Cisco 7600-ES20 Ethernet Line Card Configuration Guide
Configuring the Cisco 7600 Series Ethernet Services 20G Line Card
Downloads: This chapterpdf (PDF - 2.88MB) The complete bookPDF (PDF - 4.4MB) | Feedback

Configuring the Cisco 7600 Series Ethernet Services 20G Line Card

Table Of Contents

Configuring the Cisco 7600 Series Ethernet Services 20G Line Card

Required Configuration Tasks

Identifying Slots and Subslots for the Cisco 7600 Series Ethernet Services 20G Line Card

Configuring High-Availability Features

Configuring UDE on ES20 Line Cards

Restrictions and Usage Guidelines

Configuring Unidirectional Link Detection (UDLD) on Ports with EVCs

Restrictions and Usage Guidelines

Configuring UDLD Aggressive Mode

Enabling UDLD on Ports With EVC Configured

Disabling Individual UDLD on Ports With EVC Configured

Resetting Disabled UDLD on Ports With EVC Configured

Verification

ISSU Support for ES20 Line Card

Configuring IEEE 802.1ag-2007 Compliant CFM

Supported Line Cards

Scalable Limits

Restrictions and Usage Guidelines

Support for IEEE 802.1ad

Prerequisites for IEEE 802.1ad

Restrictions for IEEE 802.1ad

Information About IEEE 802.1ad

How to Configure IEEE 802.1ad

Troubleshooting Dot1ad

Configuring Layer 2 Features

Cross-Bundling

Configuring EVC EtherChannel and LACP over EVC Port Channel

Restrictions and Usage Guidelines

Multichassis Support for Link Aggregation Control Protocol

Requirements and Restrictions

Troubleshooting

Pseudo MLACP Support on Cisco 7600

Failover Operations

Failure Recovery

Restrictions for PMLACP

Configuring PMLACP on Cisco 7600

Configuration Examples

Verification

Troubleshooting Tips

Configuring Custom Ethertype for EVC Interfaces

Supported Rewrite Rules for a Custom Ethertype Configuration

Supported Rewrites for Non Range on a C-Tag on an NNI

Supported Rewrites for Range on C-Tag with an NNI

Restrictions and Usage Guidelines

Configuring Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Restrictions and Usage Guidelines

Troubleshooting

Configuring Flexible Service Mapping Based on CoS and Ethertype

Restrictions and Usage Guidelines

Configuring MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Restrictions and Usage Guidelines

Configuring Gigabit Ethernet Link Aggregation with Advanced Load Balancing

Restriction and Usage Guidelines

Troubleshooting Load Balancing Features

Configuring Virtual Private LAN Service (VPLS) with Port-Channel as a Core Interface

TE-FRR Support on VPLS LAG NNI

Load Balancing

Fat Pseudo-Wire Load Balancing

Provider Router Load Balancing

BPDU PW Over LAG NNI

Restrictions and Usage Guidelines

Configuring BPDU PW on a Port Channel

Configuring the Backup Interface for Flexible UNI

Restriction and Usage Guidelines

Troubleshooting

Configuring Layer2 Access Control Lists (ACLs) on an EVC

Restrictions and Usage Guidelines

Configuring Broadcast Storm Control on Switchports and Ports with Ethernet Virtual Connections

Detecting a Broadcast Storm

Traffic Storm Control on ES20 Switchports

Restrictions and Usage Guidelines

Traffic Storm Control on ES20 with EVCs

Restrictions and Usage Guidelines

Troubleshooting

Configuring Asymmetric Carrier-Delay

Restrictions and Usage Guidelines

Configuring MST on EVC Bridge Domain

Overview of MST and STP

Overview of MST on EVC Bridge Domain

Restrictions and Usage Guidelines

Examples

Verification

DHCP Snooping with Option-82 on EVC

Restrictions and Usage Guidelines

Verification

Configuring MAC Address Security for EVC Bridge-Domain

Restrictions and Usage Guidelines

Configuring MAC Address Security for EVC Bridge-Domain

Enabling MAC Address Security for EVC Bridge-Domain

Disabling MAC Address Security for EVC Bridge-Domains on an EFP

Configuring Whitelisted MAC Address on an EFP

Configuring Sticky MAC Addresses on an EFP

Configuring Secure MAC Address Aging on an EFP

Configuring MAC Address Limiting on an EFP

Configuring MAC Address Limiting on a Bridge-Domain

Configuring Violation Response on an EFP

Troubleshooting

Configuring Static MAC on Ethernet Flow Point and Pseudowire

Restrictions and Usage Guidelines

Configuring Static MAC over EFP for the Cisco 7600 Router

Configuring MPLS on Core-Facing Interface

Configuring Static MAC over Pseudowire for the Cisco 7600 Router

Troubleshooting

Configuring Resilient Ethernet Protocol

REP Edge No-Neighbor

Configuring REP over Ethernet Virtual Circuit

Restrictions and Usage Guidelines

Configuring REP over EVC for the Cisco 7600 Router

Configuring REP over EVC using Cross connect for the Cisco 7600 Router

Configuring REP over EVC using connect for the Cisco 7600 Router

Configuring REP over EVC using bridge domain for the Cisco 7600 Router

Configuring Resilient Ethernet Protocol Configurable Timers

Restrictions and Usage Guidelines

Configuring REP Configurable Timers for the Cisco 7600 Router

Configuring the REP Link Status Layer Retries

Configuring the REP Link Status Layer Age Out Timer

Configuring the REP Link Status Layer Age Out Timer

Troubleshooting

Configuring CFM over EFP Interface with cross connect

Restrictions and Usage Guidelines

Configuring CFM over EFP with xconnect for the Cisco 7600 Router

Configuring CFM over EFP Interface with Cross Connect—Basic Configuration

Configuring CFM over EFP Interface with Cross Connect—Single Tag VLAN Cross Connect

Configuring CFM over EFP Interface with Cross Connect—Double Tag VLAN Cross Connect

Configuring CFM over EFP Interface with Cross Connect—Selective QinQ Cross Connect

Configuring CFM over EFP Interface with Cross Connect—Port-Based Cross Connect Tunnel

Configuring CFM over EFP Interface with Cross Connect—Port Channel-Based Cross Connect Tunnel

Troubleshooting CFM Features

Configuring Reverse Layer 2 Gateway Ports for the Cisco 7600 Router

Restrictions and Usage Guidelines

Configuring Reverse L2GP for the Cisco 7600 Router

Troubleshooting Tips

Configuring Private Host Switch Virtual Interface (VLAN and VPLS)

Port Classification

Requirements and Restrictions

Verifying the Private Hosts SVI configuration

Sample Configuration For Private Hosts VPLS Configuration

Sample configuration for Private Hosts Interface Vlan configuration

Configuring Multicast Features

Configuring IGMP/PIM Snooping for VPLS Pseudowire on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Restrictions and Usage Guidelines

Configuring Link State Tracking (LST)

Restrictions and Usage Guidelines

Configuring Link-State Tracking

Verification

Troubleshooting the Link State Tracking

Configuring Multicast VLAN Registration

Using MVR in a Multicast Television Application

Configuring MVR

Configuring Layer 3 and Layer 4 Features

Configuring Layer 3 and Layer 4 Access Control List on a Service Instance

Restrictions and Usage Guidelines

VRF aware IPv6 tunnel

Restrictions for VRF aware IPv6 tunnels

Configuring VRF aware IPv6 tunnel

Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT

Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF

Verifying the Configuration

Troubleshooting Tips

IPv6 Policy Based Routing

Policy Based Routing

Restrictions for IPv6 PBR

Configuring IPv6 PBR

Configuring MPLS Features

Configuring Any Transport over MPLS

Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Restrictions and Usage Guidelines

