote IP address: 10.165.200.225, PW ID: 100 Description: S-PE1 MS-PW between 10.165.200.225 and 10.165.202.158 Outgoing Status (PW Status TLV and accompanying PW Switching TLV): Status code: 0x0 (no fault) in Notification message Local IP Address: 10.165.200.254 Create time: 04/04/2008 23:18:24 (00:01:24 ago) Last time status changed: 04/04/2008 23:19:30 (00:00:18 ago) Statistics:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-184
OL-23107-02
Implementing Point to Point Layer 2 Services Configuration Examples for Point to Point Layer 2 Services
packet totals: receive 0 byte totals: receive 0 RP/0/RSP0/CPU0:router# ""Show l2vpn xconnect summary": added PW-PW count. "Show l2vpn forwarding location <> (no change: does not display MS-PWs) "Show l2vpn forwarding summary location <> (no change: does not display MS-PWs)
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-185
Additional References
For additional information related to implementing MPLS Layer 2 VPN, refer to these.
Related Documents
Related Topic Cisco IOS XR L2VPN commands Layer 2 VPNs MPLS VPNs over IP Tunnels Getting started material Document Title Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide
Standards
Standards1 No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. Title
MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs RFC 4447 RFC 4448 Title Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP), April 2006 Encapsulation Methods for Transport of Ethernet over MPLS Networks, April 2006
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-186
OL-23107-02
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-187
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-188
OL-23107-02
Note
This approach enables service providers to host a multitude of new services such as broadcast TV and Layer 2 VPNs.For more information about MPLS Layer 2 VPN on Cisco ASR 9000 Series Routers and for descriptions of the commands listed in this module, see the Related Documents section. To locate documentation for other commands that might appear while executing a configuration task, search online in the Cisco IOS XR software master command index.
Feature History for Implementing Multipoint Layer 2 Services on Cisco ASR 9000 Series Routers
Release Modification
This feature was introduced on Cisco ASR 9000 Series Routers. These features were added:
Blocking unknown unicast flooding. Disabling MAC flush. Multiple Spanning Tree Access Gateway Scale enhancements were introduced. See Table 4 on page 369 for more information on scale enhancements.
Support for VPLS with BGP Autodiscovery and LDP Signaling was added. Support was added for the following features:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-189
Contents
Prerequisites for Implementing Multipoint Layer 2 Services, page LSC-190 Information About Implementing Multipoint Layer 2 Services, page LSC-190 How to Implement Multipoint Layer 2 Services, page LSC-204 Configuration Examples for Multipoint Layer 2 Services, page LSC-261 Additional References, page LSC-281
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Configure IP routing in the core so that the provider edge (PE) routers can reach each other through IP. Configure a loopback interface to originate and terminate Layer 2 traffic. Make sure that the PE routers can access the other router's loopback interface.
Note
The loopback interface is not needed in all cases. For example, tunnel selection does not need a loopback interface when VPLS is directly mapped to a TE tunnel.
Configure MPLS and Label Distribution Protocol (LDP) in the core so that a label switched path (LSP) exists between the PE routers. The core side interfaces must be Ethernet based. When VPLS is configured, POS, Frame Relay and PPP/MLPPP interfaces are not supported as core side interfaces.
Virtual Private LAN Services Overview, page LSC-191 VPLS for an MPLS-based Provider Core, page LSC-193 VPLS Discovery and Signaling, page LSC-195 MAC Address-related Parameters, page LSC-198 LSP Ping over VPWS and VPLS, page LSC-201 Split Horizon Groups, page LSC-201 Layer 2 Security, page LSC-202
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-190
OL-23107-02
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Bridge Domain
The native bridge domain refers to a Layer 2 broadcast domain consisting of a set of physical or virtual ports (including VFI). Data frames are switched within a bridge domain based on the destination MAC address. Multicast, broadcast, and unknown destination unicast frames are flooded within the bridge domain. In addition, the source MAC address learning is performed on all incoming frames on a bridge domain. A learned address is aged out. Incoming frames are mapped to a bridge domain, based on either the ingress port or a combination of both an ingress port and a MAC header field. By default, split horizon is enabled on a bridge domain. In other words, any packets that are coming on either the attachment circuits or pseudowires are not returned on the same attachment circuits or pseudowires. In addition, the packets that are received on one pseudowire are not replicated on other pseudowires in the same VFI.
Flood Optimization
A Cisco ASR 9000 Series Router, while bridging traffic in a bridge domain, minimizes the amount of traffic that floods unnecessarily. The Flood Optimization feature accomplishes this functionality. However, in certain failure recovery scenarios, extra flooding is actually desirable in order to prevent traffic loss. Traffic loss occurs during a temporary interval when one of the bridge port links becomes inactive, and a standby link replaces it. In some configurations, optimizations to minimize traffic flooding is achieved at the expense of traffic loss during the short interval in which one of the bridge's links fails, and a standby link replaces it. Therefore, Flood Optimization can be configured in different modes to specify a particular flooding behavior suitable for your configuration. These flood optimization modes can be configured:
Flooded traffic is sent only to the line cards on which a bridge port or pseudowire that is attached to the bridge domain resides. This is the default mode.
Convergence Mode
Flooded traffic is sent to all line cards in the system. Traffic is flooded regardless of whether they have a bridge port or a pseudowire that is attached to the bridge domain. If there are multiple Equal Cost MPLS Paths (ECMPs) attached to that bridge domain, traffic is flooded to all ECMPs. The purpose of Convergence Mode is to ensure that an absolute minimum amount of traffic is lost during the short interval of a bridge link change due to a failure.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-191
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
The Traffic Engineering Fast Reroute (TE FRR) Optimized Mode is similar to the Bandwidth Optimized Mode, except for the flooding behavior with respect to any TE FRR pseudowires attached to the bridge domain. In TE FRR Optimized Mode, traffic is flooded to both the primary and backup FRR interfaces. This mode is used to minimize traffic loss during an FRR failover, thus ensuring that the bridge traffic complies with the FRR recovery time constraints.
Mandatory inspectionThe senders MAC address, IPv4 address, receiving bridge port XID and bridge are checked. Optional inspectionThe following items are validated:
Source MAC: The senders and source MACs are checked. The check is performed on all ARP
or RARP packets.
Destination MAC: The target and destination MACs are checked. The check is performed on all
0.0.0.0, a multicast address or a broadcast address. For ARP Reply and ARP Reply Reverse, a check is performed to verify if the target IPv4 address is 0.0.0.0, a multicast address or a broadcast address. This check is performed on Request, Reply and Reply Reverse packets.
Note
The DAI feature is supported on attachment circuits and EFPs. Currently, the DAI feature is not supported on pseudowires.
IP Source Guard
IP source guard (IPSG) is a security feature that filters traffic based on the DHCP snooping binding database and on manually configured IP source bindings in order to restrict IP traffic on non-routed Layer 2 interfaces. The IPSG feature provides source IP address filtering on a Layer 2 port, to prevent a malicious hosts from manipulating a legitimate host by assuming the legitimate host's IP address. This feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-192
OL-23107-02
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Initially, all IP traffic, except for DHCP packets, on the EFP configured for IPSG is blocked. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address.
Note
The IPSG feature is supported on attachment circuits and EFPs. Currently, the IPSG feature is not supported on pseudowires.
Pseudowires
A pseudowire is a point-to-point connection between pairs of PE routers. Its primary function is to emulate services like Ethernet over an underlying core MPLS network through encapsulation into a common MPLS format. By encapsulating services into a common MPLS format, a pseudowire allows carriers to converge their services to an MPLS network.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-193
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
The MPLS/IP provider core simulates a virtual bridge that connects the multiple attachment circuits on each of the PE devices together to form a single broadcast domain. This also requires all of the PE routers that are participating in a VPLS instance to form emulated virtual circuits (VCs) among them. Now, the service provider network starts switching the packets within the bridged domain specific to the customer by looking at destination MAC addresses. All traffic with unknown, broadcast, and multicast destination MAC addresses is flooded to all the connected customer edge devices, which connect to the service provider network. The network-facing provider edge devices learn the source MAC addresses as the packets are flooded. The traffic is unicasted to the customer edge device for all the learned MAC addresses.
VPLS Architecture
The basic or flat VPLS architecture allows for the end-to-end connection between the provider edge (PE) routers to provide multipoint ethernet services. Figure 19 shows a flat VPLS architecture illustrating the interconnection between the network provider edge (N-PE) nodes over an IP/MPLS network.
Figure 19 Basic VPLS Architecture
The VPLS network requires the creation of a bridge domain (Layer 2 broadcast domain) on each of the PE routers. The VPLS provider edge device holds all the VPLS forwarding MAC tables and bridge domain information. In addition, it is responsible for all flooding broadcast frames and multicast replications. The PEs in the VPLS architecture are connected with a full mesh of Pseudowires (PWs). A Virtual Forwarding Instance (VFI) is used to interconnect the mesh of pseudowires. A bridge domain is connected to a VFI to create a Virtual Switching Instance (VSI), that provides Ethernet multipoint bridging over a PW mesh. VPLS network links the VSIs using the MPLS pseudowires to create an emulated Ethernet Switch. With VPLS, all customer equipment (CE) devices participating in a single VPLS instance appear to be on the same LAN and, therefore, can communicate directly with one another in a multipoint topology, without requiring a full mesh of point-to-point circuits at the CE device. A service provider can offer VPLS service to multiple customers over the MPLS network by defining different bridged domains for different customers. Packets from one bridged domain are never carried over or delivered to another bridged domain, thus ensuring the privacy of the LAN service.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-194
OL-23107-02
243446
Ethernet (VLAN/Port/EFP
Ethernet (VLAN/Port/EFP
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
VPLS transports Ethernet IEEE 802.3, VLAN IEEE 802.1q, and VLAN-in-VLAN (q-in-q) traffic across multiple sites that belong to the same Layer 2 broadcast domain. VPLS offers simple VLAN services that include flooding broadcast, multicast, and unknown unicast frames that are received on a bridge. The VPLS solution requires a full mesh of pseudowires that are established among PE routers. The VPLS implementation is based on Label Distribution Protocol (LDP)-based pseudowire signaling.
Refer to the Configuration Examples for Multipoint Layer 2 Services section for examples on these bridging features.
VPLS Autodiscovery eliminates the need to manually provision VPLS neighbors. VPLS Autodiscovery enables each VPLS PE router to discover the other provider edge (PE) routers that are part of the same VPLS domain. Once the PEs are discovered, pseudowires (PWs) are signaled and established across each pair of PE routers forming a full mesh of PWs across PE routers in a VPLS domain
VPLS Autodiscovery and Signaling
Figure 20
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-195
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Tunnel LSP = LDP Payload BGP VC Label Traffic Flow LDP IGP Label
249875
The BGP signaling and autodiscovery scheme has the following components:
A means for a PE to learn which remote PEs are members of a given VPLS. This process is known as autodiscovery. A means for a PE to learn the pseudowire label expected by a given remote PE for a given VPLS. This process is known as signaling.
The BGP Network Layer Reachability Information (NLRI) takes care of the above two components simultaneously. The NLRI generated by a given PE contains the necessary information required by any other PE. These components enable the automatic setting up of a full mesh of pseudowires for each VPLS without having to manually configure those pseudowires on each PE.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-196
OL-23107-02
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Figure 22 shows the NLRI format for VPLS with BGP AD and Signaling
Figure 22 NLRI Format
Length (2 octets) Route Distinguisher (8 octets) VE ID (2 octets) VE Block Offset (2 octets) VE Block Size (2 octets) Label Base (3 octets)
249880
Tunnel LSP = LDP Payload LDP VC Label Traffic Flow LDP IGP Label
249877
A PE router advertises an identifier through BGP for each VPLS. This identifier is unique within the VPLS instance and acts like a VPLS ID. The identifier enables the PE router receiving the BGP advertisement to identify the VPLS associated with the advertisement and import it to the correct VPLS instance. In this manner, for each VPLS, a PE router learns the other PE routers that are members of the VPLS. The LDP protocol is used to configure a pseudowire to all the other PE routers. FEC 129 is used for the signaling. The information carried by FEC 129 includes the VPLS ID, the Target Attachment Individual Identifier (TAII) and the Source Attachment Individual Identifier (SAII).
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-197
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
The LDP advertisement also contains the inner label or VPLS label that is expected for the incoming traffic over the pseudowire. This enables the LDP peer to identify the VPLS instance with which the pseudowire is to be associated and the label value that it is expected to use when sending traffic on that pseudowire.
NLRI and Extended Communities
Figure 24 depicts Network Layer Reachability Information (NLRI) and extended communities (Ext Comms).
Figure 24 NLRI and Extended Communities
NLRI: Length (2 octets) Route Distinguisher (8 octets) L2VPN Router ID (4 octets) Ext Comms: VPLS-ID (8 octets) Route Target (8 octets)
249879
MAC Address Flooding, page LSC-199 MAC Address-based Forwarding, page LSC-199 MAC Address Source-based Learning, page LSC-199 MAC Address Aging, page LSC-199 MAC Address Limit, page LSC-200 MAC Address Withdrawal, page LSC-200 MAC Address Security, page LSC-201
Note
After you modify the MAC limit or action at the bridge domain level, ensure that you shut and unshut the bridge domain for the action to take effect. If you modify the MAC limit or action on an attachment circuit (through which traffic is passing), the attachment circuit must be shut and unshut for the action to take effect.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-198
OL-23107-02
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Note
Split horizon forwarding applies in this case, for example, frames that are coming in on an attachment circuit or pseudowire are sent out of the same pseudowire. The pseudowire frames, which are received on one pseudowire, are not replicated on other pseudowires in the same virtual forwarding instance (VFI).
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-199
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Note
Cisco ASR 9000 Series Routers support MAC limits on bridge port only when they are set on all the ports in a bridge domain. In this case, the bridge domain limit must be set to the value higher than the sum of limits on all ports in the bridge domain. When the MAC address limit is violated, the system is configured to take one of the actions that are listed in Table 1.
Table 1 MAC Address Limit Actions
Description Discards the new MAC addresses. Discards the new MAC addresses. Flooding of unknown unicast packets is disabled. Disables forwarding MAC addresses.
Syslog (default) Simple Network Management Protocol (SNMP) trap Syslog and SNMP trap None (no notification)
To clear the MAC limit condition, the number of MACs must go below 75 percent of the configured limit.
Note
By default, the LDP MAC Withdrawal feature is enabled on Cisco IOS XR. The LDP MAC Withdrawal feature is generated due to these events:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-200
OL-23107-02
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Attachment circuit goes down. You can remove or add the attachment circuit through the CLI. MAC withdrawal messages are received over a VFI pseudowire and are not propagated over access pseudowires. RFC 4762 specifies that both wildcards (by means of an empty Type, Length and Value [TLV]) and a specific MAC address withdrawal. Cisco IOS XR software supports only a wildcard MAC address withdrawal.
the packet is dropped the second EFP is shutdown the packet is learned and the MAC from the original EFP is flushed
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-201
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
Table 2
Defaultany member not covered by groups 1 Yes or 2. Any PW configured under VFI. No Any AC or PW configured with split-horizon No keyword. Important notes on Split Horizon Groups:
All bridge ports or PWs that are members of a bridge domain must belong to one of the three groups. By default, all bridge ports or PWs are members of group 0. The VFI configuration submode under a bridge domain configuration indicates that members under this domain are included in group 1. A PW that is configured in group 0 is called an Access Pseudowire. The split-horizon group command is used to designate bridge ports or PWs as members of group 2. The ASR9000 only supports one VFI group.
Layer 2 Security
These topics describe the Layer 2 VPN extensions to support Layer 2 security:
Port Security, page LSC-202 Dynamic Host Configuration Protocol Snooping, page LSC-203
Port Security
Use port security with dynamically learned and static MAC addresses to restrict a ports ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When secure MAC addresses are assigned to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If the number of secure MAC addresses is limited to one and assigned a single secure MAC address, the device attached to that port has the full bandwidth of the port. These port security features are supported:
Limits the MAC table size on a bridge or a port. Facilitates actions and notifications for a MAC address. Enables the MAC aging time and mode for a bridge or a port. Filters static MAC addresses on a bridge or a port. Marks ports as either secure or nonsecure. Enables or disables flooding on a bridge or a port.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-202
OL-23107-02
Implementing Multipoint Layer 2 Services Information About Implementing Multipoint Layer 2 Services
After you have set the maximum number of secure MAC addresses on a port, you can configure port security to include the secure addresses in the address table in one of these ways:
Statically configure all secure MAC addresses by using the static-address command. Allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices. Statically configure a number of addresses and allow the rest to be dynamically configured.
Validates DHCP messages received from untrusted sources and filters out invalid messages. Rate-limits DHCP traffic from trusted and untrusted sources. Builds and maintains the binding database of DHCP snooping, which contains information about untrusted hosts with leased IP addresses. Utilizes the binding database of DHCP snooping to validate subsequent requests from untrusted hosts.
For additional information regarding DHCP, see the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-203
Configuring a Bridge Domain, page LSC-204 Configuring Layer 2 Security, page LSC-220 Configuring a Layer 2 Virtual Forwarding Instance, page LSC-224 Configuring the MAC Address-related Parameters, page LSC-236 Configuring an Attachment Circuit to the AC Split Horizon Group, page LSC-251 Adding an Access Pseudowire to the AC Split Horizon Group, page LSC-253 Configuring VPLS with BGP Autodiscovery and Signaling, page LSC-254 Configuring VPLS with BGP Autodiscovery and LDP Signaling, page LSC-257
Creating a Bridge Domain, page LSC-204 Configuring a Pseudowire, page LSC-206 Associating Members with a Bridge Domain, page LSC-209 Configuring Bridge Domain Parameters, page LSC-211 Disabling a Bridge Domain, page LSC-214 Blocking Unknown Unicast Flooding, page LSC-216 Changing the Flood Optimization Mode, page LSC-217
SUMMARY STEPS
1. 2. 3. 4. 5.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-204
OL-23107-02
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group that can contain bridge domains, and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-205
Configuring a Pseudowire
Perform this task to configure a pseudowire under a bridge domain.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} exit neighbor {A.B.C.D} {pw-id value} dhcp ipv4 snoop profile {dhcp_snoop_profile_name} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-206
OL-23107-02
Command or Action
Step 5
vfi {vfi-name}
Purpose Configures the virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
Use the vfi-name argument to configure the name of the specified virtual forwarding interface.
Step 6
exit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 7
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)#
Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI).
Note
Use the A.B.C.D argument to specify the IP address of the cross-connect peer. A.B.C.D can be a recursive or non-recursive prefix. Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-207
Command or Action
Step 8
dhcp ipv4 snoop profile {dhcp_snoop_profile_name}
Purpose Enables DHCP snooping on the bridge, and attaches a DHCP snooping profile.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# dhcp ipv4 snoop profile profile1
Step 9
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-208
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name interface type interface-path-id static-mac-address {MAC-address} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-209
Command or Action
Step 5
interface type interface-path-id
Purpose Enters interface configuration mode and adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/4/0/0 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#
Step 6
static-mac-address {MAC-address}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# static-mac-address 1.1.1
Configures the static MAC address to associate a remote MAC address with a pseudowire or any other bridge interface.
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-210
OL-23107-02
Maximum transmission unit (MTU)Specifies that all members of a bridge domain have the same MTU. The bridge domain member with a different MTU size is not used by the bridge domain even though it is still associated with a bridge domain. FloodingEnables or disables flooding on the bridge domain. By default, flooding is enabled. Dynamic ARP Inspection (DAI)Ensures only valid ARP requests and responses are relayed. IP SourceGuard (IPSG)Enables source IP address filtering on a Layer 2 port.
Note
To verify if the DAI and IPSG features are working correctly, look up the packets dropped statistics for DAI and IPSG violation. The packet drops statistics can be viewed in the output of the show l2vpn bridge-domain bd-name <> detail command.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name flooding disable mtu bytes dynamic-arp-inspection {address-validation | disable | logging} ip-source-guard logging end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-211
Command or Action
Step 3
bridge group bridge-group-name
Purpose Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
flooding disable
Configures flooding for traffic at the bridge domain level or at the bridge port level.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# flooding disable
Step 6
mtu bytes
Adjusts the maximum packet size or maximum transmission unit (MTU) size for the bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mtu 1000
Use the bytes argument to specify the MTU size, in bytes. The range is from 64 to 65535.
Step 7
Enters the dynamic ARP inspection configuration submode. Ensures only valid ARP requests and responses are relayed.
Note
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# dynamic-arp-inspection
You can configure dynamic ARP inspection under the bridge domain or the bridge port.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-212
OL-23107-02
Command or Action
Step 8
ip-source-guard logging
Purpose Enters the IP source guard configuration submode and enables source IP address filtering on a Layer 2 port. You can enable IP source guard under the bridge domain or the bridge port. By default, bridge ports under a bridge inherit the IP source guard configuration from the parent bridge. By default, IP source guard is disabled on the bridges.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# ip-source-guard logging
Step 9
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-213
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name shutdown end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-214
OL-23107-02
Command or Action
Step 5
shutdown
Purpose Shuts down a bridge domain to bring the bridge and all attachment circuits and pseudowires under it to admin down state. Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-215
Note
If you disable flooding of unknown unicast traffic on the bridge domain, all ports within the bridge domain inherit this configuration. You can configure the bridge ports to override the bridge domain configuration.
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn bridge group bridge-group name bridge-domain bridge-domain name flooding unknown-unicast disable end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-216
OL-23107-02
Command or Action
Step 5
flooding unknown-unicast disable
Purpose Disables flooding of unknown unicast traffic at the bridge domain level.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# flooding unknown-unicast disable
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn bridge group bridge-group name bridge-domain bridge-domain name flood mode convergence-optimized end or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-217
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-218
OL-23107-02
Command or Action
Step 5
flood mode convergence-optimized
Purpose Changes the default flood optimization mode from Bandwidth Optimization Mode to Convergence Mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# flood mode convergence-optimized
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-219
Enabling Layer 2 Security, page LSC-220 Attaching a Dynamic Host Configuration Protocol Profile, page LSC-221
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name security end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Assigns each network interface to a bridge group and enters L2VPN bridge group configuration mode.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-220
OL-23107-02
Command or Action
Step 5
security
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# security
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit
to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name dhcp ipv4 snoop {profile profile-name} end or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-221
DETAILED STEPS
Command or Action
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2 l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Assigns each network interface to a bridge group and enters L2VPN bridge group configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-222
OL-23107-02
Command or Action
Step 5 dhcp ipv4 snoop {profile profile-name}
Purpose Enables DHCP snooping on a bridge and attaches DHCP snooping profile to the bridge.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# dhcp ipv4 snoop profile attach
Use the profile keyword to attach a DHCP profile. The profile-name argument is the profile name for DHCPv4 snooping. When you issue the end command, the system prompts you to commit changes:
uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 6 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit
changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration
session and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-223
Adding the Virtual Forwarding Instance Under the Bridge Domain, page LSC-224 Associating Pseudowires with the Virtual Forwarding Instance, page LSC-226 Associating a Virtual Forwarding Instance to a Bridge Domain, page LSC-228 Attaching Pseudowire Classes to Pseudowires, page LSC-230 Configuring Any Transport over Multiprotocol Pseudowires By Using Static Labels, page LSC-232 Disabling a Virtual Forwarding Instance, page LSC-234
SUMMARY STEPS
1. 2. 3. 4. 5. 6.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-224
OL-23107-02
Command or Action
Step 4
bridge-domain bridge-domain-name
Purpose Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
vfi {vfi-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.
Step 6
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-225
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} neighbor {A.B.C.D} {pw-id value} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
vfi {vfi-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-226
OL-23107-02
Command or Action
Step 6
neighbor {A.B.C.D} {pw-id value}
Purpose Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)#
Use the A.B.C.D argument to specify the IP address of the cross-connect peer. Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 7
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-227
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} neighbor {A.B.C.D} {pw-id value} static-mac-address {MAC-address} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
vfi {vfi-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-228
OL-23107-02
Command or Action
Step 6
neighbor {A.B.C.D} {pw-id value}
Purpose Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)#
Use the A.B.C.D argument to specify the IP address of the cross-connect peer. Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295.
Step 7
static-mac-address {MAC-address}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# static-mac-address 1.1.1
Configures the static MAC address to associate a remote MAC address with a pseudowire or any other bridge interface.
Step 8
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-229
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} neighbor {A.B.C.D} {pw-id value} pw-class {class-name} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
vfi {vfi-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-230
OL-23107-02
Command or Action
Step 6
neighbor {A.B.C.D} {pw-id value}
Purpose Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)#
Use the A.B.C.D argument to specify the IP address of the cross-connect peer. Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295.
Step 7
pw-class {class-name}
Configures the pseudowire class template name to use for the pseudowire.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# pw-class canada
Step 8
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-231
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} neighbor {A.B.C.D} {pw-id value} mpls static label {local value} {remote value} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-232
OL-23107-02
Command or Action
Step 5
vfi {vfi-name}
Purpose Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
Step 6
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)#
Adds an access pseudowire port to a bridge domain or a pseudowire to a bridge virtual forwarding interface (VFI).
Use the A.B.C.D argument to specify the IP address of the cross-connect peer. Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295.
Step 7
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# mpls static label local 800 remote 500
Configures the MPLS static labels and the static labels for the access pseudowire configuration. You can set the local and remote pseudowire labels.
Step 8
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-233
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} shutdown end or commit show l2vpn bridge-domain [detail]
8.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-234
OL-23107-02
Command or Action
Step 5
vfi {vfi-name}
Purpose Configures virtual forwarding interface (VFI) parameters and enters L2VPN bridge group bridge domain VFI configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
Step 6
shutdown
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# shutdown
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 8
show l2vpn bridge-domain [detail] Example: RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Displays the state of the VFI. For example, if you shut down the VFI, the VFI is shown as shut down under the bridge domain.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-235
Configuring the MAC Address Source-based Learning, page LSC-236 Enabling the MAC Address Withdrawal, page LSC-239 Configuring the MAC Address Limit, page LSC-241 Configuring the MAC Address Aging, page LSC-244 Disabling MAC Flush at the Bridge Port Level, page LSC-247 Configuring MAC Address Security, page LSC-249
The MAC table attributes are set for the bridge domains.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name mac learning disable end or commit show l2vpn bridge-domain [detail]
8.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-236
OL-23107-02
Command or Action
Step 3
bridge group bridge-group-name
Purpose Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
mac
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)#
Step 6
learning disable
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# learning disable
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-237
Command or Action
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 8
Displays the details that the MAC address source-based learning is disabled on the bridge.
Example:
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-238
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name mac withdrawal end or commit show l2vpn bridge-domain [detail]
8.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
mac
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-239
Command or Action
Step 6
withdrawal
Purpose Enables the MAC address withdrawal for a specified bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# withdrawal
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 8
Example:
P/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Displays detailed sample output to specify that the MAC address withdrawal is enabled. In addition, the sample output displays the number of MAC withdrawal messages that are sent over or received from the pseudowire.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-240
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name mac limit maximum {value} action {flood | no-flood | shutdown} notification {both | none | trap} or commit
10. end
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-241
Command or Action
Step 5
mac
Purpose Enters L2VPN bridge group bridge domain MAC configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)#
Step 6
limit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# limit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)#
Sets the MAC address limit for action, maximum, and notification and enters L2VPN bridge group bridge domain MAC limit configuration mode.
Step 7
maximum {value}
Configures the specified action when the number of MAC addresses learned on a bridge is reached.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# maximum 5000
Step 8
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# action flood
Configures the bridge behavior when the number of learned MAC addresses exceed the MAC limit configured.
Step 9
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# notification both
Specifies the type of notification that is sent when the number of learned MAC addresses exceeds the configured limit.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-242
OL-23107-02
Command or Action
Step 10
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 11
Example:
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-243
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name mac aging time {seconds} type {absolute | inactivity} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters L2VPN bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-244
OL-23107-02
Command or Action
Step 5
mac
Purpose Enters L2VPN bridge group bridge domain MAC configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)#
Step 6
aging
Enters the MAC aging configuration submode to set the aging parameters such as time and type.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# aging RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)#
Step 7
time {seconds}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# time 300
Use the seconds argument to specify the maximum age of the MAC address table entry. The range is from 300 to 30000 seconds. Aging time is counted from the last time that the switch saw the MAC address. The default value is 300 seconds. Use the absolute keyword to configure the absolute aging type. Use the inactivity keyword to configure the inactivity aging type.
Step 8
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# type absolute
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-245
Command or Action
Step 9
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 10
Example:
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-246
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group bridge-group name bridge-domain bridge-domain name mac port-down flush disable end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-247
Command or Action
Step 5
mac
Purpose Enters l2vpn bridge group bridge domain MAC configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)#
Step 6
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# port-down flush disable
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-248
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
configure l2vpn bridge group bridge-group name bridge-domain bridge-domain name neighbor {A.B.C.D} {pw-id value} mac secure end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
Creates a bridge group so that it can contain bridge domains and then assigns network interfaces to the bridge domain.
Step 4
bridge-domain bridge-domain-name
Establishes a bridge domain and enters l2vpn bridge group bridge domain configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-249
Command or Action
Step 5
neighbor {A.B.C.D} {pw-id value}
Purpose Adds an access pseudowire port to a bridge domain, or a pseudowire to a bridge virtual forwarding interface (VFI).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.1.1.2 pw-id 1000 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)#
Use the A.B.C.D argument to specify the IP address of the cross-connect peer. Use the pw-id keyword to configure the pseudowire ID and ID value. The range is 1 to 4294967295.
Step 6
mac
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# mac RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-mac)#
Step 7
Enters MAC secure configuration mode. By default, bridge ports (interfaces and access pseudowires) under a bridge inherit the security configuration from the parent bridge.
Note
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-mac)# secure RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-mac- secure)#
Once a bridge port goes down, a clear command must be issued to bring the bridge port up. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 8
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-mac- secure)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw-mac- secure)# commit
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-250
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name interface type instance split-horizon group commit end show l2vpn bridge-domain detail
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA
Step 4
bridge-domain bridge-domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet0/1/0/6
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-251
Command or Action
Step 6
split-horizon group
Purpose Adds this interface to the split horizon group for ACs. Only one split horizon group for ACs for a bridge domain is supported.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# split-horizon group
Step 7
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit
Step 8
end
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# end
Step 9
Displays information about bridges, including whether each AC is in the AC split horizon group or not.
Example:
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-252
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name neighbor A.B.C.D pw-id pseudowire-id split-horizon group commit end show l2vpn bridge-domain detail
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA
Step 4
bridge-domain bridge-domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.2.2.2 pw-id 2000
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-253
Command or Action
Step 6
split-horizon group
Purpose Adds this access pseudowire to the split horizon group for ACs.
Note
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# split-horizon group
Only one split horizon group for ACs and access pseudowires per bridge domain is supported.
Step 7
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit
Step 8
end
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end
Step 9
Displays information about bridges, including whether each access pseudowire is in the AC split horizon group or not.
Example:
RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} vpn-id vpn-id autodiscovery bgp rd {as-number:nn | ip-address:nn | auto} route-target {as-number:nn | ip-address:nn | export | import}
10. route-target import {as-number:nn | ip-address:nn} 11. route-target export {as-number:nn | ip-address:nn} 12. signaling-protocol bgp 13. ve-id {number}
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-254
OL-23107-02
or end
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA
Step 4
bridge-domain bridge-domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east
Step 5
vfi {vfi-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi vfi-east
Step 6
vpn-id vpn-id
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# vpn-id 100
Specifies the identifier for the VPLS service. The VPN ID has to be globally unique within a PE router. i.e., the same VPN ID cannot exist in multiple VFIs on the same PE router. In addition, a VFI can have only one VPN ID. Enters BGP autodiscovery configuration mode where all BGP autodiscovery parameters are configured. This command is not provisioned to BGP until at least the VPN ID and the signaling protocol is configured.
Step 7
autodiscovery bgp
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# autodiscovery bgp
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-255
Command or Action
Step 8
rd {as-number:nn|ip-address:nn|auto}
The RD is used in the BGP NLRI to identify VFI. Only one RD can be configured per VFI, and except for rd auto RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# the same RD cannot be configured in multiple VFIs on the rd auto same PE.
Example:
When rd auto is configured, the RD value is as follows: {BGP Router ID}:{16 bits auto-generated unique index}.
Step 9
route-target {as-number:nn|ip-address:nn}
At least one import and one export route targets (or just one route target with both roles) need to be configured in Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# each PE in order to establish BGP autodiscovery between route-target 500:99 PEs. If no export or import keyword is specified, it means that the RT is both import and export. A VFI can have multiple export or import RTs. However, the same RT is not allowed in multiple VFIs in the same PE.
Step 10
route-target import {as-number:nn|ip-address:nn}
Import route target is what the PE compares with the RT in the received NLRI: the RT in the received NLRI must RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# match the import RT to determine that the RTs belong to route-target import 200:20 the same VPLS service.
Example:
Step 11
route-target export {as-number:nn|ip-address:nn}
Specifies the export route target for the VFI. Export route target is the RT that is going to be in the NLRI advertised to other PEs.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target export 100:10
Step 12
signaling-protocol bgp
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# signaling-protocol bgp
Enables BGP signaling, and enters the BGP signaling configuration submode where BGP signaling parameters are configured. This command is not provisioned to BGP until VE ID and VE ID range is configured. Specifies the local PE identifier for the VFI for VPLS configuration. The VE ID identifies a VFI within a VPLS service. This means that VFIs in the same VPLS service cannot share the same VE ID. The scope of the VE ID is only within a bridge domain. Therefore, VFIs in different bridge domains within a PE can use the same VE ID.