Configuring MPLS Traffic Engineering Class-Based Tunnel Selection

Restrictions and Usage Guidelines

Creating Multiple MPLS Member TE or DS-TE Tunnels with the Same Headend and the Same Tailend

Creating a Master Tunnel, Attaching Member Tunnels, and Making the Master Tunnel Visible

Configuring Virtual Private LAN Service

Hierarchical Virtual Private LAN Service (H-VPLS) with MPLS to the Edge

Configuring SVI-Based IP/Routed Interworking

Restrictions and Usage Guidelines

Resetting a Cisco 7600 Series Ethernet Services 20G Line Card

SFP-GE-T Support


Configuring the Cisco 7600 Series Ethernet Services 20G Line Card


This chapter provides information about configuring the Cisco 7600 Series Ethernet Services 20G (ES20) line card on the Cisco 7600 series router. It includes the following sections:

Required Configuration Tasks

Configuring High-Availability Features

Configuring UDE on ES20 Line Cards

Configuring Unidirectional Link Detection (UDLD) on Ports with EVCs

Configuring IEEE 802.1ag-2007 Compliant CFM

Support for IEEE 802.1ad

Configuring Layer 2 Features

Cross-Bundling

Multichassis Support for Link Aggregation Control Protocol

Pseudo MLACP Support on Cisco 7600

Configuring Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Configuring Flexible Service Mapping Based on CoS and Ethertype

Configuring MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Configuring Gigabit Ethernet Link Aggregation with Advanced Load Balancing

Configuring Virtual Private LAN Service (VPLS) with Port-Channel as a Core Interface

Configuring the Backup Interface for Flexible UNI

Configuring Broadcast Storm Control on Switchports and Ports with Ethernet Virtual Connections

Traffic Storm Control on ES20 Switchports

Traffic Storm Control on ES20 with EVCs

Configuring Asymmetric Carrier-Delay

Configuring MST on EVC Bridge Domain

DHCP Snooping with Option-82 on EVC

Configuring MAC Address Security for EVC Bridge-Domain

Configuring Static MAC on Ethernet Flow Point and Pseudowire

Configuring Resilient Ethernet Protocol

Configuring CFM over EFP Interface with cross connect

Configuring Reverse Layer 2 Gateway Ports for the Cisco 7600 Router

Configuring Private Host Switch Virtual Interface (VLAN and VPLS)

IPv6 Policy Based Routing

Configuring Multicast Features

Configuring IGMP/PIM Snooping for VPLS Pseudowire on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Configuring Link State Tracking (LST)

Configuring Multicast VLAN Registration

Configuring Layer 3 and Layer 4 Features

Configuring Layer 3 and Layer 4 Access Control List on a Service Instance

VRF aware IPv6 tunnel

Configuring MPLS Features

Configuring Any Transport over MPLS

Configuring MPLS Traffic Engineering Class-Based Tunnel Selection

Configuring Virtual Private LAN Service

Configuring SVI-Based IP/Routed Interworking

Resetting a Cisco 7600 Series Ethernet Services 20G Line Card

For information about managing your system images and configuration files, refer to the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference publications that correspond to your Cisco IOS software release.

For more information about some of the commands used in this chapter, see

Chapter A, "Command Summary for the Cisco 7600 Series Ethernet Services 20G Line Card," and the Cisco IOS Release 12.2 SR Command References at http://www.cisco.com/en/US/products/ps6922/prod_command_reference_list.html

Also refer to the related Cisco IOS software command reference and master index publications. For more information about accessing these publications, see the "Related Documentation" section.

Required Configuration Tasks

As of Cisco IOS Release 12.2SRB, there are not many features that require direct configuration on the ES20 line card. You do not need to attach to the ES20 line card itself to perform any configuration.

Identifying Slots and Subslots for the Cisco 7600 Series Ethernet Services 20G Line Card

The ES20 line card supports In-Service Software Upgrade (ISSU) with Enhanced Fast Software Upgrade (eFSU). ISSU allows for the upgrade and downgrade of Cisco IOS images at different release levels on the active and standby supervisors. ISSU procedure also applies to upgrade and downgrade of line card images. A new line card image is loaded, as necessary, when the supervisor engine software is upgraded or downgraded.

For more information, see the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR at http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/swcg.html

Configuring High-Availability Features

This section provides information about configuring high-availability features specific to the ES20 line card.

Configuring UDE on ES20 Line Cards

Unidirectional Ethernet (UDE) feature allows interfaces to operate as unidirectional links, that is, either in receive (Rx) only mode or transmit (Tx) only mode. Unidirectional Ethernet uses only one strand of fiber for either transmitting or receiving one-way traffic for Gig Ports instead of two strands of fiber for a full duplex operation.

UDLR mechanism allows a set of feeds and receivers, which are directly connected by a unidirectional link, to send datagrams as if they were all connected by a bidirectional link.

Unidirectional Routing is used in applications with a great amount of data traffic flowing in one direction and little control traffic flowing in the opposite direction.

When an interface is configured as unidirectional send-only or receive-only, the following actions take place:

For ports configured as send-only, the port ONLY transmits data and ignores any received data. Similarly receive-only ports do not transmit data.

UDLD is automatically disabled on the interface.

Autonegotiation is disabled on the interface.

Restrictions and Usage Guidelines

The following restrictions apply to the UDE links on ES20 line cards:

Uni Directional Link Routing (UDLR) is configured only on routed ports. Configure the IPv4 address on the UDLR tunnel. Each UDE can either be a switched port or a routed port and has a separate UDLR tunnel. UDLR handles bidirectional communication over the back channel.

Configuring unidirectional links may cause STP Loops. You must configure protocols correctly to avoid problems with the network.

For unidirectional links, you should manually configure the encapsulation and trunk mode to fixed values on each side. The protocol is not aware of the link type and will continue to try and negotiate if it is configured to do so. If both sides of a unidirectional link are negotiating, it is possible to get a trunk mismatch where the receive-only side becomes a trunk while the send-only side is access.

For send-only unidirectional links, switches cannot receive any CDP information about neighbors and VLAN mismatches cannot be detected.

VTP will not work if the VTP server is downstream of the unidirectional link. VTP pruning on send-only unidirectional links should preferably be disabled.

Dot1x is incompatible with ULDR.

If the link between a switch and a host is made unidirectional, IGMP snooping will not work because either the host will not receive IGMP queries from the switch or the switch will not receive IGMP reports from the host.

If two network devices are connected by a unidirectional link, then ARP requests and the response mechanism will not work. Additionally, static entries need to be created for proper functionality of protocols depending on such a mechanism.

Link Detection does not work on unidirectional interfaces.

Unidirectional Ethernet with EtherChannel configuration is not supported on ES20 line cards.

Receive-only transceivers are not supported.

UDE is only supported on a single fiber .

ISIS does not work with UDE/UDLR.

Auto-rp discovery packets are not received on the UDE receive-only port if UDE is configured with SVI. UDE links configured on routed ports do not have this issue.

The loopback mac command should not be configured explicitly when UDE is configured on an ES20 port. Similarly UDE should not be configured if loopback mac is configured on an ES20 port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface

4. unidrectional {send-only | receive-only}

5. ip-address ip_address mask

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable 

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface

Example:

Router(config)# interface tengigabitethernet 1/0/0

Enters interface mode.

Step 4 

unidirectional {send-only | receive-only}

Example:

Router(config-if)# unidirectional send-only

or

Router(config-if)# unidirectional receive-only

Configures the interface as a unidirectional send-only or a unidirectional receive-only link.