Step 13
ve-id {number}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- sig)# ve-id 10
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-256
OL-23107-02
Command or Action
Step 14
ve-range {number}
Purpose Overrides the minimum size of VPLS edge (VE) blocks. The default minimum size is 10. Any configured VE range must be higher than 10.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad-s ig)# ve-range 40
Step 15
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- sig)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- sig)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn route-id bridge group bridge-group-name bridge-domain bridge-domain-name vfi {vfi-name} autodiscovery bgp vpn-id vpn-id rd {as-number:nn | ip-address:nn | auto}
10. route-target {as-number:nn | ip-address:nn | export | import} 11. route-target import {as-number:nn | ip-address:nn}
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-257
12. route-target export {as-number:nn | ip-address:nn} 13. signaling-protocol ldp 14. vpls-id {as-number:nn | ip-address:nn} 15. commit
or end
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
router-id ip-address
Specifies a unique Layer 2 (L2) router ID for the provider edge (PE) router. The router ID must be configured for LDP signaling, and is used as the L2 router ID in the BGP NLRI, SAII (local L2 Router ID) and TAII (remote L2 Router ID). Any arbitrary value in the IPv4 address format is acceptable.
Note
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# router-id 1.1.1.1
Each PE must have a unique L2 router ID. This CLI is optional, as a PE automatically generates a L2 router ID using the LDP router ID.
Step 4
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group metroA
Step 5
bridge-domain bridge-domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain east
Step 6
vfi {vfi-name}
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# vfi vfi-east
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-258
OL-23107-02
Command or Action
Step 7
vpn-id vpn-id
Purpose Specifies the identifier for the VPLS service. The VPN ID has to be globally unique within a PE router. i.e., the same VPN ID cannot exist in multiple VFIs on the same PE router. In addition, a VFI can have only one VPN ID. Enters BGP autodiscovery configuration mode where all BGP autodiscovery parameters are configured. This command is not provisioned to BGP until at least the VPN ID and the signaling protocol is configured. Specifies the route distinguisher (RD) under the VFI.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# vpn-id 100
Step 8
autodiscovery bgp
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi)# autodiscovery bgp
Step 9
rd {as-number:nn|ip-address:nn|auto}
The RD is used in the BGP NLRI to identify VFI. Only one RD can be configured per VFI, and except for rd auto RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# the same RD cannot be configured in multiple VFIs on rd auto the same PE.
Example:
When rd auto is configured, the RD value is as follows: {BGP Router ID}:{16 bits auto-generated unique index}.
Step 10
route-target {as-number:nn|ip-address:nn}
At least one import and one export route targets (or just one route target with both roles) need to be configured in Example: RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# each PE in order to establish BGP autodiscovery between route-target 500:99 PEs. If no export or import keyword is specified, it means that the RT is both import and export. A VFI can have multiple export or import RTs. However, the same RT is not allowed in multiple VFIs in the same PE.
Step 11
route-target import {as-number:nn|ip-address:nn}
Import route target is what the PE compares with the RT in the received NLRI: the RT in the received NLRI must RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# match the import RT to determine that the RTs belong to route-target import 200:20 the same VPLS service.
Example:
Step 12
route-target export {as-number:nn|ip-address:nn}
Specifies the export route target for the VFI. Export route target is the RT that is going to be in the NLRI advertised to other PEs.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# route-target export 100:10
Step 13
signaling-protocol bgp
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# signaling-protocol bgp
Enables BGP signaling, and enters the BGP signaling configuration submode where BGP signaling parameters are configured. This command is not provisioned to BGP until VE ID and VE ID range is configured.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-259
Command or Action
Step 14
vpls-id {as-number:nn|ip-address:nn}
Purpose Specifies VPLS ID which identifies the VPLS domain during signaling. This command is optional in all PEs that are in the same Autonomous System (share the same ASN) because a default VPLS ID is automatically generated using BGP's ASN and the configured VPN ID (i.e., the default VPLS ID equals ASN:VPN-ID). If an ASN of 4 bytes is used, the lower two bytes of the ASN are used to build the VPLS ID. In case of InterAS, the VPLS ID must be explicitly configured. Only one VPLS ID can be configured per VFI, and the same VPLS ID cannot be used for multiple VFIs. Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- sig)# vpls-id 10:20
Step 15
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- sig)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- sig)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-260
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Virtual Private LAN Services Configuration for Provider Edge-to-Provider Edge: Example, page LSC-261 Virtual Private LAN Services Configuration for Provider Edge-to-Customer Edge: Example, page LSC-262 Displaying MAC Address Withdrawal Fields: Example, page LSC-263 Split Horizon Group: Example, page LSC-264 Blocking Unknown Unicast Flooding: Example, page LSC-265 Disabling MAC Flush: Examples, page LSC-265 Configuring VPLS with BGP Autodiscovery and Signaling: Example, page LSC-273 Bridging on IOS XR Trunk Interfaces: Example, page LSC-266 Bridging on Ethernet Flow Points: Example, page LSC-270 Changing the Flood Optimization Mode: Example, page LSC-272 Configuring VPLS with BGP Autodiscovery and Signaling: Example, page LSC-273 Configuring Dynamic ARP Inspection: Example, page LSC-277 Configuring IP Source Guard: Example, page LSC-279
Virtual Private LAN Services Configuration for Provider Edge-to-Provider Edge: Example
These configuration examples show how to create a Layer 2 VFI with a full-mesh of participating VPLS provider edge (PE) nodes. This configuration example shows how to configure PE 1:
configure l2vpn bridge group 1 bridge-domain PE1-VPLS-A GigabitEthernet0/0/0/1 vfi 1 neighbor 10.2.2.2 pw-id 1 neighbor 10.3.3.3 pw-id 1 ! ! interface loopback 0 ipv4 address 10.1.1.1 255.255.255.25
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-261
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Virtual Private LAN Services Configuration for Provider Edge-to-Customer Edge: Example
This configuration shows how to configure VPLS for a PE-to-CE nodes:
configure interface GigabitEthernet0/0/0/1 l2transport---AC interface no ipv4 address no ipv4 directed-broadcast negotiation auto no cdp enable
configure interface GigabitEthernet0/0 l2transport no ipv4 address no ipv4 directed-broadcast negotiation auto no cdp enable
configure interface GigabitEthernet0/0 l2transport no ipv4 address no ipv4 directed-broadcast negotiation auto no cdp enable
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-262
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-263
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
According to this example, the Split Horizon group assignments for bridge domain all_three are: Bridge Port/Pseudowire bridge port: gig0/0/0/0.99 bridge port: gig0/0/0/0.101 PW: 192.168.99.1 pw-id 1 PW: 192.168.99.9 pw-id 1 PW: 192.168.99.17 pw-id 1 Split Horizon Group 0 2 0 2 1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-264
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
bridge domain bridge port (attachment circuit (AC)) access pseudowire (PW)
This example shows how to block unknown-unicast flooding at the bridge domain level:
configure l2vpn bridge-group group1 bridge-domain domain1 flooding unknown-unicast disable end
This example shows how to block unknown-unicast flooding at the bridge port level:
configure l2vpn bridge-group group1 bridge-domain domain1 interface GigabitEthernet 0/1/0/1 flooding unknown-unicast disable end
This example shows how to block unknown-unicast flooding at the access pseudowire level:
configure l2vpn bridge-group group1 bridge-domain domain1 neighbor 10.1.1.1 pw-id 1000 flooding unknown-unicast disable end
bridge domain bridge port (attachment circuit (AC)) access pseudowire (PW)
This example shows how to disable the MAC flush at the bridge domain level:
configure l2vpn bridge-group group1 bridge-domain domain1 mac port-down flush disable end
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-265
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
This example shows how to disable the MAC flush at the bridge port level:
configure l2vpn bridge-group group1 bridge-domain domain1 interface GigabitEthernet 0/1/0/1 mac port-down flush disable end
This example shows how to disable the MAC flush at the access pseudowire level:
configure l2vpn bridge-group group1 bridge-domain domain1 neighbor 10.1.1.1 pw-id 1000 mac port-down flush disable end
Create a bridge domain that has four attachment circuits (AC). Each AC is an IOS XR trunk interface (i.e. not a subinterface/EFP).
This example assumes that the running config is empty, and that all the components are created. This example provides all the necessary steps to configure the Cisco ASR 9000 Series Router to perform switching between the interfaces. However, the commands to prepare the interfaces such as no shut, negotiation auto, etc., have been excluded. The bridge domain is in a no shut state, immediately after being created. Only trunk (i.e. main) interfaces are used in this example. The trunk interfaces are capable of handling tagged (i.e. IEEE 802.1Q) or untagged (i.e. no VLAN header) frames. The bridge domain learns, floods, and forwards based on MAC address. This functionality works for frames regardless of tag configuration. The bridge domain entity spans all the line cards of the system. It is not necessary to place all the bridge domain ACs on a single LC. This applies to any bridge domain configuration. The show bundle and the show l2vpn bridge-domain commands are used to verify that the router was configured as expected, and that the commands show the status of the new configurations. The ACs in this example use interfaces that are in the admin down state.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-266
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Configuration Example
RP/0/RSP0/CPU0:router#config RP/0/RSP0/CPU0:router(config)#interface Bundle-ether10 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#interface GigabitEthernet0/2/0/5 RP/0/RSP0/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP0/CPU0:router(config-if)#interface GigabitEthernet0/2/0/6 RP/0/RSP0/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP0/CPU0:router(config-if)#interface GigabitEthernet0/2/0/0 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#interface GigabitEthernet0/2/0/1 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#interface TenGigE0/1/0/2 RP/0/RSP0/CPU0:router(config-if)#l2transport RP/0/RSP0/CPU0:router(config-if-l2)#l2vpn RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group examples RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge-domain test-switch RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface Bundle-ether10 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/2/0/0 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/2/0/1 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface TenGigE0/1/0/2 RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#commit RP/0/RSP0/CPU0:Jul 26 10:48:21.320 EDT: config[65751]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'lab'. Use 'show configuration commit changes 1000000973' to view the changes. RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#end RP/0/RSP0/CPU0:Jul 26 10:48:21.342 EDT: config[65751]: %MGBL-SYS-5-CONFIG_I : Configured from console by lab RP/0/RSP0/CPU0:router#show bundle Bundle-ether10 Bundle-Ether10 Status: Local links <active/standby/configured>: Local bandwidth <effective/available>: MAC address (source): Minimum active links / bandwidth: Maximum active links: Wait while timer: LACP: Flap suppression timer: mLACP: IPv4 BFD: Port -------------------Gi0/2/0/5 Link is down Gi0/2/0/6 Link is down Device --------------Local Local
Down 0 / 0 / 2 0 (0) kbps 0024.f71e.22eb (Chassis pool) 1 / 1 kbps 64 2000 ms Operational Off Not configured Not configured Port ID -------------0x8000, 0x0001 0x8000, 0x0002 B/W, kbps ---------1000000 1000000
RP/0/RSP0/CPU0:router# RP/0/RSP0/CPU0:router#show l2vpn bridge-domain group examples Bridge group: examples, bridge-domain: test-switch, id: 2000, state: up, ShgId: 0, MSTi: 0 Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog Filter MAC addresses: 0 ACs: 4 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up) List of ACs: BE10, state: down, Static MAC addresses: 0 Gi0/2/0/0, state: up, Static MAC addresses: 0 Gi0/2/0/1, state: down, Static MAC addresses: 0
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-267
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Te0/5/0/1, state: down, Static MAC addresses: 0 List of Access PWs: List of VFIs: RP/0/RSP0/CPU0:router#
This table lists the configuration steps (actions) and the corresponding purpose for this example:
Command or Action
Step 1 Step 2 Step 3 Step 4
configure interface Bundle-ether10 l2transport
Purpose Enters global configuration mode. Creates a new bundle trunk interface. Changes Bundle-ether10 from an L3 interface to an L2 interface. Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/5. Establishes GigabitEthernet0/2/0/5 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/6. Establishes GigabitEthernet0/2/0/6 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/0. Change GigabitEthernet0/2/0/0 from an L3 interface to an L2 interface. Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/1. Change GigabitEthernet0/2/0/1 from an L3 interface to an L2 interface. Enters interface configuration mode. Changes configuration mode to act on TenGigE0/1/0/2. Changes TenGigE0/1/0/2 from an L3 interface to an L2 interface. Enters L2VPN configuration mode. Creates the bridge group examples. Creates the bridge domain test-switch, that is a member of bridge group examples. Establishes Bundle-ether10 as an AC of bridge domain test-switch. Exits bridge domain AC configuration submode, allowing next AC to be configured.
interface GigabitEthernet0/2/0/5
Step 5
Step 6
interface GigabitEthernet0/2/0/6
Step 7
Step 8
interface GigabitEthernet0/2/0/0
Step 9 Step 10
l2transport
interface GigabitEthernet0/2/0/1
l2transport
interface TenGigE0/1/0/2
l2transport
interface Bundle-ether10
exit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-268
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Command or Action
Step 19 Step 20 Step 21 Step 22 Step 23 Step 24
interface GigabitEthernet0/2/0/0
Purpose Establishes GigabitEthernet0/2/0/0 as an AC of bridge domain test-switch. Exits bridge domain AC configuration submode, allowing next AC to be configured. Establishes GigabitEthernet0/2/0/1 as an AC of bridge domain test-switch. Exits bridge domain AC configuration submode, allowing next AC to be configured. Establishes interface TenGigE0/1/0/2 as an AC of bridge domain test-switch. Saves configuration changes.
exit
interface GigabitEthernet0/2/0/1
exit
interface TenGigE0/1/0/2
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-269
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
An EFP is a Layer 2 subinterface. It is always created under a trunk interface. The trunk interface must exist before the EFP is created. In an empty configuration, the bundle interface trunk does not exist, but the physical trunk interfaces are automatically configured when a line card is inserted. Therefore, only the bundle trunk is created. In this example the subinterface number and the VLAN IDs are identical, but this is out of convenience, and is not a necessity. They do not need to be the same values. The bridge domain test-efp has three attachment circuits (ACs). All the ACs are EFPs. Only frames with a VLAN ID of 999 enter the EFPs. This ensures that all the traffic in this bridge domain has the same VLAN encapsulation. The ACs in this example use interfaces that are in the admin down state, or interfaces for which no line card has been inserted (unresolved state). Bridge domains that use nonexistent interfaces as ACs are legal, and the commit for such configurations does not fail. In this case, the status of the bridge domain shows unresolved until you configure the missing interface.
Configuration Example
RP/0/RSP1/CPU0:router#configure RP/0/RSP1/CPU0:router(config)#interface Bundle-ether10 RP/0/RSP1/CPU0:router(config-if)#interface Bundle-ether10.999 l2transport RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 RP/0/RSP1/CPU0:router(config-subif)#interface GigabitEthernet0/6/0/5 RP/0/RSP1/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP1/CPU0:router(config-if)#interface GigabitEthernet0/6/0/6 RP/0/RSP1/CPU0:router(config-if)#bundle id 10 mode active RP/0/RSP1/CPU0:router(config-if)#interface GigabitEthernet0/6/0/7.999 l2transport RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 RP/0/RSP1/CPU0:router(config-subif)#interface TenGigE0/1/0/2.999 l2transport RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 RP/0/RSP1/CPU0:router(config-subif)#l2vpn RP/0/RSP1/CPU0:router(config-l2vpn)#bridge group examples RP/0/RSP1/CPU0:router(config-l2vpn-bg)#bridge-domain test-efp RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface Bundle-ether10.999 RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/6/0/7.999 RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#exit RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface TenGigE0/1/0/2.999 RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#commit RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#end RP/0/RSP1/CPU0:router# RP/0/RSP1/CPU0:router#show l2vpn bridge group examples Fri Jul 23 21:56:34.473 UTC Bridge group: examples, bridge-domain: test-efp, id: 0, state: up, ShgId: 0, MSTi: 0 Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog Filter MAC addresses: 0 ACs: 3 (0 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up) List of ACs: BE10.999, state: down, Static MAC addresses: 0
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-270
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Gi0/6/0/7.999, state: unresolved, Static MAC addresses: 0 Te0/1/0/2.999, state: down, Static MAC addresses: 0 List of Access PWs: List of VFIs: RP/0/RSP1/CPU0:router#
This table lists the configuration steps (actions) and the corresponding purpose for this example:
Command or Action
Step 1 Step 2 Step 3 Step 4 Step 5
configure interface Bundle-ether10 interface Bundle-ether10.999 l2transport encapsulation dot1q 999 interface GigabitEthernet0/6/0/5
Purpose Enters global configuration mode. Creates a new bundle trunk interface. Creates an EFP under the new bundle trunk. Assigns VLAN ID of 999 to this EFP. Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/6/0/5. Establishes GigabitEthernet0/6/0/5 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/6/0/6. Establishes GigabitEthernet0/6/0/6 as a member of Bundle-ether10. The mode active keywords specify LACP protocol. Creates an EFP under GigabitEthernet0/6/0/7. Assigns VLAN ID of 999 to this EFP. Creates an EFP under TenGigE0/1/0/2. Assigns VLAN ID of 999 to this EFP. Enters L2VPN configuration mode. Creates the bridge group named examples. Creates the bridge domain named test-efp, that is a member of bridge group examples. Establishes Bundle-ether10.999 as an AC of the bridge domain named test-efp. Exits bridge domain AC configuration submode, allowing next AC to be configured. Establishes GigabitEthernet0/6/0/7.999 as an AC of the bridge domain named test-efp. Exits bridge domain AC configuration submode, allowing next AC to be configured.
Step 6
Step 7
interface GigabitEthernet0/6/0/6
Step 8
Step 9
Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19
encapsulation dot1q 999 interface TenGigE0/1/0/2.999 l2transport encapsulation dot1q 999 l2vpn bridge group examples bridge-domain test-efp
interface Bundle-ether10.999
exit
interface GigabitEthernet0/6/0/7.999
exit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-271
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Command or Action
Step 20 Step 21
interface TenGigE0/1/0/2.999
Purpose Establishes interface TenGigE0/1/0/2.999 as an AC of bridge domain named test-efp. Saves configuration changes.
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-272
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
LDP and BGP Configuration Minimum L2VPN Configuration for BGP Autodiscovery with BGP Signaling VPLS with BGP Autodiscovery and BGP Signaling Minimum Configuration for BGP Autodiscovery with LDP Signaling VPLS with BGP Autodiscovery and LDP Signaling
Configuration at PE1:
interface Loopback0 ipv4 address 1.1.1.100 255.255.255.255 ! interface Loopback1 ipv4 address 1.1.1.10 255.255.255.255 ! mpls ldp router-id 1.1.1.1 interface GigabitEthernt0/1/0/0 ! router bgp 120 address-family l2vpn vpls-vpws ! neighbor 2.2.2.20 remote-as 120 update-source Loopback1 address-family l2vpn vpls-vpws signaling bgp disable
Configuration at PE2:
interface Loopback0 ipv4 address 2.2.2.200 255.255.255.255 ! interface Loopback1 ipv4 address 2.2.2.20 255.255.255.255 ! mpls ldp router-id 2.2.2.2 interface GigabitEthernt0/1/0/0 ! router bgp 120
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-273
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
address-family l2vpn vpls-vpws ! neighbor 1.1.1.10 remote-as 120 update-source Loopback1 address-family l2vpn vpls-vpws
GigabitEthernet0/1/0/1.1 CE1
Configuration at PE1:
l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/1/0/1.1 vfi vf1 ! AD independent VFI attributes vpn-id 100 ! Auto-discovery attributes autodiscovery bgp rd auto route-target 2.2.2.2:100 ! Signaling attributes signaling-protocol bgp ve-id 3
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-274
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Configuration at PE2:
l2vpn bridge group gr1 bridge-domain bd1 interface GigabitEthernet0/1/0/2.1 vfi vf1 ! AD independent VFI attributes vpn-id 100 ! Auto-discovery attributes autodiscovery bgp rd auto route-target 2.2.2.2:100 ! Signaling attributes signaling-protocol bgp ve-id 5
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-275
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
CE1
PE1
Configuration at PE1:
l2vpn router-id 10.10.10.10 bridge group bg1 bridge-domain bd1 vfi vf1 vpn-id 100 autodiscovery bgp rd 1:100 router-target 12:12
Configuration at PE2:
l2vpn router-id 20.20.20.20 bridge group bg1 bridge-domain bd1 vfi vf1 vpn-id 100 autodiscovery bgp rd 2:200 router-target 12:12 signaling-protocol ldp vpls-id 120:100
Configuration at PE1:
LDP Router ID - 1.1.1.1 BGP Router ID - 1.1.1.100 Peer Address - 1.1.1.10 L2VPN Router ID - 10.10.10.10 Route Distinguisher - 1:100
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-276
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
Configuration at PE2:
LDP Router ID - 2.2.2.2 BGP Router ID - 2.2.2.200 Peer Address - 2.2.2.20 L2VPN Router ID - 20.20.20.20 Route Distinguisher - 2:200
This example shows how to configure basic dynamic ARP inspection under a bridge port:
config l2vpn bridge group MyGroup bridge-domain MyDomain interface gigabitEthernet 0/1/0/0.1 dynamic-arp-inspection logging
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-277
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
This example shows how to configure optional dynamic ARP inspection under a bridge domain:
l2vpn bridge group SECURE bridge-domain SECURE-DAI dynamic-arp-inspection logging address-validation src-mac dst-mac ipv4
This example shows how to configure optional dynamic ARP inspection under a bridge port:
l2vpn bridge group SECURE bridge-domain SECURE-DAI interface GigabitEthernet0/0/0/1.10 dynamic-arp-inspection logging address-validation src-mac dst-mac ipv4
This example shows the output of the show l2vpn bridge-domain bd-name SECURE-DAI detail command:
#show l2vpn bridge-domain bd-name SECURE-DAI detail Bridge group: SECURE, bridge-domain: SECURE-DAI, id: 2, state: up, Dynamic ARP Inspection: enabled, Logging: enabled Dynamic ARP Inspection Address Validation: IPv4 verification: enabled Source MAC verification: enabled Destination MAC verification: enabled List of ACs: AC: GigabitEthernet0/0/0/1.10, state is up Dynamic ARP Inspection: enabled, Logging: enabled Dynamic ARP Inspection Address Validation: IPv4 verification: enabled Source MAC verification: enabled Destination MAC verification: enabled IP Source Guard: enabled, Logging: enabled Dynamic ARP inspection drop counters: packets: 1000, bytes: 64000
This example shows the output of the show l2vpn forwarding interface interface-name detail location location-name command:
#show l2vpn forwarding interface g0/0/0/1.10 det location 0/0/CPU0 Local interface: GigabitEthernet0/0/0/1.10, Xconnect id: 0x40001, Status: up Dynamic ARP Inspection: enabled, Logging: enabled Dynamic ARP Inspection Address Validation: IPv4 verification: enabled Source MAC verification: enabled Destination MAC verification: enabled IP Source Guard: enabled, Logging: enabled
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-278
OL-23107-02
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
This example shows how to configure basic IP source guard under a bridge port:
config l2vpn bridge group MyGroup bridge-domain MyDomain interface gigabitEthernet 0/1/0/0.1 ip-source-guard logging
This example shows how to configure optional IP source guard under a bridge domain:
l2vpn bridge group SECURE bridge-domain SECURE-IPSG ip-source-guard logging
This example shows how to configure optional IP source guard under a bridge port:
l2vpn bridge group SECURE bridge-domain SECURE-IPSG interface GigabitEthernet0/0/0/1.10 ip-source-guard logging
This example shows the output of the show l2vpn bridge-domain bd-name ipsg-name detail command:
# show l2vpn bridge-domain bd-name SECURE-IPSG detail Bridge group: SECURE, bridge-domain: SECURE-IPSG, id: 2, state: up, IP Source Guard: enabled, Logging: enabled List of ACs: AC: GigabitEthernet0/0/0/1.10, state is up IP Source Guard: enabled, Logging: enabled IP source guard drop counters:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-279
Implementing Multipoint Layer 2 Services Configuration Examples for Multipoint Layer 2 Services
This example shows the output of the show l2vpn forwarding interface interface-name detail location location-name command:
# show l2vpn forwarding interface g0/0/0/1.10 detail location 0/0/CPU0 Local interface: GigabitEthernet0/0/0/1.10, Xconnect id: 0x40001, Status: up IP Source Guard: enabled, Logging: enabled
LC/0/5/CPU0:Jun 16 13:33:25.530 : l2fib[188]: %L2-L2FIB-5-SECURITY_IPSG_VIOLATION_AC : IP source guard in AC Bundle-Ether100.100 detected violated packet - source MAC: 0000.0000.0064, destination MAC: 0000.0040.0000, source IP: 14.5.1.3, destination IP: 45.1.1.10
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-280
OL-23107-02
Additional References
For additional information related to implementing VPLS, refer to these:
Related Documents
Related Topic Cisco IOS XR L2VPN commands Document Title Point to Point Layer 2 Services Commands module in the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference Multipoint Layer 2 Services Commands module in the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide Traffic Storm Control under VPLS Bridges on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Layer 2 Multicast Using IGMP Snooping module in the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide
Standards
Standards1 draft-ietf-l2vpn-vpls-ldp-09 Title Virtual Private LAN Services Using LDP
MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services OL-23107-02
LSC-281
RFCs
RFCs RFC 4447 RFC 4448 RFC 4762 Title Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP), April 2006 Encapsulation Methods for Transport of Ethernet over MPLS Networks, April 2006 Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
LSC-282
OL-23107-02
Release 3.9.1
Contents
Prerequisites for Implementing 802.1ah Provider Backbone Bridge, page 284 Information About Implementing 802.1ah Provider Backbone Bridge, page 284 How to Implement 802.1ah Provider Backbone Bridge, page 289 Configuration Examples for Implementing 802.1ah Provider Backbone Bridge, page 303 Additional References, page 305
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-283
Implementing IEEE 802.1ah Provider Backbone Bridge Prerequisites for Implementing 802.1ah Provider Backbone Bridge
Bridge
This prerequisite applies to implementing 802.1ah Provider Backbone Bridge:
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
You must be familiar with the multipoint bridging concepts. Refer to the Implementing Multipoint Layer 2 Services module.
Bridge
To implement 802.1ah, you must understand these concepts:
Benefits of IEEE 802.1ah standard, page 284 IEEE 802.1ah Standard for Provider Backbone Bridging Overview, page 285 Backbone Edge Bridges, page 287 IB-BEB, page 288
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-284
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge
UNI (.1ad)
CE
PEB
PB
BEB
BCB
BEB
PB
PEB
CE
PB - provider bridge
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-285
281789
Implementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge
BCB Backbone BD
Provider Network Port BEB CE Edge BD Backbone BD Provider Network Port BEB Backbone BD Edge BD CE
PBBN
Ethernet link carrying backbone frames comprising backbone SA and DA, B-VLAN tag, I-tag and customer frame Ethernet link carrying customer frames comprising optional service VLAN tag and original octets of data BEB internal link between edge BD and backbone BD
278091
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-286
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge
The B-BEB contains the B-Component of the MAC-in-MAC bridge. It validates the I-SIDs and maps the frames onto the backbone VLAN (B-VLAN). It also switches traffic based on the B-VLANS within the core bridge. The I-BEB contains the I-Component of the MAC-in-MAC bridge. It performs B-MAC encapsulation and inserts the I-SIDs based on the provider VLAN tags (S-tags), customer VLAN tags (C-tags), or S-tag/C-tag pairs. The IB-BEB contains one or more I-Components and a single B-Component interconnected through a LAN segment.
Note
Only IB-BEBs are supported on Cisco ASR 9000 Series Routers. Cisco IOS XR supports IB-BEB bridge type at the Edge node. Figure 30 shows the PBB bridge component topology on the Cisco ASR 9000 Series Routers.
Figure 30 PBB Bridge Component Topology on Cisco ASR 9000 Series Routers
VIP
EFP-m
Edge BD-n
278090
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-287
Implementing IEEE 802.1ah Provider Backbone Bridge Information About Implementing 802.1ah Provider Backbone Bridge
IB-BEB
The IB-BEB contains both the I-Component and the B-Component. The bridge selects the B-MAC and inserts the I-SID based on the provider VLAN tag (S-tag), the customer VLAN tag (C-tag), or both the S-tag and the C-tag. It validates the I-SIDs and it transmits and receives frames on the B-VLAN. The IEEE 802.1ah on Provider Backbone Bridges feature supports all services mandated by the IEEE 802.1ah standard and extends the services to provides these additional functionalities:
S-Tagged Service:
In multiplexed environments each S-tag maps to an I-SID and may be retained or removed. In bundled environments multiple S-tags map to the same I-SID and the S-tags must be retained.
C-Tagged Service:
In multiplexed environments each C-tag maps to an I-SID and may be retained or removed. In bundled environments multiple C-tags map to the same I-SID and the C-tags must be
retained.
S/C-Tagged Service:
In multiplexed environments each S-tag/C-tag pair maps to an I-SID. The S-tag or the
Port-based Service
A port-based service interface is delivered on a Customer Network Port (CNP). A port-based
service interface may attach to a C-VLAN Bridge, 802.1d bridge, router or end-station. The service provided by this interface forwards all frames without an S-Tag over the backbone on a single backbone service instance. A port-based interface discards all frames with an S-Tag that have non-null VLAN IDs. This example shows how to configure a port-based service:
interface GigabitEthernet0/0/0/10.100 l2transport encapsulation untagged
Note
To configure a port-based service, all the above EFPs must be added to the same edge bridge domain.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-288
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Restrictions for Implementing 802.1ah Provider Backbone Bridge, page 289 Configuring Ethernet Flow Points on CNP and PNP Ports, page 289 Configuring PBB Edge Bridge Domain and Service Instance ID, page 291 Configuring the PBB Core Bridge Domain, page 293 Configuring Backbone VLAN Tag under the PBB Core Bridge Domain, page 294 Configuring Backbone Source MAC Address, page 296 (optional) Configuring Unknown Unicast Backbone MAC under PBB Edge Bridge Domain, page 299 (optional) Configuring Static MAC addresses under PBB Edge Bridge Domain, page 301 (optional)
Cross-connect based point to point services over MAC-in-MAC One Edge bridge to multiple Core bridge mapping I type backbone edge bridge (I-BEB) and B type backbone edge bridge (B-BEB) IEEE 802.1ah over VPLS Multiple source B-MAC addresses per chassis Direct encapsulation of 802.1ah formatted packets natively over an MPLS LSP encapsulation
SUMMARY STEPS
1. 2. 3.
configure interface type interface-path-id.subinterface l2transport encapsulation dot1q vlan-id or encapsulation dot1ad vlan-id or encapsulation dot1ad vlan-id dot1q vlan-id end or commit
4.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-289
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/0/0/10.100 l2transport
Step 3
encapsulation dot1q vlan-id or encapsulation dot1ad vlan-id or encapsulation dot1ad vlan-id dot1q vlan-id
Example:
RP/0/RSP0/CPU0:router(config-subif)# interface GigabitEthernet0/0/0/10.100 l2transport
Step 4
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-subif)# end
or
RP/0/RSP0/CPU0:router(config-subif)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-290
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Note
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group group-name bridge-domain domain-name interface type interface-path-id.subinterface pbb edge i-sid service-id core-bridge core-bridge-name end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb
Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain, if it already exists.
Step 4
bridge-domain domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge- domain pbb-edge
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-291
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Command or Action
Step 5
interface type interface-path-id.subinterface
Purpose Assigns the matching VLAN ID and Ethertype to the interface. This EFP is considered as the CNP for the Edge bridge.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20
Step 6
Configures the bridge domain as PBB edge with the service identifier and the assigned core bridge domain, and enters the PBB edge configuration submode. This command also creates the Virtual instance port (VIP) that associates the PBB Edge bridge domain to the specified Core bridge domain. All the interfaces (bridge ports) under this bridge domain are treated as the customer network ports (CNP).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb edge i-sid 1000 core-bridge pbb-core
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- edge)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- edge)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-292
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.
configure l2vpn bridge group group-name bridge-domain domain-name interface type interface-path-id.subinterface pbb core end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb
Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group, if it already exists. A bridge group organizes bridge domains. Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists.
Step 4
bridge-domain domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge- domain pbb-core
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-293
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Command or Action
Step 6
pbb core
Purpose Configures the bridge domain as PBB core and enters the PBB core configuration submode. This command also creates an internal port known as Customer bridge port (CBP). All the interfaces (bridge ports) under this bridge domain are treated as the provider network ports (PNP). Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb core
Step 7
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- core)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- core)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Configuring Backbone VLAN Tag under the PBB Core Bridge Domain
Perform this task to configure the backbone VLAN tag under the PBB core bridge domain.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group group-name bridge-domain domain-name interface type interface-path-id.subinterface interface type interface-path-id.subinterface pbb core rewrite ingress tag push dot1ad vlan-id symmetric end or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-294
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb
Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists.
Step 4
bridge-domain domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge- domain pbb-core
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20
Step 6
Adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. The interface now becomes Example: an attachment circuit on this bridge domain. RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#in
interface type interface-path-id.subinterface terface GigabitEthernet0/5/0/1.15 pbb core
Step 7
Configures the bridge domain as PBB core and enters the PBB core configuration submode. This command also creates an internal port known as Customer bridge port (CBP). All the interfaces (bridge ports) under this bridge domain are treated as the provider network ports (PNP).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb core
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-295
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Command or Action
Step 8
rewrite ingress tag push dot1ad vlan-id symmetric
Purpose Configures the backbone VLAN tag in the Mac-in-MAC frame and also, sets the tag rewriting policy.
Note
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- core)# end
All PNPs in a Core bridge domain use the same backbone VLAN.
Step 9
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- core)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- core)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Note
The backbone source MAC address configuration is optional. If you do not configure the backbone source MAC address, the Cisco ASR 9000 Series Routers allocate a default backbone source MAC address from the chassis backplane MAC pool.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-296
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
SUMMARY STEPS
1. 2. 3. 4. 5.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
pbb
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pbb
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-297
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Command or Action
Step 4
backbone-source-address mac-address
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pbb)# backbone-source-address 0045.1200.04
Step 5
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pbb)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-pbb)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-298
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Configuring Unknown Unicast Backbone MAC under PBB Edge Bridge Domain
Perform this task to configure the unknown unicast backbone MAC under the PBB edge bridge domain.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8.
configure l2vpn bridge group group-name bridge-domain domain-name interface type interface-path-id.subinterface pbb edge i-sid service-id core-bridge core-bridge-name unknown-unicast-bmac mac-address end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb
Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists.