Note To enable UDE, a link can be configured either as send-only or as receive-only, but not both.

Step 5 

ip-address {ip_address mask}

Example:

Router(config-if)# ip address 11.0.0.2 255.201.220.10

Assigns an IP address and subnet mask to the unidirectional link.

Examples

Router A Configuration

In this example, interface 10.1.0.1 on Router A is configured as the send-only port while the tunnel running from 11.0.0.1 to 11.0.0.2 is configured as the receive-only interface.

interface tengigabitethernet 1/0/0 
unidirectional send-only 
ip address 10.1.0.1 255.255.0.0 
ip pim sparse-dense-mode 
!
! Configure tunnel as receive-only UDLR tunnel!
interfacetunnel 0 
tunnel source 11.0.0.1 
tunnel destination 11.0.0.2 
tunnel udlr receive-only tengigabitethernet 1/0/0 
 
   

Router B Configuration

In this example, interface 10.1.0.2 on Router B is configured as the receive-only port while the tunnel running from 11.0.0.2 to 11.0.0.1 is configured as the receive-only interface.

Config e.g 1 
interface tengigabitethernet 1/0/0 
unidirectional receive-only 
ip address 10.1.0.2 255.255.0.0 
ip pim sparse-dense-mode 
! 
! Configure tunnel as send-only UDLR tunnel. 
! 
interface tunnel 0 
tunnel source 11.0.0.2 
tunnel destination 11.0.0.1 
tunnel udlr send-only tengigabitethernet 1/2 
tunnel udlr address-resolution 
Config e.g 2 
interface GigabitEthernet1/0/0 
switchport 
switchport access vlan 100 
switchport mode access 
no ip address 
speed nonegotiate 
unidirectional send-only 
 
   
interface Vlan100 
ip address 10.0.1.1 255.255.255.0 
ip pim sparse-mode 
 
   

Switched Port UDE Configuration

This example shows UDE configuration on a switched port with an SVI interface, with OSPF enabled.

Topology :
 
   
    [UDE-R1]-----UDE--------->[UDE-R2]
           <-------UDLR------- 
 
   
UDE-R1#sh run int gig2/0/5
Building configuration...
 
   
Current configuration : 165 bytes
!
interface GigabitEthernet2/0/5
 switchport
 switchport access vlan 300
 switchport mode access
 speed nonegotiate
 no mls qos trust
 unidirectional send-only
end
 
   
UDE-R1#sh run int tunnel 10
Building configuration...
 
   
Current configuration : 150 bytes
!
interface Tunnel10
 ip address 70.10.10.1 255.255.255.0
 tunnel source 50.0.0.1
 tunnel destination 50.0.0.2
 tunnel udlr receive-only Vlan300
end
 
   
UDE-R1#sh run int vlan 300
Building configuration...
 
   
Current configuration : 104 bytes
!
interface Vlan300
 ip address 90.90.90.99 255.255.255.0
 
end
 
   
router ospf 1
 log-adjacency-changes
 network 20.0.0.0 0.0.0.255 area 0
 network 90.90.90.0 0.0.0.255 area 0
 
   
 
   
############ config on R2####################
 
   
UDE-R2#sh run int gig2/0/1
Building configuration...
 
   
Current configuration : 170 bytes
!
interface GigabitEthernet2/0/1
 switchport
 switchport access vlan 300
 switchport mode access
 speed nonegotiate
 mls qos trust dscp
 unidirectional receive-only
end
 
   
UDE-R2#sh run int tunnel 10
Building configuration...
 
   
Current configuration : 179 bytes
!
interface Tunnel10
 ip address 70.10.10.2 255.255.255.0
 tunnel source 50.0.0.2
 tunnel destination 50.0.0.1
 tunnel udlr send-only Vlan300
 tunnel udlr address-resolution
end
 
   
UDE-R2#sh run int vlan 300
Building configuration...
 
   
Current configuration : 82 bytes
!
interface Vlan300
 ip address 90.90.90.90 255.255.255.0
 end
 
   
router ospf 1
 log-adjacency-changes
 network 30.0.0.0 0.0.0.255 area 0
 network 90.90.90.0 0.0.0.255 area 0
 
   
 
   

Verification

Use the following commands to verify operation.

Command
Purpose

Router#sh interface interface-id unidirectional

Example:

Router# sh interface gigabitEthernet 2/0/5 unidirectional

Unidirectional configuration mode: send only

CDP neighbour unidirectional configuration mode: off

Displays information about the UDE configuration on a specific interface.


Configuring Unidirectional Link Detection (UDLD) on Ports with EVCs

UDLD (Unidirectional Link Detection) is a Layer 2 protocol that interacts with a Layer 1 protocol to determine the physical status of a link. At Layer 1, physical signaling and fault detection is auto-negotiated. UDLD detects the neighbor link, identifies, and disables the wrongly connected LAN ports. When you enable auto-negotiation and UDLD, Layer 1 and Layer 2 detections prevent physical and logical unidirectional connections, and malfunctioning of other protocols.

A unidirectional link occurs when the neighbor link receives the traffic transmitted by the local device, but the local device does not receive the transmitted traffic from its neighbor. If auto-negotiation is active, and one of the fiber strands in a pair is disconnected, the link is disabled. The logical link is undetermined, and UDLD does not take any action. At Layer 1, if both fibers are normal, UDLD at Layer 2 determines if the fibers are accurately connected, and traffic is relayed bidirectionally between the right neighbors. In this scenario, auto-negotiation operates in Layer 1, and the link status is unchecked.

The UDLD protocol monitors physical configuration of the cables, and detects unidirectional links of devices connected to LAN ports via Ethernet cables. When a unidirectional link is detected, UDLD disables the affected LAN port, and alerts the user.

The Cisco 7600 series router periodically transmits UDLD packets to neighboring devices on LAN ports with UDLD. If the packets are returned within a specific time frame, and there is no acknowledgement, the link is flagged as unidirectional, and the LAN port is disabled.

Restrictions and Usage Guidelines

Follow these restrictions and usage guidelines while configuring UDLD on ports with EVCs:

You can configure UDLD only on a port.

To identify and disable the unidirectional links, devices at both ends must support UDLD.

Service bridge domain should be available on the router.

Any of the supported EVC encapsulation can be configured.

Cisco IOS Release 15.1(1)S supports EVC port-channels.


Note If UDLD is enabled on an EVC port with service type connect or xconnect and encapsulation type default or untagged, the port is disabled.


For more information on UDLD, see the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR at the following URL:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/udld.html

Configuring UDLD Aggressive Mode

As UDLD aggressive mode is disabled by default, you can configure UDLD aggressive mode in point-to-point links between network devices that support UDLD aggressive mode.

When UDLD aggressive mode is enabled:

A port on a bidirectional link with UDLD neighbor relationship does not receive UDLD packets.

UDLD tries to reestablish the connection with the neighbor.

After eight failed retries, the port is disabled.

To prevent spanning tree loops, ensure that you set the non aggressive UDLD value interval to 15 seconds. This disables the unidirectional link before blocking the port transitions in the forwarding state (with default spanning tree parameters).

The benefits of enabling UDLD aggressive mode are:

Port on one side of a link is disabled (both Tx and Rx).

One side of a link is enabled even if the other side of the link fails.

In the above scenario, UDLD aggressive mode disables the port that prevents traffic from being discarded.

If UDLD...
Then the...

Detects a unidirectional link,

interface with its EVCs are disabled.