Step 4
bridge-domain domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge- domain pbb-edge
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-299
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Command or Action
Step 6
pbb edge i-sid service-id core-bridge core-bridge-name
Purpose Configures the bridge domain as PBB edge with the service identifier and the assigned core bridge domain and enters the PBB edge configuration submode. This command also creates the Virtual instance port (VIP) that associates the PBB Edge bridge domain to the specified Core bridge domain. All the interfaces (bridge ports) under this bridge domain are treated as the customer network ports (CNP).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb edge i-sid 1000 core-bridge pbb-core
Step 7
unknown-unicast-bmac mac-address
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb-ed ge)# unknown-unicast-bmac 1.1.1
On Trident line cards, once you configure the unknown unicast BMAC, the BMAC is used to forward customer traffic with multicast, broadcast and unknown unicast destination MAC address. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 8
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- edge)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- edge)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-300
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure l2vpn bridge group group-name bridge-domain domain-name interface type interface-path-id.subinterface interface type interface-path-id.subinterface pbb edge i-sid service-id core-bridge core-bridge-name static-mac-address cda-mac-address bmac bda-mac-address end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
l2vpn
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group pbb
Enters configuration mode for the named bridge group. This command creates a new bridge group or modifies the existing bridge group if it already exists. A bridge group organizes bridge domains. Enters configuration mode for the named bridge domain. This command creates a new bridge domain or modifies the existing bridge domain if it already exists.
Step 4
bridge-domain domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge- domain pbb-edge
Step 5
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#inter face GigabitEthernet0/5/0/0.20
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-301
Implementing IEEE 802.1ah Provider Backbone Bridge How to Implement 802.1ah Provider Backbone Bridge
Command or Action
Step 6
interface type interface-path-id.subinterface
Purpose
Adds an interface to a bridge domain that allows packets to be forwarded and received from other interfaces that are part of the same bridge domain. The interface now becomes Example: an attachment circuit on this bridge domain. RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#in
terface GigabitEthernet0/5/0/1.15 pbb edge i-sid service-id core-bridge core-bridge-name
Step 7
Configures the bridge domain as PBB edge with the service identifier and the assigned core bridge domain and enters the PBB edge configuration submode. This command also creates the Virtual instance port (VIP) that associates the PBB Edge bridge domain to the specified Core bridge domain. All the interfaces (bridge ports) under this bridge domain are treated as the customer network ports (CNP).
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# pbb edge i-sid 1000 core-bridge pbb-core
Step 8
Configures the static CMAC to BMAC mapping under the PBB Edge submode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb-ed ge)#static-mac-address 0033.3333.3333 bmac 0044.4444.4444
Step 9
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- edge)# end
or
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pbb- edge)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-302
OL-23107-02
Implementing IEEE 802.1ah Provider Backbone Bridge Configuration Examples for Implementing 802.1ah Provider Backbone Bridge
Backbone Bridge
This section provides these configuration examples:
Configuring Ethernet Flow Points: Example, page 303 Configuring PBB Edge Bridge Domain and Service Instance ID: Example, page 303 Configuring PBB Core Bridge Domain: Example, page 304 Configuring Backbone VLAN Tag: Example, page 304 Configuring Backbone Source MAC Address: Example, page 304 Configuring Static Mapping and Unknown Unicast MAC Address under the PBB Edge Bridge Domain, page 305
Configuring PBB Edge Bridge Domain and Service Instance ID: Example
This example shows how to configure the PBB edge bridge domain:
config l2vpn bridge group PBB bridge-domain PBB-EDGE interface GigabitEthernet0/0/0/38.100 ! interface GigabitEthernet0/2/0/30.150 ! pbb edge i-sid 1000 core-bridge PBB-CORE ! ! !
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-303
Implementing IEEE 802.1ah Provider Backbone Bridge Configuration Examples for Implementing 802.1ah Provider Backbone Bridge
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-304
OL-23107-02
Configuring Static Mapping and Unknown Unicast MAC Address under the PBB Edge Bridge Domain
This example shows how to configure static mapping and unknown unicast MAC address under the PBB edge bridge domain:
config l2vpn bridge group PBB bridge-domain PBB-EDGE interface GigabitEthernet0/0/0/38.100 ! interface GigabitEthernet0/2/0/30.150 ! pbb edge i-sid 1000 core-bridge PBB-CORE static-mac-address 0033.3333.3333 bmac 0044.4444.4444 unknown-unicast-bmac 0123.8888.8888 ! ! !
Additional References
These sections provide references related to implementing 802.1ah on Cisco ASR 9000 Series Routers.
Related Documents
Related Topic 802.1ah commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Document Title Provider Backbone Bridge Commands module in Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-305
MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. Title
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-306
OL-23107-02
This feature was introduced on Cisco ASR 9000 Series Routers. Support for MSTP over Bundles feature was added. Support for PVST+ and PVSTAG features was added.
Contents
Prerequisites for Implementing Multiple Spanning Tree Protocol, page 308 Information About Implementing Multiple Spanning Tree Protocol, page 308 How to Implement Multiple Spanning Tree Protocol, page 320 Configuration Examples for Implementing MSTP, page 343 Additional References, page 352
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-307
Implementing Multiple Spanning Tree Protocol Prerequisites for Implementing Multiple Spanning Tree Protocol
Protocol
This prerequisite applies to implementing MSTP: You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Protocol
To implement Ethernet services access lists, you must understand these concepts:
Spanning Tree Protocol Overview Multiple Spanning Tree Protocol Overview MSTP Supported Features Restrictions for configuring MSTP Access Gateway Multiple VLAN Registration Protocol
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-308
OL-23107-02
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Topology Changes
Network devices in a switched LAN perform MAC learning; that is, they use received data traffic to associate unicast MAC addresses with the interface out of which frames destined for that MAC address should be sent. If STP is used, then a recalculation of the spanning tree (for example, following a failure in the network) can invalidate this learned information. The protocol therefore includes a mechanism to notify topology changes around the network, so that the stale information can be removed (flushed) and new information can be learned based on the new topology. A Topology Change notification is sent whenever STP moves a port from the blocking state to the forwarding state. When it is received, the receiving device flushes the MAC learning entries for all ports that are not blocked other than the one where the notification was received, and also sends its own topology change notification out of those ports. In this way, it is guaranteed that stale information is removed from all the devices in the network.
Variants of STP
There are many variants of the Spanning Tree Protocol:
Legacy STP (STP)The original STP protocol was defined in IEEE 802.1D-1998. This creates a single spanning tree which is used for all VLANs and most of the convergence is timer-based. Rapid STP (RSTP)This is an enhancement defined in IEEE 802.1D-2004 to provide more event-based, and hence faster, convergence. However, it still creates a single spanning tree for all VLANs.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-309
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Multiple STP (MSTP)A further enhancement was defined in IEEE 802.1Q-2005. This allows multiple spanning trees to be created over the same physical topology. By assigning different VLANs to the different spanning trees, data traffic can be load-balanced over different physical links. The number of different spanning trees that can be created is restricted to a much smaller number than the number of possible VLANs; however, multiple VLANs can be assigned to the same spanning tree. The BPDUs used to exchange MSTP information are always sent untagged; the VLAN and spanning tree instance data is encoded inside the BPDU. Per-Vlan STP (PVST)This is an alternative mechanism for creating multiple spanning trees; it was developed by Cisco before the standardization of MSTP. Using PVST, a separate spanning tree is created for each VLAN. There are two variants: PVST+ (based on legacy STP), and PVRST (based on RSTP). At a packet level, the separation of the spanning trees is achieved by sending standard STP or RSTP BPDUs, tagged with the appropriate VLAN tag. REP (Cisco-proprietary ring-redundancy protocol) This is a Cisco-proprietary protocol for providing resiliency in rings. It is included for completeness, as it provides MSTP compatibility mode, using which, it interoperates with an MSTP peer.
MSTP Regions
Along with supporting multiple spanning trees, MSTP also introduces the concept of regions. A region is a group of devices under the same administrative control and have similar configuration. In particular, the configuration for the region name, revision, and the mapping of VLANs to spanning tree instances must be identical on all the network devices in the region. A digest of this information is included in the BPDUs sent by each device, so as to allow other devices to verify whether they are in the same region. Figure 31 shows the operation of MST regions when bridges running MSTP are connected to bridges running legacy STP or RSTP. In this example, switches SW1, SW2, SW3, SW4 support MSTP, while switches SW5 and SW6 do not.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-310
OL-23107-02
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Figure 31
SW2
SW4
247171
To handle this situation, an Internal Spanning Tree (IST) is used. This is always spanning tree instance 0 (zero). When communicating with non-MSTP-aware devices, the entire MSTP region is represented as a single switch. The logical IST topology in this case is shown in Figure 32.
Figure 32 Logical Topology in MST Region Interacting with Non-MST Bridges
The same mechanism is used when communicating with MSTP devices in a different region. For example, SW5 in Figure 32 could represent a number of MSTP devices, all in a different region compared to SW1, SW2, SW3 and SW4.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-311
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Note
Port Fast is implemented as a Cisco-proprietary extension in Cisco implementations of legacy STP. However, it is encompassed in the standards for RSTP and MSTP, where it is known as Edge Port.
Note
The administrator can set the root bridge priority to 0 in an effort to secure the root bridge position; however, this is no guarantee against another bridge which also has a priority of 0 and has a lower bridge ID. The root guard feature provides a mechanism that allows the administrator to enforce the location of the root bridge. When root guard is configured on an interface, it prevents that interface from becoming a root port (that is, a port via which the root can be reached). If superior information is received via BPDUs on the interface that would normally cause it to become a root port, it instead becomes a backup or alternate port. In this case, it is placed in the blocking state and no data traffic is forwarded. The root bridge itself has no root ports. Thus, by configuring root guard on every interface on a device, the administrator forces the device to become the root, and interfaces receiving conflicting information are blocked.
Note
Root Guard is implemented as a Cisco-proprietary extension in Cisco implementations of legacy STP and RSTP. However, it is encompassed in the standard for MSTP, where it is known as Restricted Role.
Note
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-312
OL-23107-02
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
BPDU GuardThis Cisco feature protects against misconfiguration of edge ports. Flush ContainmentThis Cisco feature helps prevent unnecessary MAC flushes that would otherwise occur following a topology change. Bringup DelayThis Cisco feature prevents an interface from being added to the active topology before it is ready to forward traffic.
Note
Interoperation with RSTP is supported, as described in the 802.1Q standard; however, interoperation with legacy STP is not supported.
BPDU Guard
BPDU Guard is a Cisco feature that protects against misconfiguration of edge ports. It is an enhancement to the MSTP port fast feature. When port fast is configured on an interface, MSTP considers that interface to be an edge port and removes it from consideration when calculating the spanning tree. When BPDU Guard is configured, MSTP additionally shuts down the interface using error-disable if an MSTP BPDU is received.
Flush Containment
Flush containment is a Cisco feature that helps prevent unnecessary MAC flushes due to unrelated topology changes in other areas of a network. This is best illustrated by example. Figure 33 shows a network containing four devices. Two VLANs are in use: VLAN 1 is only used on device D, while VLAN 2 spans devices A, B and C. The two VLANs are in the same spanning tree instance, but do not share any links.
Figure 33 Flush Containment
D
VLAN 1 VLAN 2
C B
254825
If the link AB goes down, then in normal operation, as C brings up its blocked port, it sends out a topology change notification on all other interfaces, including towards D. This causes a MAC flush to occur for VLAN 1, even though the topology change which has taken place only affects VLAN 2.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-313
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Flush containment helps deal with this problem by preventing topology change notifications from being sent on interfaces on which no VLANs are configured for the MSTI in question. In the example network this would mean no topology change notifications would be sent from C to D, and the MAC flushes which take place would be confined to the right hand side of the network.
Note
Flush containment is enabled by default, but can be disabled by configuration, thus restoring the behavior described in the IEEE 802.1Q standard.
Bringup Delay
Bringup delay is a Cisco feature that stops MSTP from considering an interface when calculating the spanning tree, if the interface is not yet ready to forward traffic. This is useful when a line card first boots up, as the system may declare that the interfaces on that card are Up before the dataplane is fully ready to forward traffic. According to the standard, MSTP considers the interfaces as soon as they are declared Up, and this may cause it to move other interfaces into the blocking state if the new interfaces are selected instead. Bringup delay solves this problem by adding a configurable delay period which occurs as interfaces that are configured with MSTP first come into existence. Until this delay period ends, the interfaces remain in blocking state, and are not considered when calculating the spanning tree. Bringup delay only takes place when interfaces which are already configured with MSTP are created, for example, on a card reload. No delay takes place if an interface which already exists is later configured with MSTP.
MSTP must only be enabled on interfaces where the interface itself (if it is in L2 mode) or all of the subinterfaces have a simple encapsulation configured. These encapsulation matching criteria are considered simple:
Single-tagged 802.1Q frames Double-tagged Q-in-Q frames (only the outermost tag is examined) 802.1ad frames (if MSTP is operating in Provider Bridge mode) Ranges or lists of tags (any of the above)
Note
Subinterfaces with a default or untagged encapsulation are not supported. If an L2 interface or subinterface is configured with an encapsulation that matches multiple VLANs, then all of those VLANs must be mapped to the same spanning tree instance. There is therefore a single spanning tree instance associated with each L2 interface or subinterface. All the interfaces or subinterfaces in a given bridge domain must be associated with the same spanning tree instance. Multiple subinterfaces on the same interface must not be associated with the same spanning tree instance, unless those subinterfaces are in the same split horizon group. In other words, hair-pinning is not possible.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-314
OL-23107-02
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Across the network, L2 interfaces or subinterfaces must be configured on all redundant paths for all the VLANs mapped to each spanning tree instance. This is to avoid inadvertent loss of connectivity due to STP blocking of a port.
Caution
A subinterface with a default or untagged encapsulation will lead to an MSTP state machine failure.
Access Gateway
One common deployment scenario for Cisco ASR 9000 Series Routers is as an nPE gateway device situated between a network of uPE access devices and a core or aggregation network. Each gateway device may provide connectivity for many access networks, as shown in Figure 34. The access networks (typically rings) have redundant links to the core or aggregation network, and therefore must use some variant of STP or a similar protocol to ensure the network remains loopfree.
Figure 34 Core or Aggregation Network
Core/Aggregation Network
Gateway device
Gateway device
Access networks
It is possible for the gateway devices to also participate in the STP protocol. However, since each gateway device may be connected to many access networks, this would result in one of two solutions:
A single topology is maintained covering all of the access networks. This is undesirable as it means topology changes in one access network could impact all the other access networks. The gateway devices runs multiple instances of the STP protocol, one for each access network. This means a separate protocol database and separate protocol state machines are maintained for each access network, which is undesirable due to the memory and CPU resource that would be required on the gateway device.
It can be seen that both of these options have significant disadvantages. Another alternative is for the gateway devices to tunnel protocol BPDUs between the legs of each access network, but not to participate in the protocol themselves. While this results in correct loopfree topologies, it also has significant downsides:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
254826
LSC-315
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Since there is no direct connection between the legs of the access ring, a failure in one of the leg links is not immediately detected by the access device connected to the other leg. Therefore, recovery from the failure must wait for protocol timeouts, which leads to a traffic loss of at least six seconds. As the gateway devices do not participate in the protocol, they are not aware of any topology changes in the access network. The aggregation network may therefore direct traffic destined for the access network over the wrong leg, following a topology change. This can lead to traffic loss on the order of the MAC learning timeout (5 minutes by default).
Access gateway is a Cisco feature intended to address this deployment scenario, without incurring the disadvantages of the solutions described above.
Both gateway devices provide connectivity to the core or aggregation network at all times. Generally, resiliency mechanisms used within the core or aggregation network are sufficient to ensure this is the case. In many deployments, VPLS is used in the core or aggregation network to provide this resiliency. The desired root of all of the spanning trees for each access network is one of the gateway devices. This will be the case if (as is typical) the majority of the traffic is between an access device and the core or aggregation network, and there is little if any traffic between the access devices.
With these assumptions, an STP topology can be envisaged where for every spanning tree, there is a virtual root bridge behind (that is, on the core side of) the gateway devices, and both gateway devices have a zero cost path to the virtual root bridge. In this case, the ports that connect the gateway devices to the access network would never be blocked by the spanning tree protocol, but would always be in the forwarding state. This is illustrated inFigure 35.
Figure 35 Access Networks
0-cost link
0-cost link
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-316
254827
Access networks
OL-23107-02
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
With this topology, it can be observed that the BPDUs sent by the gateway devices are constant: since the root bridge never changes (as we assume the aggregation or core network always provides connectivity) and the ports are always forwarding, the information sent in the BPDUs never changes. Access gateway makes use of this by removing the need to run the full STP protocol and associated state machines on the gateway devices, and instead just sends statically configured BPDUs towards the access network. The BPDUs are configured so as to mimic the behavior above, so that they contain the same information that would be sent if the full protocol was running. To the access devices, it appears that the gateway devices are fully participating in the protocol; however, since in fact the gateway devices are just sending static BPDUs, very little memory or CPU resource is needed on the gateway devices, and many access networks can be supported simultaneously. For the most part, the gateway devices can ignore any BPDUs received from the access network; however, one exception is when the access network signals a topology change. The gateway devices can act on this appropriately, for example by triggering an LDP MAC withdrawal in the case where the core or aggregation network uses VPLS. In many cases, it is not necessary to have direct connectivity between the gateway devices; since the gateway devices statically send configured BPDUs over the access links, they can each be configured independently (so long as the configuration on each is consistent). This also means that different access networks can use different pairs of gateway devices, as shown in Figure 36.