Is enabled on a port with an EVC bridge-domain, and encapsulation value set to default or untagged,

selected EVC is not shut down, and prevents the port from being disabled.


Enabling UDLD on Ports With EVC Configured

SUMMARY STEPS

1. enable

2. configure terminal

3. {udld | no udld} enable aggressive

4. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

enable
Example:
Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

configure terminal
Example:
Router# configure terminal
 
        

Enters global configuration mode.

Step 3 

{udld | no udld} enable aggressive

Example:

Router# udld enable aggressive

Enables the UDLD aggressive mode.

Step 4 

exit

Exits configuration mode.

SUMMARY STEPS

1. interface type/ slot/ port

2. {udld port | no udld port } aggressive

3. show udld type/ slot/ port

4. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

interface type/ slot/ port

Example:
Router(config)# gigethernet 1/0/0 

Selects the LAN port to configure.

Step 2 

{udld port | no udld port } aggressive

Example:

Router(config-if)# udld port aggressive

Router(config-if)# no udld port aggressive

Enables a UDLD on a specific LAN port. Enter the aggressive keyword to enable aggressive mode. On a fiber-optic LAN port, this command overrides the udld enable global configuration command.

Or

Disables a UDLD on a non- fiber-optic LAN port.

Step 3 

show udld type/ slot/ port

Example:

Router# show udld 1/0/0

Verifies the configuration.

Step 4 

exit

Exits the configuration mode.

Disabling Individual UDLD on Ports With EVC Configured

SUMMARY STEPS

1. interface type/ slot/ port

2. {udld port | no udld port } disable

3. show udld type/ slot/ port

4. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

interface type/ slot/ port}

Example:
Router(config)# gigethernet 1/0/0 

Selects the LAN port to configure.

Step 2 

{udld port | no udld port } disable

Example:

Router(config-if)# udld port disable

Router(config-if)# no udld port disable

Disables a UDLD on the LAN port.

Or

Reverts to the udld enable global configuration command setting.


Note This command is supported only on fiber-optic LAN ports.


Step 3 

show udld type/ slot/ port

Example:

Router# show udld 1/0/0

Verifies the configuration.

Step 4 

exit

Exits the configuration mode.

Resetting Disabled UDLD on Ports With EVC Configured

SUMMARY STEPS

1. udld reset

DETAILED STEPS

 
Command
Purpose

Step 1 

udld reset

Example:
Router# udld reset

Resets all the LAN ports disabled by UDLD.

Example

This example displays the global configuration values at router 1:

Router(config)#udld enable

This example displays the ESM20 port at router 1:

Router(config)# inter gi 2/0/1
Router(config-if)# udld port aggressive 
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 100 
Router(config-if-srv)# rewrite ingess tag translate 1-to2 dot1q 5 second-dot1q 5 symmetric
Router(config-if-srv)# bridge-domain 100
 
   
This example displays the configuration for a port that is part of a port channel: 
 
   
Router(config)#interface Port-channel1
Router(config-if)#no ip address
Router(config-if)#service instance 1 ethernet
Router(config-if)#encapsulation untagged
Router(config-if)#bridge-domain 100
 
   
Router(config)#interface GigabitEthernet3/0/13
Router(config-if)#ip arp inspection limit none
Router(config-if)#no ip address
Router(config-if)#udld port aggressive
Router(config-if)#no mls qos trust
Router(config-if)#channel-group 1 mode on

Verification

Use the show udld and show udld interface commands to verify the UDLD configuration:

Router(config)show udld gi 3/0/13 
Interface Gi1/3
---Port enable administrative configuration setting: Enabled / in aggressive mode
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single neighbor detected
Message interval: 15
Time out interval: 5
Entry 1
    ---
    Expiration time: 37
    Cache Device index: 1
    Current neighbor state: Bidirectional
    Device ID: 011932118C0  
    Port ID: Gi1/1  
    Neighbor echo 1 device: 0FF71CA880
    Neighbor echo 1 port: Gi1/3
 
    Message interval: 15
    Time out interval: 5
    CDP Device name: rish2 

ISSU Support for ES20 Line Card

The ES20 line card supports In-Service Software Upgrade (ISSU) with Enhanced Fast Software Upgrade (eFSU). ISSU allows for the upgrade and downgrade of Cisco IOS images at different release levels on the active and standby supervisors. ISSU procedure also applies to upgrade and downgrade of line card images. A new line card image is loaded, as necessary, when the supervisor engine software is upgraded or downgraded.

Configuring IEEE 802.1ag-2007 Compliant CFM

A Metro Ethernet network consists of networks from multiple operators supported by one service provider and connects multiple customer sites to form a virtual private network (VPN). Networks provided and managed by multiple independent service providers have restricted access to each other's equipment. Because of the diversity in these multiple-operator networks, failures must be isolated quickly. As a Layer 2 network, Ethernet must be capable of reporting network faults at Layer 2.

IEEE 802.3ah is a point-to-point and per- physical- wire OAM protocol that detects and isolates connectivity failures in the network. IEEE 802.1ag draft 8.1 Metro Ethernet Connectivity Fault Management (CFM) incorporates several OAM facilities that allow you to manage Metro Ethernet networks, including an Ethernet continuity check, end-to-end Ethernet traceroute facility using Linktrace message (LTM), Linktrace reply (LTR), Ethernet ping facility using Loopback Message (LBM), and a Loopback Reply (LBR). These Metro Ethernet CFM protocol elements quickly identify problems in the network.

Ethernet Connectivity Fault Management (CFM) is an end-to-end per-service-instance Ethernet layer operations, administration, and maintenance (OAM) protocol. It includes proactive connectivity monitoring, fault verification, and fault isolation for large Ethernet metropolitan-area networks (MANs) and WANs. Connectivity Fault Management (CFM) is the indispensable capability that service providers require to deploy large-scale, multivendor Metro Ethernet services. This feature upgrades the implementation of CFM to be compliant with the IEEE 802.1ag with the current standard, 802.1ag-2007 and implementation of CFM over L2VFI (Layer 2 Virtual Forwarding Instance Information), cross connect, EVC, and Switchport.

Key CFM mechanisms are:

Maintenance domains (MDs) that break up the responsibilities for the network administration of a given end-to-end service.

Maintenance associations (MAs) that monitor service instances within a specified MD.

Maintenance points, (MPs or MIPs), such as Maintenance end points (MEP's) that transmit and receive CFM protocol messages, and MIPs that catalog information received from MEPs, and respond to Linktrace and Loopback messages.

Protocols (Continuity Check, Loopback, and Linktrace) that are used to manage faults.

For more information on CFM, see Cisco IOS Carrier Ethernet Configuration Guide, Release 12.2SR at

http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/12-2sr/ce-12-2sr-book.html

For more information about the commands used in this section, see Cisco IOS Ethernet Command Reference Guide at http://www.cisco.com/en/US/docs/ios/cether/command/reference/ce_book.html

Supported Line Cards

Use the ethernet cfm global command to enable the CFM D8.1 feature on the following line cards:

ES20 and ES40:Switchports, routed ports, and EVC BD.

SIP400:Routed ports, and Layer 2 Virtual Forwarding Instance ( L2VFI).

SIP600:Switchports, and routed ports.

67xx: Switchports, and routed ports.

The complete support matrix for the CFM D8.1 feature is given in Table 2-1and Table 2-2.


Note Table 2-1 and Table 2-2 are part of the same table. The table is split into two for better readability.


Table 2-1 Supported Matrix1

Line card
CFM on
Switchport or CFM on Switch + BD for SVI Based EoMPLS for VPLS
CFM on
Routed Port
CFM
on
Service Instance with BD
for SVI based EoMPLS
for VPLS
CFM
on
Switchport
or
CFM on Switch + BD

WS-SUP720-3BXL

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-SUP720-3B

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

RSP720-3CXL-10GE

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

RSP720-3C-10GE

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

RSP720-3CXL-GE

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

RSP720-3C-GE

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-SUP32-GE-3B

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-SUP32-10GE-3B

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6148A

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6148-FE-SFP

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6516A-GBIC

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6524-100FX-MM

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6548-RJ-21

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6548-GE-TX

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6704-10GE

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6708-10G-3C

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6708-10G-3CXL

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6724-SFP

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6748-GE-TX

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

WS-X6748-SFP

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Applicable

Up MEP

Down MEP

Port MEP

SIP-400 + V2 GE SPAs

or

SIP-400 + WAN SPA

Not Supported

( SIP-400 + WAN SPA

or

SIP-400 + v2 GE SPA as uplink)

No Transparency with CFM Enabled on the box

Not Supported

Not Supported

Not Supported

SIP-400 + V2 FE SPA

or

SIP-400 + WAN SPA

Not Supported

SIP-400 + WAN SPA

or

SIP-400 + V2 GE SPA as uplink

No Transparency with CFM Enabled on the box

Not Supported

Not Supported

Not Supported

SIP-600 + V2 GE

or

V2 10GE SPA

or

WAN SPA

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Not Supported

Up MEP

Down MEP

Port MEP

ES20-GE

or

ES20-10GE

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Up MEP

Down MEP

Up MEP

Down MEP

Port MEP

ES+ GE /10GE

Up MEP

Down MEP

Port MEP

Down MEP

Port MEP

Up MEP

Down MEP

Up MEP

Down MEP

Port MEP


Table 2-2 Supported Matrix 2

Line card
CFM
on
Service Instance + xconnect
CFM
on
Service Instance + BD
for SVI based EoMPLS
for VPLS
CFM
on
L2-VFI
CFM
on
Routed Port

WS-SUP720-3BXL

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-SUP720-3B

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

RSP720-3CXL-10GE

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

RSP720-3C-10GE

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

RSP720-3CXL-GE

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

RSP720-3C-GE

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-SUP32-GE-3B

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-SUP32-10GE-3B

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6148A

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6148-FE-SFP

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6516A-GBIC

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6524-100FX-MM

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6548-RJ-21

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6548-GE-TX

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6704-10GE

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6708-10G-3C

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6708-10G-3CXL

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6724-SFP

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6748-GE-TX

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

WS-X6748-SFP

Not Applicable

Not Applicable

Not Applicable

Down MEP

Port MEP

SIP-400 + V2 GE SPAs

or

SIP-400 + WAN SPA

Not Supported

No Transperency

Not Supported

No Transperency

Down MEP

Down MEP

Port MEP

SIP-400 + V2 FE SPA

or

SIP-400 + WAN SPA

Not Supported

Not Supported

No Transperency

Down MEP

Down MEP

Port MEP

SIP-600 + V2 GE

or

V2 10GE SPA

or

WAN SPA

Not Supported

Not Supported

Down MEP

Down MEP

Port MEP

ES20-GE

or

ES20-10GE

Up MEP

Down MEP

Up MEP

Down MEP

Down MEP

Down MEP

Port MEP

ES+ GE /10GE

Up MEP

Down MEP

Up MEP

Down MEP

Down MEP

Down MEP

Port MEP


Scalable Limits

Table 2-3 maps the supported interfaces with the CFM points and their scalability values:

Table 2-3

Interfaces
CFM Points
Scalability Values

Switchports and EVC Bridge Domain (BD)

Up MEP
Down MEP
MIP
Port MEP

Remote MEP

8K MEPs per box (4K MEPs per LC) at 10 sec CC interval or higher CC intervals.
1K MEPs at 1 sec CC interval or higher CC intervals.
100 MEPs at 100 msec CC interval or higher CC intervals.

Routed Ports

Down MEP
Port MEP

Remote MEP

1K MEPs at 1 sec CC interval or higher CC intervals.
100 MEPs at 100 msec CC interval or higher CC intervals.
4K MEPs per box at 10 sec CC interval or higher CC intervals.


Scalable Limits

Restrictions and Usage Guidelines

When configuring CFM D8.1, follow these restrictions and usage guidelines:

Hardware EoMPLS is not supported.

Supports interworking between routed ports, switch ports, and EVC BD.

CFM D8.1 QinQ configuration on a subinterface is not supported.

You can ping or traceroute to a MEP where Continuity Check (CC) is disabled. However, you cannot use ping and traceroute for an down MEP on a STP blocked port configured on either a supervisor port or a LAN port.

CFM is not supported with a EVC manual load balancing configuration on a EVC bridge-domain and a EVC cross-connect interface.Though configuration is not rejected, the feature may not work as expected.

With lower CC intervals, CC packets are transmitted in bursts. Ensure that you appropriately configure the MLS rate limiters to avoid flapping of remote MEPs.

Ping and traceroute on trunk ports for Port-MEP's and down MEP's configured on native vlan is supported only on ES20 and ES40 line cards.

In 802.3ah E-OAM, the remote-loopback TEST status is not retained across switchovers. The remote loopback works with a longer OAM timeout value that is greater than 10 seconds.

Migrating CFM D1.0 to D8.1 works with a reduced scale of 2k MEPs on the routed ports. If there is an EVC service configured within a domain in D1, the link fails while migrating to D8.1. To avoid this, ensure that you configure the VLAN and the EVC within the domain in D1, as shown in the next example.

Sample D1 configuration during migration:

ethernet cfm domain 2OUT493 level 2 direction outward
service 1 evc 493

Sample configuration to avoid the migration issue:

ethernet cfm domain 2OUT493 level 2 direction outward
service 1 evc 493
service 1 vlan 493

SUMMARY STEPS (COMMON CONFIGURATIONS FOR EVC, SWITCHPORT, AND ROUTED PORTS)

1. enable

2. configure terminal

3. ethernet cfm domain domain-name level level-id

4. service { short-ma-name | number MA-number | vlan-id primary-vlan-id | vpn-id vpn-id } {vlan vlan-id | port | evc evc-name } direction {up | down}

5. continuity-check

6. continuity-check {interval CC-interval }

7. end

DETAILED STEPS (COMMON CONFIGURATIONS FOR EVC, SWITCHPORT, AND ROUTED PORTS)

 
Command
Purpose

Step 1 

enable

Example:
Router> enable 

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ethernet cfm domain domain-name level level-id

Example:

PE1(config)#ethernet cfm domain L4 level 4

Defines a CFM maintenance domain at a particular maintenance Level. It sets the router into config-ecfm configuration mode, where parameters specific to the maintenance domain can be set.

Step 4 

service { short-ma-name | number MA-number | vlan-id primary-vlan-id | vpn-id vpn-id } {vlan vlan-id | port | evc evc-name } direction {up | down}

Example:

Router(config-ecfm)#service s41 evc 41 vlan 41

Configures the maintenance association and sets a universally unique ID for a customer service instance (CSI) or the maintenance association number value, primary VLAN ID and VPN ID within a maintenance domain in Ethernet connectivity fault management (CFM) configuration mode or the direction. The default value for direction is up.

Step 5 

continuity-check

Example:

Router(config-ecfm-srv)#continuity-c heck

Configures the transmission of continuity check messages (CCMs), in Ethernet connectivity fault management (CFM) service configuration mode.

Step 6 

continuity-check {interval CC-interval }

Example:

Router(config-ecfm-srv)#continuity-c heck interval 10s

Configures the per-service parameters and sets the interval at which Continuity Check Messages are transmitted.