Figure 36 Access Networks
Access networks
Note
Although Figure 36 shows access rings, in general there are no restrictions on the access network topology or the number or location of links to the gateway devices. Access gateway ensures loop-free connectivity in the event of these failure cases:
Failure of a link in the access network. Failure of a link between the access network and the gateway device. Failure of an access device. Failure of a gateway device.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
254828
LSC-317
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
The access network contains three or more access devices. If there are fewer than three devices, then any possible failure must be detected by all the devices. The access devices send traffic to each other, and not just to or from the core or aggregation network. If all the traffic is to or from the core or aggregation network, then all the access devices must either already be sending traffic in the right direction, or will learn about the topology change from the access device that originates it.
Preempt Delay
One of the assumptions underpinning access gateway is that the gateway devices are always available to provide connectivity to the core or aggregation network. However, there is one situation where this assumption may not hold, which is at bringup time. At bringup, it may be the case that the access facing interface is available before all of the necessary signaling and convergence has completed that means traffic can successfully be forwarded into the core or aggregation network. Since access gateway starts sending BPDUs as soon as the interface comes up, this could result in the access devices sending traffic to the gateway device before it is ready to receive it. To avoid this problem, the preempt delay feature is used. The preempt delay feature causes access gateway to send out inferior BPDUs for some period of time after the interface comes up, before reverting to the normal values. These inferior BPDUs can be configured such that the access network directs all traffic to the other gateway device, unless the other gateway device is also down. If the other gateway device is unavailable, it is desirable for the traffic to be sent to this device, even if it is only partially available, rather than being dropped completely. For this reason, inferior BPDUs are sent during the preempt delay time, rather than sending no BPDUs at all.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-318
OL-23107-02
Implementing Multiple Spanning Tree Protocol Information About Implementing Multiple Spanning Tree Protocol
Access Gateway Variant MST Access Gateway (MSTAG) REP Access gateway (REPAG)1 PVST+ Access Gateway (PVSTAG)2 PVRST Access Gateway (PVRSTAG)3
1. REP Access Gateway is supported when the access device interfaces that connect to the gateway devices are configured with REP MSTP Compatibility mode. 2. Topology Change Propagation is not supported for PVSTAG. 3. Topology Change Propagation is not supported for PVRSTAG.
Restrictions
Static modeIn this mode, the device initiates MVRP messages declaring interest in a statically configured set of VLANs. Note that the protocol is still dynamic with respect to the MSTP topology; it is the set of VLANs that is static. Dynamic modeIn this mode, the device processes MVRP messages received on different ports, and aggregates them dynamically to determine the set of VLANs it is interested in. It sends MVRP messages declaring interest in this set. In dynamic mode, the device also uses the received MVRP messages to prune the traffic sent out of each port so that traffic is only sent for the VLANs that the attached device has indicated it is interested in.
Cisco ASR 9000 Series Routers support operating in static mode. This is known as MVRP-lite.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-319
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Configuring MSTP Configuring MSTAG or REPAG Configuring PVSTAG or PVRSTAG Configuring MVRP-lite
Configuring MSTP
This section describes the procedure for configuring MSTP:
Note
This section does not describe how to configure data switching. Refer to the Implementing Multipoint Layer 2 Services module for more information.
Enabling MSTP
By default, STP is disabled on all interfaces. MSTP should be explicitly enabled by configuration on each physical or Ethernet Bundle interface. When MSTP is configured on an interface, all the subinterfaces of that interface are automatically MSTP-enabled.
Region Name and Revision Bringup Delay Forward Delay Max Age or Hops Transmit Hold Count Provider Bridge mode Flush Containment VLAN IDs (per spanning-tree instance) Bridge Priority (per spanning-tree instance) External port path cost Hello Time Link Type
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-320
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Port Fast and BPDU Guard Root Guard and Topology Change Guard Port priority (per spanning-tree instance) Internal port path cost (per spanning-tree instance)
Per-interface configuration takes place in an interface submode within the MST configuration submode.
Note
The configuration steps listed in the following sections show all of the configurable parameters. However, in general, most of these can be retained with the default value.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-321
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure spanning-tree mst protocol instance identifier bringup delay for interval {minutes | seconds} flush containment disable name name revision revision-number forward-delay seconds maximum {age seconds | hops hops} transmit hold-count count
10. provider-bridge 11. instance id 12. priority priority 13. vlan-id vlan-range [,vlan-range][,vlan-range][,vlan-range] 14. interface {Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet} instance 15. instance id port-priority priority 16. instance id cost cost 17. external-cost cost 18. link-type {point-to-point | multipoint} 19. hello-time seconds 20. portfast [bpdu-guard] 21. guard root 22. guard topology-change 23. end
or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-322
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# config Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)#
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# spanning-tree mst a RP/0/RSP0/CPU0:router(config-mstp)#
Step 3
bringup delay for interval {minutes | seconds} Example: RP/0/RSP0/CPU0:router(config-mstp)# bringup delay for 10 minutes
Step 4
Disable flush containment. This command performs MAC flush on all instances regardless of the their state. Sets the name of the MSTP region. The default value is the MAC address of the switch, formatted as a text string by means of the hexadecimal representation specified in IEEE Std 802. Sets the revision level of the MSTP region. Allowed values are from 0 through 65535.
Step 5
name name
Example:
RP/0/RSP0/CPU0:router(config-mstp)# name m1
Step 6
revision revision-number
Example:
RP/0/RSP0/CPU0:router(config-mstp)# revision 10
Step 7
forward-delay seconds
Sets the forward-delay parameter for the bridge. Allowed values for bridge forward-delay time in seconds are from 4 through 30.
Example:
RP/0/RSP0/CPU0:router(config-mstp)# forward-delay 20
Step 8
Sets the maximum age and maximum hops performance parameters for the bridge. Allowed values for maximum age time for the bridge in seconds are from 6 through 40. Allowed values for maximum number of hops for the bridge in seconds are from 6 through 40.
Example:
RP/0/RSP0/CPU0:router(config-mstp)# max age 40 RP/0/RSP0/CPU0:router(config-mstp)# max hops 30
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-323
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 9
transmit hold-count count
Purpose Sets the transmit hold count performance parameter. Allowed values are from 1 through 10.
Example:
RP/0/RSP0/CPU0:router(config-mstp)# transmit hold-count 8
Step 10
provider-bridge
Example:
RP/0/RSP0/CPU0:router(config-mstp)# provider-bridge
Step 11
instance id
Enters the MSTI configuration submode. Allowed values for the MSTI ID are from 0 through 4094.
Example:
RP/0/RSP0/CPU0:router(config-mstp)# instance 101 RP/0/RSP0/CPU0:router(config-mstp-inst)#
Step 12
priority priority
Sets the bridge priority for the current MSTI. Allowed values are from 0 through 61440 in multiples of 4096.
Example:
RP/0/RSP0/CPU0:router(config-mstp-inst)# priority 8192
Step 13
Associates a set of VLAN IDs with the current MSTI. List of VLAN ranges in the form a-b, c, d, e-f, g, and so on. Repeat steps 11 to 13 for each MSTI.
Example:
RP/0/RSP0/CPU0:router(config-mstp-inst)# vlan-id 2-1005
Note
Step 14
Enters the MSTP interface configuration submode, and enables STP for the specified port. Forward interface in Rack/Slot/Instance/Port format.
Example:
RP/0/RSP0/CPU0:router(config-mstp)# interface FastEthernet 0/0/0/1 RP/0/RSP0/CPU0:router(config-mstp-if)#
Step 15
Sets the port priority performance parameter for the MSTI. Allowed values for the MSTI ID are from 0 through 4094. Allowed values for port priority are from 0 through 240 in multiples of 16. Sets the internal path cost for a given instance on the current port. Allowed values for the MSTI ID are from 0 through 4094. Allowed values for port cost are from 1 through 200000000.
Note
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# instance 101 port-priority 160
Step 16
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# instance 101 cost 10000
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-324
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 17
external-cost cost
Purpose Sets the external path cost on the current port. Allowed values for port cost are from 1 through 200000000.
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# external-cost 10000
Step 18
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# link-type point-to-point
Step 19
hello-time seconds
Sets the port hello time in seconds. Allowed values are 1 and 2.
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# hello-time 1
Step 20
portfast [bpdu-guard]
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# portfast RP/0/RSP0/CPU0:router(config-mstp-if)# portfast bpduguard
Step 21
guard root
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# guard root
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-325
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 22
guard topology-change
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# guard topology-change
Step 23
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-mstp-if)# end
or
RP/0/RSP0/CPU0:router(config-mstp-if)# commit
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Verifying MSTP
These show commands allow you to verify the operation of MSTP:
show spanning-tree mst mst-name show spanning-tree mst mst-name interface interface-name show spanning-tree mst mst-name errors show spanning-tree mst mst-name configuration show spanning-tree mst mst-name bpdu interface interface-name show spanning-tree mst mst-name topology-change flushes
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-326
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Configuring an untagged subinterface Enabling MSTAG Configuring MSTAG parameters Configuring MSTAG Topology Change Propagation Verifying MSTAG
Note
The procedures for configuring REPAG are identical. This section does not describe how to configure data switching. Refer to the Implementing Multipoint Layer 2 Services module for more information.
Enabling MSTAG
MSTAG is enabled on a physical or Bundle Ethernet interface by explicitly configuring it on the corresponding untagged subinterface. When MSTAG is configured on the untagged subinterface, it is automatically enabled on the physical or Bundle Ethernet interface and on all other subinterfaces on that physical or Bundle Ethernet subinterface.
Region Name and Revision Bridge ID Port ID External port path cost Max Age Provide Bridge mode Hello Time
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-327
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
The following MSTAG parameters are configurable for each interface, for each spanning tree instance:
VLAN IDs Root Bridge Priority and ID Bridge Priority Port Priority Internal Port Path Cost
To ensure consistent operation across the access network, these guidelines should be used when configuring:
Both gateway devices should be configured with a Root Bridge Priority and ID (for each spanning tree instance) that is better (lower) than the Bridge Priority and Bridge ID of any device in the access network. It is recommended to set the Root Bridge Priority and ID to 0 on the gateway devices.
Note
To avoid an STP dispute being detected by the access devices, the same root priority and ID should be configured on both gateway devices.
Both gateway devices should be configured with a Port Path Cost of 0. For each spanning tree instance, one gateway device should be configured with the bridge priority and ID that is higher than the root bridge priority and ID, but lower than the bridge priority and ID of any other device in the network (including the other gateway device). It is recommended to set the bridge priority to 0. For each spanning tree instance, the second gateway device should be configured with a bridge priority and ID that is higher than the root bridge priority and ID and the first gateway device bridge priority and ID, but lower than the bridge priority and ID of any device in the access network. It is recommended to set the bridge priority to 4096 (this is the lowest allowable value greater than 0). All of the access devices should be configured with a higher bridge priority than the gateway devices. It is recommended to use values of 8192 or higher. For each spanning tree instance, the port path cost and other parameters may be configured on the access devices so as to ensure the desired port is put into the blocked state when all links are up.
Caution
There are no checks on MSTAG configurationmisconfiguration may result in incorrect operation of the MSTP protocol in the access devices (for example, an STP dispute being detected). The guidelines above are illustrated in Figure 37.
Note
These guidelines do not apply to REPAG, as in that case the access devices ignore the information received from the gateway devices apart from when a topology change is signalled.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-328
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Figure 37
MSTAG Guidelines
Note
The configuration steps listed in the following sections show all of the configurable parameters. However, in general, most of these can be retained with the default values.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure spanning-tree mstag protocol instance identifier preempt delay for interval {seconds | minutes | hours} interface {Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet} instance.subinterface name name revision revision-number max age seconds provider-bridge bridge-id id
10. port-id id 11. external-cost cost 12. hello-time seconds 13. instance id 14. vlan-id vlan-range [,vlan-range][,vlan-range][,vlan-range] 15. priority priority 16. port-priority priority 17. cost cost 18. root-bridge id
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
254829
LSC-329
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)#
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# spanning-tree mstag a RP/0/RSP0/CPU0:router(config-mstag)#
Step 3
Specifies the delay period during which startup BPDUs should be sent, before preempting.
Example:
RP/0/RSP0/CPU0:router(config-mstag)# preempt delay for 10 seconds
Step 4
Enters the MSTAG interface configuration submode, and enables MSTAG for the specified port.
Example:
RP/0/RSP0/CPU0:router(config-mstag)# interface GigabitEthernet0/2/0/30.1 RP/0/RSP0/CPU0:router(config-mstag-if)#
Step 5
name name
Sets the name of the MSTP region. The default value is the MAC address of the switch, formatted as a text string using the hexadecimal representation specified in IEEE Standard 802. Sets the revision level of the MSTP region. Allowed values are from 0 through 65535.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# name leo
Step 6
revision revision-number
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# revision 1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-330
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 7
max age seconds
Purpose Sets the maximum age performance parameters for the bridge. Allowed values for the maximum age time for the bridge in seconds are from 6 through 40.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# max age 20
Step 8
provider-bridge
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# provider-bridge
Step 9
bridge-id id
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# bridge-id 001c.0000.0011
Step 10
port-id id
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# port-id 111
Step 11
external-cost cost
Sets the external path cost on the current port. Allowed values for port cost are from 1 through 200000000.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# external-cost 10000
Step 12
hello-time seconds
Sets the port hello time in seconds. Allowed values are from 1 through 2.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# hello-time 1
Step 13
instance id
Enters the MSTI configuration submode. Allowed values for the MSTI ID are from 0 through 4094.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if)# instance 1
Step 14
Associates a set of VLAN IDs with the current MSTI. List of VLAN ranges in the form a-b, c, d, e-f, g, and so on.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# vlan-id 2-1005
Step 15
priority priority
Sets the bridge priority for the current MSTI. Allowed values are from 0 through 61440 in multiples of 4096.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# priority 4096
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-331
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 16
port-priority priority
Purpose Sets the port priority performance parameter for the MSTI. Allowed values for port priority are from 0 through 240 in multiples of 16.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# port-priority 160
Step 17
cost cost
Sets the internal path cost for a given instance on the current port. Allowed values for port cost are from 1 through 200000000.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# cost 10000
Step 18
root-bridge id
Sets the root bridge ID for the BPDUs sent from the current port.
Example:
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# root-id 001c.0000.0011
Step 19
root-priority priority
Sets the root bridge priority for the BPDUs sent from this port.
Note
Example:
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# root-priority 4096
Repeat steps 4 to 19 to configure each interface, and repeat steps 13 to 19 to configure each MSTI for each interface.
Step 20
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# end
or
RP/0/RSP0/CPU0:router(config-mstag-if-ins t)# commit
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-332
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Configure MSTAG as described above. Take note of the untagged subinterface that is used. Configure connectivity between the gateway devices. This may be via an MPLS Pseudowire, or may be a VLAN subinterface if there is a direct physical link. Configure a point-to-point (P2P) cross-connect on each gateway device that contains the untagged subinterface and the link (PW or subinterface) to the other gateway device.
Once the untagged subinterface that is configured for MSTAG is added to the P2P cross-connect, MSTAG Topology Change Propagation is automatically enabled. MSTAG forwards BDPUs via the cross-connect to the other gateway device, so as to signal when a topology change has been detected. For more information on configuring MPLS pseudowire or P2P cross-connects, refer to the Implementing Point to Point Layer 2 Services module.
Verifying MSTAG
These show commands allow you to verify the operation of MSTAG:
show spanning-tree mstag mst-name show spanning-tree mstag mst-name bpdu interface interface-name show spanning-tree mstag mst-name topology-change flushes
Note
This section does not describe how to configure data switching. Refer to the Implementing Multipoint Layer 2 Services module for more information.
Enabling PVSTAG
PVSTAG is enabled for a particular VLAN, on a physical interface, by explicit configuration of that physical interface and VLAN for PVSTAG.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-333
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Root Priority and ID Root cost Bridge Priority and ID Port priority and ID Max Age Hello Time Both gateway devices should be configured with a root bridge priority and ID that is better (lower) than the bridge priority and Bridge ID of any device in the access network. It is recommended that you set the root bridge priority and ID to 0 on the gateway devices. Both gateway devices should be configured with a root cost of 0. One gateway device should be configured with the bridge priority and ID that is higher than the root bridge priority and ID, but lower than the bridge priority and ID of any other device in the network (including the other gateway device). It is recommended that you set the bridge priority to 0. The second gateway device should be configured with a bridge priority and ID that is higher than the root bridge priority and ID and the first gateway device bridge priority and ID, but lower than the bridge priority and ID of any device in the access network. It is recommended that you set the bridge priority to 1 for PVSTAG or 4096 for PVRSTAG. (For PVRSTAG, this is the lowest allowable value greater than 0.) All access devices must be configured with a higher bridge priority than the gateway devices. It is recommended that you use values of 2 or higher for PVSTAG, or 8192 or higher for PVRSTAG. For each spanning tree instance, the port path cost and other parameters may be configured on the access devices, so as to ensure the desired port is placed into the blocked state when all links are up.