The supported interval values are:

100ms 100 ms

10m 10 minutes

10ms 10 ms

10s 10 seconds

1m 1 minute

1s 1 second

3.3ms 3.3 ms

The default is 10seconds.

Step 7 

end

Exits the interface.

SUMMARY STEPS TO CONFIGURE CFM MEP AND MIP ON A EVC

1. enable

2. configure terminal

3. interface

4. service instance {id} ethernet {evc-name}

5. encapsulation {encapsulation-type}

6. bridge-domain {number}

7. cfm mep domain {domain-name} mpid {id}

8. cfm mip level {level}

9. cfm encapsulation

10. end

DETAILED STEPS TO CONFIGURE CFM MEP AND MIP ON A EVC

 
Command
Purpose

Step 1 

enable

Example:
Router> enable 

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface

Example:

Router(config)# interface tengigabitethernet 1/0/0

Enters the interface mode.

Step 4 

service instance {id} ethernet {evc-name}

Example:

Router(config-interface)#service instance 41 ethernet 41

Configures the service instance and the ethernet virtual connections.

Step 5 

encapsulation {encapsulation-type}

Example:

Router(config-if-srv)#encapsulation dot1q 41

Configures the encapsulation type.

Step 6 

bridge-domain {number}

Example:

Router(config-if-srv)#bridge-domain 41

Configures the bridge domain values.The default domain number is zero; this is the domain number required when communicating to IEEE bridges that do not support this domain extension.

Step 7 

cfm mep domain {domain-name} mpid {id}

Example:

Router(config-if-srv)#cfm mep domain L4 mpid 4001

Configures the MEP domain and the ID.

Step 8 

cfm mip level {level}

Example:

PE1(config-if-srv)#cfm mip level 4

Automatically creates a MIP in the Ethernet interface and sets the maintenance level number. The acceptable range
of maintenance levels is 0-7.

Step 9 

cfm encapsulation

Example:

PE1#(config-if-srv)#cfm encapsulation dot1q 100 second-dot1q 200

Configures the CFM encapsulation type.

Step 10 

end

Example:

PE1#(config-if-srv)#exit

Exits the service instance interface mode.

SUMMARY STEPS TO CONFIGURE CFM MEP AND MIP ON A SWITCH PORT

1. enable

2. configure terminal

3. interface

4. switchport

5. switchport mode {trunk}

6. ethernet cfm mep domain domain-name mpid mpid {vlan vlan-id | port}

or

7. ethernet cfm mip level {0 to 7} {vlan vlan-id }

8. end

DETAILED STEPS TO CONFIGURE CFM MEP AND MIP ON A SWITCHPORT

 
Command
Purpose

Step 1 

enable

Example:
Router> enable 

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface

Example:

Router(config)# interface tengigabitethernet 1/0/0

Enters the interface mode.

Step 4 

switchport

Example:

Router(config-interface)#switchport

Configures the Layer 3 mode into Layer 2 mode for Layer 2 configuration.

Step 5 

switchport mode {trunk}

Example:

Router(config-if)#switchport mode trunk

Configures a trunking VLAN Layer 2 interface.

Step 6 

ethernet cfm mep domain domain-name mpid mpid {vlan vlan-id | port}

Example:

Router(config-if)#ethernet cfm mep domain L4 mpid 1 vlan 41

Sets a port as internal to a maintenance domain, and defines it as a maintenance endpoint. It sets the device into config-if-ecfm-mep configuration mode, where parameters specific to the MEP can bet set.

domain-name: String, maximum length of 43 characters

mpid: 1 to 8191

vlan-id: 1 to 4094

port: a port MEP, untagged and valid only for outward direction to configure MEP with no VLAN association.

or

Step 7 

ethernet cfm mip level {0 to 7} {vlan vlan-id }

Example:

PE1(config-if)#ethernet cfm mip level 4 vlan 10

Sets a port as internal to a maintenance domain, and defines it as a maintenance intermediate point.

Step 8 

end

Example:

PE1(config-if)#end

Exits the service instance interface mode.

SUMMARY STEPS TO CONFIGURE CFM MEP ON A ROUTED PORT

1. enable

2. configure terminal

3. interface gigabitethernet

4. no ip address

5. no mls qos trust

6. ethernet cfm mep domain domain-name mpid mpid {vlan vlan-id}

7. interface gigabitethernet

8. encapsulation dot1Q vlan-id

9. end

DETAILED STEPS TO CONFIGURE CFM MEP ON A ROUTED PORT

 
Command
Purpose

Step 1 

enable

Example:
Router> enable 

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet

Example:

Router(config)# interface tengigabitethernet 1/0/0

Enters the interface mode.

Step 4 

no ip address

Example:

Router(config-interface)# no ip address

Removes the configured IP address or disables IP processing.

Step 5 

no mls qos trust

Example:

Router(config-if)#no mls qos trust

Configures the multilayer switching (MLS) quality of service (QoS) port trust state and traffic by examining the class of service (CoS) or differentiated services code point (DSCP) value. Use the no form of this command to return a port to its untrusted state.

Step 6 

ethernet cfm mep domain domain-name mpid mpid {vlan vlan-id }

Example:

Router(config-if)#ethernet cfm mep domain routed mpid 4001 vlan 4001

Sets a port as internal to a maintenance domain, and defines it as a maintenance end point. It sets the device into config-if-ecfm-mep configuration mode, where parameters specific to the MEP can be set.

domain-name: String, maximum length of 43 characters

mpid: 1 to 8191

vlan-id: 1 to 4094

Step 7 

interface gigabitethernet subinterface

Example:

Router(config)# interface tengigabitethernet subinterface 1/0/0.1

Configures the subinterface.

Step 8 

encapsulation dot1Q vlan-id

Example:

PE1(config-if)#encapsulation dot1Q vlan-id 10

Configures the IEEE 802.1Q encapsulation of traffic on a specified subinterface in a virtual LAN (VLAN) on a routed port. The acceptable range of a VLAN is from 1 to 4094.

Step 9 

end

Example:

PE1(config-if)#end

Exits the service instance interface mode.

Verification

Use the following commands to verify operation.

Command
Purpose

show ethernet cfm maintenance-points local

Displays the local maintenance points.

show ethernet cfm maintenance-points remote

Displays the remote maintenance end points.

show ethernet cfm errors

Displays all the CFM Continuity Check error conditions logged on the device.

show ethernet cfm mpdb

Displays the remote maintenance points.


The following example shows a configuration of MEP in a switchport:

ethernet cfm domain L4 level 4
service s41 evc 41 vlan 41
continuity-check
int TenGigabitEthernet2/0/0
switchport 
switchport mode trunk
ethernet cfm mep domain L4 mpid 1 vlan 41

The following example shows a configuration of MIP in a switchport:

ethernet cfm domain L4 level 4
service s41 evc 41 vlan 41
continuity-check
int TenGigabitEthernet2/0/0
switchport 
switchport mode trunk
ethernet cfm mip level 4 vlan 41

The following example shows a configuration of MEP in a EVC bridge domain:

ethernet cfm domain L4 level 4
service s41 evc 41 vlan 41
continuity-check
int TenGigabitEthernet4/0/0
service instance 41 ethernet 41
encapsulation dot1q 41
bridge-domain 41
cfm mep domain L4 mpid 4001

The following example shows a configuration of MIP in a EVC bridge domain:

ethernet cfm domain L4 level 4
service s41 evc 41 vlan 41
continuity-check
int TenGigabitEthernet4/0/0
service instance 41 ethernet 41
encapsulation dot1q 41
bridge-domain 41
cfm cfm mip level 4

The following example shows a configuration of MEP on a routed port:

ethernet cfm domain routed level 5
 service s2 evc 2 vlan 2 direction down
  continuity-check
interface GigabitEthernet8/0/0
 no ip address
 no mls qos trust
 ethernet cfm mep domain routed mpid 4001 vlan 4001
interface GigabitEthernet8/0/0.10
 encapsulation dot1Q 10

The following example shows CFM configuration over a EVC with cross connect in the global domain configuration mode:

ethernet cfm domain L6 level 6 
service xconn evc xconn 
continuity-check

The following example shows CFM configuration over a EVC with cross connect in the interface configuration mode:

ethernet cfm domain L6 level 6
 service s100 evc 100
  continuity-check
interface Port-channel10
 no ip address
 service instance 100 ethernet 100
  encapsulation dot1q 200
  xconnect 3.3.3.3 1 encapsulation mpls
  cfm mep domain L6 mpid 602
  cfm mip level 7

!