For correct operation, these guidelines must be followed when configuring PVSTAG.
Caution
There are no checks on PVSTAG configurationmisconfiguration may result in incorrect operation of the PVST protocol in the access devices (for example, an STP dispute being detected). These guidelines are illustrated in Figure 38.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-334
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Figure 38
PVSTAG Guidelines
Virtual Root Bridge Pri: 0 Id: 0.0.0 Cost: 0 Gateway device 1 Cost: 0 Gateway device 2
Only a single access device can be attached to the gateway devices. Topology change notifications on a single VLAN affect all VLANs and bridge doamins on that physical interface.
Note
The configuration steps listed in the following sections show all of the configurable parameters. However, in general, most of these can be retained with the default values.
SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.
configure spanning-tree pvstag protocol instance identifier preempt delay for interval {seconds | minutes | hours} interface interface-instance.subinterface vlan vlan-id root-priority priority root-id id root-cost cost priority priority
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
254830
LSC-335
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
12. port-id id 13. hello-time seconds 14. max age seconds 15. end
or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-336
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)#
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# spanning-tree pvstag a RP/0/RSP0/CPU0:router(config-pvstag)#
Step 3
Specifies the delay period during which startup BPDUs should be sent, before preempting.
Example:
RP/0/RSP0/CPU0:router(config-pvstag)# preempt delay for 10 seconds
Step 4
interface interface-instance.subinterface
Enters the PVSTAG interface configuration submode, and enables PVSTAG for the specified port.
Example:
RP/0/RSP0/CPU0:router(config-pvstag)# interface GigabitEthernet0/2/0/30.1 RP/0/RSP0/CPU0:router(config-pvstag-if)#
Step 5
vlan vlan-id
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if)# vlan 200
Step 6
root-priority priority
Sets the root bridge priority for the BPDUs sent from this port.
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# root-priority 4096
Step 7
root-id id
Sets the identifier of the root bridge for BPDUs sent from a port.
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# root-id 0000.0000.0000
Step 8
root-cost cost
Set the root path cost to sent in BPDUs from this interface.
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# root-cost 10000
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-337
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 9
priority priority
Purpose Sets the bridge priority for the current MSTI. For PVSTAG, allowed values are from are 0 through 65535; for PVRSTAG, the allowed values are from 0 through 61440 in multiples of 4096. Sets the bridge ID for the current switch.
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# priority 4096
Step 10
bridge-id id
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# bridge-id 001c.0000.0011
Step 11
port-priority priority
Sets the port priority performance parameter for the MSTI. For PVSTAG, allowed values for port priority are from 0 through 255; for PVRSTAG, the allowed values are from 0 through 240 in multiples of 16. Sets the port ID for the current switch.
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# port-priority 160
Step 12
port-id id
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# port-id 111
Step 13
hello-time seconds
Sets the port hello time in seconds. Allowed values are from 1 through 2.
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# hello-time 1
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-338
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 14
max age seconds
Purpose Sets the maximum age performance parameters for the bridge. Allowed values for the maximum age time for the bridge in seconds are from 6 through 40.
Note
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# max age 20
Repeat steps 4 to 14 to configure each interface; repeat steps 5 to 14 to configure each VLAN on each interface. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Step 15
end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# end
or
RP/0/RSP0/CPU0:router(config-pvstag-if- vlan)# commit
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Configuring Subinterfaces
For each VLAN that is enabled for PVSTAG on an interface, a corresponding subinterface that matches traffic for that VLAN must be configured. This is used both for data switching and for PVST BPDUs. Follow these guidelines when configuring subinterfaces:
VLAN 1 is treated as the native VLAN in PVST. Therefore, for VLAN 1, a subinterface that matches untagged packets (encapsulation untagged) must be configured. It may also be necessary to configure a subinterface that matches packets tagged explicitly with VLAN 1 (encapsulation dot1q 1). Only dot1q packets are allowed in PVST; Q-in-Q and dot1ad packets are not supported by the protocol, and therefore subinterfaces configured with these encapsulation will not work correctly with PVSTAG. Subinterfaces that match a range of VLANs are supported by PVSTAG; it is not necessary to configure a separate subinterface for each VLAN, unless it is desirable for provisioning the data switching. PVSTAG does not support:
Physical interfaces configured in L2 mode Subinterface configured with a default encapsulation (encapsulation default) Subinterfaces configured to match any VLAN (encapsulation dot1q any)
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-339
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
For more information about configuring L2 subinterfaces, refer to the Implementing Point to Point Layer 2 Services module.
Verifying PVSTAG
These show commands allow you to verify the operation of PVSTAG or PVRSTAG:
In particular, these commands display the subinterface that is being used for each VLAN.
Configuring MVRP-lite
This section describes the procedure for configuring MVRP-lite:
Enabling MVRP-lite
When MVRP-lite is configured, it is automatically enabled on all interfaces where MSTP is enabled. MSTP must be configured before MVRP can be enabled. For more information on configuring MSTP, see Configuring MSTP, page 320.
Summary Steps
1. 2. 3. 4. 5. 6. 7. 8.
configure spanning-tree mst protocol instance name mvrp static periodic transmit [interval seconds] join-time milliseconds leave-time seconds leaveall-time seconds end or commit
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-340
OL-23107-02
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Detailed Steps
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure Thu Jun 4 07:50:02.660 PST RP/0/RSP0/CPU0:router(config)#
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# spanning-tree mst a RP/0/RSP0/CPU0:router(config-mstp)#
Step 3
mvrp static
Example:
RP/0/RSP0/CPU0:router(config-mstp)# mvrp static
Step 4
Sends periodic Multiple VLAN Registration Protocol Data Unit (MVRPDU) on all active ports.
Example:
RP/0/RSP0/CPU0:router(config-mvrp)# periodic transmit
Step 5
join-time milliseconds
Example:
RP/0/RSP0/CPU0:router(config-mvrp)# hello-time 1
Step 6
leave-time seconds
Example:
RP/0/RSP0/CPU0:router(config-mvrp)# leave-time 20
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-341
Implementing Multiple Spanning Tree Protocol How to Implement Multiple Spanning Tree Protocol
Command or Action
Step 7
leaveall-time seconds
Purpose Sets the leave all time for all active ports.
Example:
RP/0/RSP0/CPU0:router(config-mvrp)# leaveall-time 20
Step 8
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-mvrp)# end
or
RP/0/RSP0/CPU0:router(config-mvrp)# commit
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Verifying MVRP-lite
These show commands allow you to verify the operation of MVRP-lite:
show ethernet mvrp mad show ethernet mvrp status show ethernet mvrp statistics
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-342
OL-23107-02
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
Configuring MSTP: Examples Configuring MSTAG: Examples Configuring PVSTAG: Examples Configuring MVRP-Lite: Examples
This example shows the output from the show spanning-tree mst command, which produces an overview of the spanning tree protocol state:
# show spanning-tree mst example Role: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed Operating in dot1q mode
MSTI 0 (CIST): VLANS Mapped: 1-9,11-4094 CIST Root Priority 4096 Address 6262.6262.6262 This bridge is the CIST root
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-343
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
Priority 4096 Address 6262.6262.6262 This bridge is the root Int Cost 0 Max Age 20 sec, Forward Delay 15 sec
Priority 4096 (priority 4096 sys-id-ext 0) Address 6262.6262.6262 Max Age 20 sec, Forward Delay 15 sec Max Hops 20, Transmit Hold count 6 Interface Port ID Role State Designated Pri.Nbr Cost Bridge ID ------------ ------- --------- ---- ----- -------------------Gi0/0/0/0 128.1 20000 DSGN FWD 4096 6262.6262.6262 Gi0/0/0/1 128.2 20000 DSGN FWD 4096 6262.6262.6262 Gi0/0/0/2 128.3 20000 DSGN FWD 4096 6262.6262.6262 Gi0/0/0/3 128.4 20000 ---- BLK ----- --------------
Bridge ID
MSTI 1: VLANS Mapped: 10 Root ID Priority 4096 Address 6161.6161.6161 Int Cost 20000 Max Age 20 sec, Forward Delay 15 sec
Bridge ID
Priority 32768 (priority 32768 sys-id-ext 0) Address 6262.6262.6262 Max Age 20 sec, Forward Delay 15 sec Max Hops 20, Transmit Hold count 6
Interface
Port ID Pri.Nbr ------------ ------Gi0/0/0/0 128.1 Gi0/0/0/1 128.2 Gi0/0/0/2 128.3 Gi0/0/0/3 128.4
Role State Designated Bridge ID ---- ----- -------------------ROOT FWD 4096 6161.6161.6161 ALT BLK 4096 6161.6161.6161 DSGN FWD 32768 6262.6262.6262 ---- BLK ----- --------------
=========================================================================
In the show spanning-tree mst example output, the first line indicates whether MSTP is operating in dot1q or the Provider Bridge mode, and this information is followed by details for each MSTI. For each MSTI, the following information is displayed:
The list of VLANs for the MSTI. For the CIST, the priority and bridge ID of the CIST root, and the external path cost to reach the CIST root. The output also indicates if this bridge is the CIST root. The priority and bridge ID of the root bridge for this MSTI, and the internal path cost to reach the root. The output also indicates if this bridge is the root for the MSTI. The max age and forward delay times received from the root bridge for the MSTI. The priority and bridge ID of this bridge, for this MSTI.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-344
OL-23107-02
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
The maximum age, forward delay, max hops and transmit hold-count for this bridge (which is the same for every MSTI). A list of MSTP-enabled interfaces. For each interface, the following information is displayed:
The interface name The port priority and port ID for this interface for this MSTI. The port cost for this interface for this MSTI. The current port role:
DSGNDesignated: This is the designated port on this LAN, for this MSTI ROOTRoot: This is the root port for the bridge for this MSTI. ALTAlternate: This is an alternate port for this MSTI. BKPBackup: This is a backup port for this MSTI MSTRMaster: This is a boundary port that is a root or alternate port for the CIST. The interface is down, or the bringup delay timer is running and no role has been assigned yet.
The current port state:
BLKThe port is blocked. LRNThe port is learning. FWDThe port is forwarding. DLYThe bringup-delay timer is running.
If the port is a boundary port, and not CIST and the port is not designated, then only the
remaining fields. Otherwise, the bridge priority and bridge ID of the designated bridge on the LAN that the interface connects to is displayed, followed by the port priority and port ID of the designated port on the LAN. If the port role is Designated, then the information for this bridge or port is displayed. The following example shows the output from the show spanning-tree mst command, which produces more detailed information regarding interface state than the standard command as described above:
# show spanning-tree mst a interface GigabitEthernet0/1/2/1 GigabitEthernet0/1/2/1 Cost: 20000 link-type: point-to-point hello-time 1 Portfast: no BPDU Guard: no Guard root: no Guard topology change: no BPDUs sent 492, received 3
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-345
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
MST 3: Edge port: Boundary : internal Designated forwarding Vlans mapped to MST 3: 1-2,4-2999,4000-4094 Port info port id 128.193 cost 200000 Designated root address 0050.3e66.d000 priority 8193 cost 20004 Designated bridge address 0002.172c.f400 priority 49152 port id 128.193 Timers: message expires in 0 sec, forward delay 0, forward transitions 1 Transitions to reach this state: 12
The output includes interface information about the interface which applies to all MSTIs:
Cost link-type hello-time portfast (including whether BPDU guard is enabled) guard root guard topology change BPDUs sent, received. Port ID, priority, cost BPDU information from root (bridge ID, cost, and priority) BPDU information being sent on this port (Bridge ID, cost, priority) State transitions to reach this state. Topology changes to reach this state. Flush containment status for this MSTI.
This example shows the output of show spanning-tree mst errors, which produces information about interfaces that are configured for MSTP but where MSTP is not operational. Primarily this shows information about interfaces which do not exist:
# show spanning-tree mst a errors Interface Error ------------------------------GigabitEthernet1/2/3/4 Interface does not exist.
This example shows the output of show spanning-tree mst configuration, which displays the VLAN ID to MSTI mapping table. It also displays the configuration digest which is included in the transmitted BPDUsthis must match the digest received from other bridges in the same MSTP region:
# show spanning-tree mst a configuration Name leo Revision 2702 Config Digest 9D-14-5C-26-7D-BE-9F-B5-D8-93-44-1B-E3-BA-08-CE Instance Vlans mapped -------- ------------------------------0 1-9,11-19,21-29,31-39,41-4094 1 10,20,30,40 ------------------------------------------
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-346
OL-23107-02
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
This example shows the output of show spanning-tree mst bpdu interface, which produces details on the BPDUs being output and received on a given local interface:
Note
Several received packets can be stored in case of MSTP operating on a shared LAN.
# show spanning-tree mst a bpdu interface GigabitEthernet0/1/2/2 direction transmit MSTI 0 (CIST): Root ID : 0004.9b78.0800 Path Cost : 83 Bridge ID : 0004.9b78.0800 Port ID : 12 Hello Time : 2 ...
This example shows the output of show spanning-tree mst topology-change flushes, which displays details about the topology changes that have occurred for each MSTI on each interface:
# show spanning-tree mst M topology-change flushes instance$ MSTI 1: Interface Last TC Reason Count ------------ -------------------- -------------------------------- ----Te0/0/0/1 04:16:05 Mar 16 2010 Role change: DSGN to ---10 # # # show spanning-tree mst M topology-change flushes instance$ MSTI 0 (CIST): Interface -----------Te0/0/0/1 # Last TC -------------------04:16:05 Mar 16 2010 Reason Count -------------------------------- ----Role change: DSGN to ---10
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-347
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
priority 0 port-priority 0 ! ! !
This example shows additional configuration for MSTAG Topology Change Propagation:
l2vpn xconnect group example p2p mstag-example interface GigabitEthernet0/0/0/0.1 neighbor 123.123.123.1 pw-id 100 ! ! !
This example shows the output of show spanning-tree mstag bpdu interface, which produces details on the BPDUs being output and received on a given local interface:
RP/0/RSP0/CPU0:router#show Transmitted: MSTI 0 (CIST): ProtocolIdentifier: 0 ProtocolVersionIdentifier: BPDUType: 2 CISTFlags: Top Change Ack Agreement Forwarding Learning Role spanning-tree mstag foo bpdu interface GigabitEthernet 0/0/0/0
3 0 1 1 1 3
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-348
OL-23107-02
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
Proposal 0 Topology Change 0 CISTRootIdentifier: priority 8, MSTI 0, address 6969.6969.6969 CISTExternalPathCost: 0 CISTRegionalRootIdentifier: priority 8, MSTI 0, address 6969.6969.6969 CISTPortIdentifierPriority: 8 CISTPortIdentifierId: 1 MessageAge: 0 MaxAge: 20 HelloTime: 2 ForwardDelay: 15 Version1Length: 0 Version3Length: 80 FormatSelector: 0 Name: 6969:6969:6969 Revision: 0 MD5Digest: ac36177f 50283cd4 b83821d8 ab26de62 CISTInternalRootPathCost: 0 CISTBridgeIdentifier: priority 8, MSTI 0, address 6969.6969.6969 CISTRemainingHops: 20 MSTI 1: MSTIFlags: Master 0 Agreement 1 Forwarding 1 Learning 1 Role 3 Proposal 0 Topology Change 0 MSTIRegionalRootIdentifier: priority 8, MSTI 1, address 6969.6969.6969 MSTIInternalRootPathCost: 0 MSTIBridgePriority: 1 MSTIPortPriority: 8 MSTIRemainingHops: 20
This example shows the output of show spanning-tree mstag topology-change flushes, which displays details about the topology changes that have occurred for each interface:
#show spanning-tree mstag b topology-change flushes MSTAG Protocol Instance b Interface -----------Gi0/0/0/1 Gi0/0/0/2 Last TC ------------------18:03:24 2009-07-14 21:05:04 2009-07-15 Reason Count -------------------------------- ----Gi0/0/0/1.10 egress TCN 65535 Gi0/0/0/2.1234567890 ingress TCN 2
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-349
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-350
OL-23107-02
Implementing Multiple Spanning Tree Protocol Configuration Examples for Implementing MSTP
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-351
Additional References
These sections provide references related to implementing Multiple Spanning Tree Protocol (MSTP) on Cisco ASR 9000 Series Routers.
Related Documents
Related Topic Document Title
Multiple Spanning Tree Protocol Commands: complete Multiple Spanning Tree Protocol Commands module in Cisco ASR command syntax, command modes, command history, 9000 Series Aggregation Services Router L2VPN and Ethernet defaults, usage guidelines, and examples Services Command Reference
Standards
Standards IEEE 802.1Q-2005 Title IEEE Standard for Local and Metropolitan Area Networks - Virtual Bridged Local Area Networks
MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. Title
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-352
OL-23107-02
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-353
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-354
OL-23107-02
Note
For a complete description of the Ethernet services access list commands listed in this module, refer to the Ethernet Services (Layer 2) Access List Commands on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference publication. To locate documentation of other commands that appear in this chapter, use the command reference master index, or search online.