The following example shows CFM configuration on a L2VFI:

Router(config)# l2 vfi vfi2 manual evc2
Router(config-vfi)# vpn id 2
Router(config-vfi)# bridge-domain 2 vlan
Router(config-vfi)# no shut
Router(config-vfi)# neighbor 5.5.5.5 encap mpls
Router(config-vfi-neighbor)# interface vlan 2
Router(config-if)# xconnect vfi vfi2
Router(config-if)# no shut
Router(config-if)# ethernet cfm domain vik-vfi-ofm level 4
Router(config-ecfm)# service vlan-id 2 evc evc2 vlan 2 direction down
Router(config-ecfm-srv)# continuity-check
Router(config-ecfm-srv)# continuity-check interval 10s
 
   

Support for IEEE 802.1ad

Provider networks handle traffic from a large number of customers. It is important that one customer's traffic is isolated from the other customer's traffic. IEEE 802.1ad implements standard protocols for double tagging of data. The data traffic coming from the customer side are double tagged in the provider network where the inner tag is the customer-tag (C-tag) and the outer tag is the provider-tag (S-tag). The control packets are tunneled by changing the destination MAC address in the provider network.

Cisco 7600 series routers already support VLAN double tagging through a feature called QinQ. 802.1ad is the standardized version of QinQ. It also extends the support for Layer 2 Protocol Tunneling Protocol (L2PT). By offering transparent Layer 2 connectivity, the service provider does not get involved in the customer's Layer 3 network. This makes provisioning and maintenance simple, and reduces the operational cost.

Prerequisites for IEEE 802.1ad

The ethertype should be programmable per port.

Restrictions for IEEE 802.1ad

Follow these restrictions and guidelines when you configure 802.1ad:

The l2protocol forward command is available only on the main interface of switchports and L3 ports. The command is not available on the subinterfaces. All the subinterfaces on a port inherit the behavior from the main interface. The l2protocol forward command is also available on EVC service instance.

The l2protocol peer and l2protocol drop commands are not supported.

The l2protocol forward command on a main interface and on EVCs supports only cdp, dtp, vtp, stp, and dot1x.

You cannot configure Dot1ad if custom ethertype is configured on port.

802.1ad is supported on the following port types:

Port
EVC
Switchport
Layer Interfaces

C-UNI

Ethertype 0x8100

C-VLAN BPDU

Any EVCs

Ethertype 0x8100

C-VLAN BPDU

Trunk or Access

Ethertype 0x8100

C-VLAN BPDU

S-UNI

Ethertype 0x88a8

S-VLAN BPDU (Only Encapsulation default is supported)

Ethertype 0x88a8

S-VLAN BPDU

Access only

Not supported

S-NNI

Ethertype 0x88a8

S-VLAN BPDU

Any EVC

Ethertype 0x88a8

S-VLAN BPDU

Trunk

Ethertype 0x88a8

S-VLAN BPDU

Trunk


Information About IEEE 802.1ad

To configure IEEE 802.1ad support, you should understand the following concepts:

How Provider Bridges Work

Guidelines for Handling BPDU

Interoperability of QinQ and Dot1ad

How Provider Bridges Work

Provider bridges pass the network traffic of many customers, and each customer's traffic flow must be isolated from one another. For the Layer 2 protocols within customer domains to function properly, geographically separated customer sites must appear to be connected through a LAN, and the provider network must be transparent.

The IEEE has reserved 33 Layer 2 MAC addresses for customer devices operating Layer 2 protocols. If a provider bridge uses these standard MAC addresses for its Layer 2 protocols, the customers' and service provider's Layer 2 traffic will be mixed together. Provider bridges solve this traffic-mixing issue by providing Layer 2 protocol data unit (PDU) tunneling for customers using a provider bridge (S-bridge) component and a provider edge bridge (C-bridge) component. Figure 2-1 shows the topology.

Figure 2-1

Layer 2 PDU Tunneling

S-Bridge Component

The S-bridge component is capable of inserting or removing a service provider VLAN (S-VLAN) for all traffic on a particular port. IEEE 802.1ad adds a new tag called a Service tag (S-tag) to all the ingress frames from a customer to the service provider.

The VLAN in the S-tag is used for forwarding the traffic in the service provider network. Different customers use different S-VLANs, which results in each customer's traffic being isolated. In the S-tag, provider bridges use an Ethertype value that is different from the standard 802.1Q Ethertype value, and do not understand the standard Ethertype. This difference makes customer traffic tagged with the standard Ethertype appear as untagged in the provider network so customer traffic is tunneled in the port VLAN of the provider port. The 802.1ad service provider user network interfaces (S-UNIs) and network to network interfaces (NNIs) implement the S-bridge component.

For example, a VLAN tag has a VLAN ID of 1, the C-tag Ethertype value is 8100 0001, the S-tag Ethertype value is 88A8 0001, and the class of service (CoS) is zero.

C-tag S-tag 
------------------------------------------------------- 
-----------------------------------------------
0x8100 | Priority bits | CFI | C-VLAN-ID 0x88A8 | Priority bits | 0 | S-VLAN-ID 
------------------------------------------------------- 
-----------------------------------------------

C-Bridge Component

All the C-VLANs entering on a UNI port in an S-bridge component are provided the same service (marked with the same S-VLAN). Although, C-VLAN components are not supported, a customer may want to tag a particular C-VLAN packet separately to differentiate between services. Provider bridges allow C-VLAN packet tagging with a provider edge bridge, called the C-bridge component of the provider bridge. C-bridge components are C-VLAN aware and can insert or remove a C-VLAN 802.1Q tag. The C-bridge UNI port is capable of identifying the customer 802.1Q tag and inserting or removing an S-tag on the packet on a per service instance or C-VLAN basis. A C-VLAN tagged service instance allows service instance selection and identification by C-VLAN. The 802.1ad customer user network interfaces (C-UNIs) implement the C-component.

MAC Addresses for Layer 2 Protocols

Customers' Layer 2 PDUs received by a provider bridge are not forwarded, so Layer 2 protocols running in customer sites do not know the complete network topology. By using a different set of addresses for the Layer 2 protocols running in provider bridges, IEEE 802.1ad causes customers' Layer 2 PDUs entering the provider bridge to appear as unknown multicast traffic and forwards it on customer ports (on the same S-VLAN). Customers' Layer 2 protocols can then run transparently.

Table 2-4 shows the Layer 2 MAC addresses reserved for the C-VLAN component.