Feature History for Implementing Ethernet Services Access Lists on Cisco ASR 9000 Series Routers
Release Modification
Release 3.7.2
Contents
Prerequisites for Implementing Layer 2 Access Lists, page 356 Information About Implementing Layer 2 Access Lists, page 356 How to Implement Layer 2 Access Lists, page 358 Configuration Examples for Implementing Layer 2 Access Lists, page 365 Additional References, page 366
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-355
Implementing Layer 2 Access Lists Prerequisites for Implementing Layer 2 Access Lists
Ethernet Services Access Lists Feature Highlights, page 356 Purpose of Ethernet Services Access Lists, page 356 How an Ethernet Services Access List Works, page 356 Ethernet Services Access List Entry Sequence Numbering, page 358
The ability to clear counters for an access list using a specific sequence number. The ability to copy the contents of an existing access list to another access list. Allows users to apply sequence numbers to permit or deny statements and to resequence, add, or remove such statements from a named access list. Provides packet filtering on interfaces to forward packets. Ethernet services ACLs can be applied on interfaces, VLAN subinterfaces, bundle-Ethernet interfaces, EFPs, and EFPs over bundle-Ethernet interfaces. Atomic replacement of Ethernet services ACLs is supported on these physical interfaces.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-356
OL-23107-02
Implementing Layer 2 Access Lists Information About Implementing Layer 2 Access Lists
The software tests the source or destination address of each packet being filtered against the conditions in the access list, one condition (permit or deny statement) at a time. If a packet does not match an access list statement, the packet is then tested against the next statement in the list. If a packet and an access list statement match, the remaining statements in the list are skipped and the packet is permitted or denied as specified in the matched statement. The first entry that the packet matches determines whether the software permits or denies the packet. That is, after the first match, no subsequent entries are considered. If the access list denies the address or protocol, the software discards the packet. If no conditions match, the software drops the packet because each access list ends with an unwritten or implicit deny statement. That is, if the packet has not been permitted or denied by the time it was tested against each statement, it is denied. The access list should contain at least one permit statement or else all packets are denied. Because the software stops testing conditions after the first match, the order of the conditions is critical. The same permit or deny statements specified in a different order could result in a packet being passed under one circumstance and denied in another circumstance. Inbound access lists process packets arriving at the router. Incoming packets are processed before being routed to an outbound interface. An inbound access list is efficient because it saves the overhead of routing lookups if the packet is to be discarded because it is denied by the filtering tests. If the packet is permitted by the tests, it is then processed for routing. For inbound lists, permit means continue to process the packet after receiving it on an inbound interface; deny means discard the packet. Outbound access lists process packets before they leave the router. Incoming packets are routed to the outbound interface and then processed through the outbound access list. For outbound lists, permit means send it to the output buffer; deny means discard the packet. An access list can not be removed if that access list is being applied by an access group in use. To remove an access list, remove the access group that is referencing the access list and then remove the access list. An access list must exist before you can use the ethernet-services access-group command.
Create the access list before applying it to an interface. Organize your access list so that more specific references appear before more general ones.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-357
If entries with no sequence numbers are applied, the first entry is assigned a sequence number of 10, and successive entries are incremented by 10. The maximum sequence number is 2147483646. If the generated sequence number exceeds this maximum number, this message is displayed:
Exceeded maximum sequence number.
If you provide an entry without a sequence number, it is assigned a sequence number that is 10 greater than the last sequence number in that access list and is placed at the end of the list. ACL entries can be added without affecting traffic flow and hardware performance. Distributed support is provided so that the sequence numbers of entries in the route-switch processor (RSP) and interface card are synchronized at all times.
Restrictions for Implementing Layer 2 Access Lists, page 358 Configuring Ethernet Services Access Lists, page 359 (optional) Applying Ethernet Services Access Lists, page 360 (optional) Resequencing Access-List Entries, page 363 (optional)
Ethernet services access lists are not supported over management interfaces. NetIO (software slow path) is not supported for Ethernet services access lists.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-358
OL-23107-02
SUMMARY STEPS
1. 2. 3.
configure ethernet-service access-list name [sequence-number] {permit | deny} {src-mac-address src-mac-mask | any | host} [{ethertype-number} | vlan min-vlan-ID [max-vlan-ID]] [cos cos-value] [dei] [inner-vlan min-vlan-ID [max-vlan-ID]] [inner-cos cos-value] [inner-dei] Repeat Step 3 as necessary, adding statements by sequence number where you planned. Use the no sequence-number command to delete an entry. end or commit show access-lists ethernet-services [access-list-name | maximum | standby | summary]
4. 5.
6.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Enters Ethernet services access list configuration mode and configures access list L2ACL2.
Example:
RP/0/RSP0/CPU0:router(config)# ethernet-service access-list L2ACL2
Step 3
[sequence-number] {permit | deny} {src-mac-address src-mac-mask | any | host} [{ethertype-number} | vlan min-vlan-ID [max-vlan-ID]] [cos cos-value] [dei] [inner-vlan min-vlan-ID [max-vlan-ID]] [inner-cos cos-value] [inner-dei]
Example:
RP/0/RSP0/CPU0:router(config-es-al)# 20 permit 1.2.3 3.2.1 or RP/0/RSP0/CPU0:router(config-es-al)# 30 deny any dei
Specifies one or more conditions allowed or denied, which determines whether the packet is passed or dropped.
Step 4
Repeat Step 3 as necessary, adding statements by sequence number where you planned. Use the no sequence-number command to delete an entry.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-359
Command or Action
Step 5
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-es-acl)# end
or
RP/0/RSP0/CPU0:router(config-es-acl)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 6
(Optional) Displays the contents of the named Ethernet services access list.
Example:
RP/0/RSP0/CPU0:router# show access-lists ethernet-services L2ACL1
What to Do Next
After creating an Ethernet services access list, you must apply it to an interface. See the Applying Ethernet Services Access Lists section for information about how to apply an access list.
Note
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-360
OL-23107-02
SUMMARY STEPS
1. 2. 3. 4.
configure interface type instance ethernet-service access-group access-list-name {ingress | egress} end or commit
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/2
The type argument specifies an interface type. For more information on interface types, use the question mark (?) online help function. The instance argument specifies either a physical interface instance or a virtual instance.
The naming notation for a physical interface
instance is rack/slot/module/port. The slash (/) between values is required as part of the notation.
The number range for a virtual interface instance
Use the access-list-name argument to specify a particular Ethernet services access list. Use the ingress keyword to filter on inbound packets or the egress keyword to filter on outbound packets.
Example:
RP/0/RSP0/CPU0:router(config-if)# ethernet-services access-group p-in-filter ingress RP/0/RSP0/CPU0:router(config-if)# ethernet-services access-group p-out-filter egress
This example applies filters on packets inbound and outbound from GigabitEthernet interface 0/2/0/2.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-361
Command or Action
Step 4
end
or
commit
When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-362
OL-23107-02
SUMMARY STEPS
1. 2.
copy access-list ethernet-service source-acl destination-acl show access-lists ethernet-services [access-list-name | maximum | standby | summary]
DETAILED STEPS
Command or Action
Step 1
copy access-list ethernet-service source-acl destination-acl
Use the source-acl argument to specify the name of the access list to be copied. Use the destination-acl argument to specify where to copy the contents of the source access list.
The destination-acl argument must be a unique
Example:
RP/0/RSP0/CPU0:router# copy access-list ethernet-service list-1 list-2
name; if the destination-acl argument name exists for an access list, the access list is not copied.
Step 2
show access-lists ethernet-services [access-list-name | maximum | standby | summary]
Example:
RP/0/RSP0/CPU0:router# show access-lists ethernet-services list-2
(Optional) Displays the contents of a named Ethernet services access list. For example, you can verify the output to see that the destination access list list-2 contains all the information from the source access list list-1.
SUMMARY STEPS
1. 2.
resequence access-list ethernet-service access-list-name [starting-sequence-number [increment]] end or commit show access-lists ethernet-services [access-list-name | maximum | standby | summary]
3.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-363
DETAILED STEPS
Command or Action
Step 1
resequence access-list ethernet-service access-list-name [starting-sequence-number [increment]]
Purpose (Optional) Resequences the specified Ethernet services access list using the desired starting sequence number and the increment of sequence numbers.
Example:
RP/0/RSP0/CPU0:router# resequence access-list ethernet-service L2ACL2 20 10
This example resequences an Ethernet services access list named L2ACL2. The starting sequence number is 20 and the increment is 10. If you do not select an increment, the default increment 10 is used. If during the resequencing process it is determined that the ending number will exceed the maximum sequence number allowed, the configuration will not take effect and will be rejected. The sequence numbers will not be changed. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:
Note
Step 2
end
or
commit
Example:
RP/0/RSP0/CPU0:router# end
or
RP/0/RSP0/CPU0:router# commit
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 3
Example:
RP/0/RSP0/CPU0:router# show access-lists ethernet-services L2ACL2
Review the output to see that the access list includes the updated information.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-364
OL-23107-02
Implementing Layer 2 Access Lists Configuration Examples for Implementing Layer 2 Access Lists
Resequencing Entries in an Access List: Example, page 365 Adding Entries with Sequence Numbers: Example, page 365
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-365
Additional References
These sections provide references related to implementing Ethernet services access lists on Cisco ASR 9000 Series Routers.
Related Documents
Related Topic Document Title
Ethernet services access list commands: complete Ethernet Services (Layer 2) Access List Commands on command syntax, command modes, command history, Cisco ASR 9000 Series Routers module in Cisco ASR 9000 Series defaults, usage guidelines, and examples Aggregation Services Router IP Addresses and Services Command Reference
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. Title
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-366
OL-23107-02
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-367
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-368
OL-23107-02
System Considerations
This module provides information on the Cisco ASR 9000 Series Routers scale limitations.
Note
The show l2vpn capability command displays the scale limitation for the router.
Scale Limitations
Table 4 provides information on the Scale limitations for the Cisco ASR 9000 Series Routers.
Note
Table 4
B 64K NA NA NA 8K 512K
E 64K NA NA 40 8K 512K
L 4K NA NA NA NA 512K
B 8K NA NA NA NA 512K
NA NA NA NA 512K
32K NA NA NA 8K 512K
LAG Subinterfaces 4K
Note
To achieve the scale values, subinterfaces must be evenly allocated between the line cards physical ports.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-369
For more information on Ethernet line cards, see Table 1-3 of the Cisco ASR 9000 Series Aggregation Services Router Ethernet Line Card Installation Guide.
Additional References
These sections provide references related to implementing Ethernet services access lists on Cisco ASR 9000 Series Routers.
Related Documents
Related Topic Document Title
Ethernet services access list commands: complete Ethernet Services (Layer 2) Access List Commands on command syntax, command modes, command history, Cisco ASR 9000 Series Routers module in Cisco ASR 9000 Series defaults, usage guidelines, and examples Aggregation Services Router IP Addresses and Services Command Reference
Standards
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. Title
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-370
OL-23107-02
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-371
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-372
OL-23107-02
INDEX
Cisco ASR 9000 Series Aggregation Services Router Advanced System Command Reference Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference Cisco ASR 9000 Series Aggregation Services Router Multicast Command Reference Cisco ASR 9000 Series Aggregation Services Router System Monitoring Command Reference Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Command Reference Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference Cisco ASR 9000 Series Aggregation Services Router System Security Command Reference Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference
how to define
LSC-193
B
bridge domain how to associate members how to configure parameters how to configure pseudowire how to create how to disable overview split horizon
LSC-204 LSC-214 LSC-209 LSC-211 LSC-206
LSC-76
LSC-87, LSC-93
A
access lists applying
LSC-360
D
dot1q native vlan command dot1q vlan command
LSC-41 LSC-44
inbound or outbound interfaces, applying on LSC-360 aging, MAC address how to configure how to define
LSC-244 LSC-199
E
encapsulation command EoMPLS ethernet port mode inter-as port mode overview QinQ mode Ethernet Features
LSC-130 LSC-133 LSC-133 LSC-53 LSC-130 LSC-132 LSC-41, LSC-42
Any Transport over Multiprotocol (AToM) static labels, how to use static pseudowire MPLS L2VPN attachment circuits
LSC-232 LSC-232
QinAny mode
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-373
Index
L2PT
LSC-54 LSC-54
MTU inheritance
using the dot1q native vlan command using the dot1q vlan command
LSC-33 LSC-41 LSC-43
configuring the IP address and subnet mask configuring the MAC address configuring the MTU default settings flow control MAC address mtu
LSC-28 LSC-34 LSC-28 LSC-28 LSC-28, LSC-33 LSC-28, LSC-33
LSC-42,
F
failover flooding MAC address
LSC-199 LSC-28, LSC-33 LSC-128 LSC-76
LSC-18
IEEE 802.3ab 1000BASE-T Gigabit Ethernet LSC-18 IEEE 802.3ae 10 Gbps Ethernet IEEE 802.3 Physical Ethernet Infrastructure LSC-18 IEEE 802.3z 1000 Mbps Gigabit Ethernet Layer 2 VPN overview
LSC-17 LSC-35 LSC-18 LSC-18
flow-control command
G
Generic Routing Encapsulation Overview (L2VPN) LSC-135
I
LSC-28, LSC-33
using the flow-control command using the interface command using the ipv4 address command using the mac address command using the mtu command
IEEE 802.1ah Provider Backbone Bridge IEEE 802.3ad standard if submode bundle id command bundle-id command ip address command Inter-AS configurations
LSC-87, LSC-93 LSC-87 LSC-74
LSC-283
using the negotiation auto command using the no shutdown command VLANs 802.1Q frames tagging assigning a VLAN AC
LSC-26 LSC-41 LSC-42 LSC-40
LSC-34
no shutdown command
LSC-149
interface Bundle-Ether command interface command Link Bundling for VLAN subinterfaces
LSC-86, LSC-90
LSC-87, LSC-93
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-374
OL-23107-02
Index
interfaces Link Bundling configuring link failover prerequisites QoS IP access lists bundle-POS IP Interworking
LSC-360 LSC-75 LSC-71, LSC-77 LSC-85 LSC-77 LSC-72
LSC-199
LSC-28, LSC-33
LSC-134 LSC-141
ip address command
LSC-86, LSC-90, LSC-91 LSC-138 LSC-33, LSC-76, LSC-86, LSC-90 LSC-129
VLAN mode, how to configure multicast-routing command multicast-routing submode interface all enable command See multicast-routing command Multi-Chassis Link Aggregation
LSC-171
LSC-171
L
L2VPN See Layer 2 VPN Layer 2 VPN configuring an attachment circuit overview
LSC-17 LSC-35 LSC-17 LSC-150
N
negotiation auto command no interface command
LSC-33
limit, MAC address actions, types of how to configure link bundling configuring VLAN bundles link failover
LSC-77 LSC-26 LSC-200 LSC-241 LSC-73, LSC-74
LSC-45 LSC-76
no shutdown command
LSC-87, LSC-91, LSC-93 LSC-34
P
PBB
LSC-283 LSC-296 LSC-294
M
MAC address aging
LSC-199 LSC-199 LSC-199 LSC-200 LSC-198
backbone source MAC, how to configure backbone VLAN tag, how to configure benefits
LSC-284 LSC-291
flooding
LSC-293
related parameters
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-375
Index
Prerequisites Restrictions
source-based learning, how to configure MAC address LSC-236 static point-to-point xconnects
LSC-146
service instance, how to configure port mode, MPLS L2VPN pseudowire (PW) bridge domain, how to configure MPLS L2VPN
LSC-130 LSC-150
LSC-206
T
tasks access lists, applying
LSC-360
Q
QinAny mode QinQ mode
LSC-133 LSC-133
V
VFI (Virtual Forwarding Instance)
LSC-150
LSC-232 LSC-228
bridge domain member, how to associate how to add under bridge domain how to disable
LSC-234 LSC-224
R
router igmp command router igmp submode version command router mld command router mld submode version command
LSC-172 LSC-172 LSC-172 LSC-172
pseudowire classes to pseudowires, how to attach LSC-230 pseudowires, how to associate VLAN figure, mode packet flow mode VLANs 802.1Q frames tagging assigning a VLAN AC configuring bundles
LSC-358 LSC-88, LSC-94 LSC-26 LSC-41 LSC-131 LSC-131 LSC-226
S
sequence numbering behavior show interfaces command for Ethernet interfaces
LSC-34, LSC-38 LSC-88
show lacp bundle Bundle-Ether command show pim group-map command show pim topology command show vlan command signaling VPLS
LSC-196 LSC-172 LSC-172
LSC-26
LSC-26 LSC-44
using the dot1q native vlan command using the dot1q vlan command
LSC-41
LSC-44
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-376
OL-23107-02
Index
LSC-45 LSC-42,
using the show vlan interfaces command VPLS (Virtual Private LAN Services) attachment circuits overview
LSC-191 LSC-196 LSC-194 LSC-193 LSC-191
virtual bridge, how to simulate VPLS (virtual private LAN services) Layer 2 VPN, architecture
LSC-193
W
withdrawal, MAC address defining fields
LSC-200 LSC-263 LSC-200 LSC-239
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide OL-23107-02
LSC-377
Index
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide
LSC-378
OL-23107-02