Table 2-4 Reserved Layer 2 MAC Addresses for a C-VLAN Component

Assignment
Value

Bridge Group Address

01-80-c2-00-00-00

IEEE Std 802.3 Full Duplex PAUSE operation

01-80-c2-00-00-01

IEEE Std. 802.3 Slow_Protocols_Multicast address

01-80-c2-00-00-02

IEEE Std. 802.1X PAE address

01-80-c2-00-00-03

Reserved for future standardization - media access method-specific

01-80-c2-00-00-04

Reserved for future standardization - media access method- specific

01-80-c2-00-00-05

Reserved for future standardization

01-80-c2-00-00-06

Reserved for future standardization

01-80-c2-00-00-07

Provider Bridge Group Address

01-80-c2-00-00-08

Reserved for future standardization

01-80-c2-00-00-09

Reserved for future standardization

01-80-c2-00-00-0a

Reserved for future standardization

01-80-c2-00-00-0b

Reserved for future standardization

01-80-c2-00-00-0c

Provider Bridge GVRP Address

01-80-c2-00-00-0d

IEEE Std. 802.1AB Link Layer Discovery Protocol multicast address

01-80-c2-00-00-0e

Reserved for future standardization

01-80-c2-00-00-0f


Table 2-5 shows the Layer 2 MAC addresses reserved for an S-VLAN component. These addresses are a subset of the C-VLAN component addresses, and the C-bridge does not forward the provider's bridge protocol data units (BPDUs) to a customer network.

Table 2-5 Reserved Layer 2 MAC Addresses for an S-VLAN Component

Assignment
Value

IEEE Std 802.3 Full Duplex PAUSE operation

01-80-c2-00-00-01

IEEE Std. 802.3 Slow_Protocols_Multicast address

01-80-c2-00-00-02

IEEE Std. 802.1X PAE address

01-80-c2-00-00-03

Reserved for future standardization - media access method specific

01-80-c2-00-00-04

Reserved for future standardization - media access method specific

01-80-c2-00-00-05

Reserved for future standardization

01-80-c2-00-00-06

Reserved for future standardization

01-80-c2-00-00-07

Provider Bridge Group Address

01-80-c2-00-00-08

Reserved for future standardization

01-80-c2-00-00-09

Reserved for future standardization

01-80-c2-00-00-0a


Guidelines for Handling BPDU

The general BPDU guidelines are listed here:

UNI-C Ports

The guidelines pertaining to UNI-C ports are:

VLAN-aware L2 protocols can be peered, tunneled, or dropped.

Port L2 protocols can either be peered or dropped. They cannot be tunneled.

Table 2-6 shows the Layer 2 PDU destination MAC addresses for customer-facing C-bridge UNI ports, and how frames are processed.

Table 2-6 Layer 2 PDU Destination MAC Addresses for Customer-Facing C-Bridge UNI Ports

Assignment
Protocol
Significance on C-UNI Port
Default Action

01-80-C2-00-00-00

Bridge Group Address (End-to-End BPDUs)

BPDU

Peer

01-80-C2-00-00-01

802.3X Pause Protocol

BPDU

Drop

01-80-C2-00-00-02

Slow Protocol address: 802.3ad LACP, 802.3ah OAM, CDP Pagp, VTP, DTP, UDLD

BPDU

Peer

01-80-C2-00-00-03

802.1X

BPDU

May peer

01-80-C2-00-00-04

Reserved for future media access method

None

Drop

01-80-C2-00-00-05

Reserved for future media access method

None

Drop

01-80-C2-00-00-06

Reserved for future bridge use

None

Drop

01-80-C2-00-00-07

Reserved for future bridge use

None

Drop

01-80-C2-00-00-08

Provider STP (BPDU)

None

Drop

01-80-C2-00-00-09

Reserved for future bridge use

None

Drop

01-80-C2-00-00-0A

Reserved for future bridge use

None

Drop

01-80-C2-00-000-0B

Reserved for future S-bridge purpose

None

Drop

01-80-C2-00-00-0C

Reserved for future S-bridge purpose

None

Drop

01-80-C2-00-00-0D

Provider Bridge GVRP address

None

Drop

01-80-C2-00-00-0E

802.1ab-LLDP

BPDU

May peer

01-80-C2-00-00-0F

Reserved for future C-bridge or Q-bridge use

None

Drop

01-80-C2-00-00-10

All bridge addresses

Read Data

Snoop if implemented. Else, discard

01-80-C2-00-00-20

GMRP

Data/BPDU

May peer

01-80-C2-00-00-21

GVRP

Data/BPDU

May peer

01-80-C2-00-00-22 - 2F

Other GARP addresses

Data/BPDU

May peer

01-00-0C-CC-CC-CC

Cisco's CDP DTP VTP PagP UDLD (End-to-End)

BPDU

Peer

01-00-0C-CC-CC-CD

Cisco's PVST(End-to-End)

BPDU

May peer


UNI-S Ports

The guidelines pertaining to UNI-S ports are:

Packets with C-Bridge addresses (00 - 0F) that are not part of S-Bridge addresses (01 - 0A) are treated as data packet (tunneled).

VLAN-aware L2 protocols cannot be peered because the port is not C-VLAN aware. They can only be tunneled or dropped.

Port L2 protocols can be peered, tunneled, or dropped.

Table 2-7 shows the Layer 2 PDU destination MAC addresses for customer-facing S-bridge UNI ports, and how frames are processed.

Table 2-7 Layer 2 PDU Destination MAC Addresses for Customer-Facing S-Bridge UNI Ports

Assignment
Protocol
Significance on S-UNI Port
Default Action

01-80-C2-00-00-00

Bridge Group Address (BPDUs)

Data

Data

01-80-C2-00-00-01

802.3X Pause Protocol

BPDU

Drop

01-80-C2-00-00-02

Slow Protocol address: 802.3ad LACP, 802.3ah

BPDU

Peer

01-80-C2-00-00-03

802.1X

BPDU

Peer

01-80-C2-00-00-04

Reserved for future media access method

BPDU

Drop

01-80-C2-00-00-05

Reserved for future media access method

BPDU

Drop

01-80-C2-00-00-06

Reserved for future bridge use

BPDU

Drop

01-80-C2-00-00-07

Reserved for future bridge use

BPDU

Drop

01-80-C2-00-00-08

Provider STP (BPDU)

BPDU

Drop (peer on NNI)

01-80-C2-00-00-09

Reserved for future bridge use

BPDU

Drop

01-80-C2-00-00-0A

Reserved for future bridge use

BPDU

Drop

01-80-C2-00-00-0B

Reserved for future bridge use

Data if not implemented

Drop

01-80-C2-00-00-0C

Reserved for future bridge use

Data if not implemented

Treat as data until implemented

01-80-C2-00-00-0D

Reserved for future GVRP address

Data if not implemented

Treat as data until implemented

01-80-C2-00-00-0E

802.1ab-LLDP

BPDU

May peer

01-80-C2-00-00-0F

Reserved for future C-bridge or Q-bridge use

Data

Data

01-80-C2-00-00-10

All bridge addresses

Data

Data

01-80-C2-00-00-20

GMRP

Data

Data

01-80-C2-00-00-21

GVRP

Data

Data

01-80-C2-00-00-22 - 2F

Other GARP addresses

Data

Data

01-00-0C-CC-CC-CC

Cisco's CDP DTP VTP PagP UDLD

Data

Data

01-00-0C-CC-CC-CD

Cisco's PVST

Data

Data


NNI Ports

The Dot1add NNI ports behave in the same way as the customer facing S-bridge ports, with the following exceptions:

On NNI ports, frames received with DA 01-80-C2-00-00-08 contain STP BPDU. The frames are received and transmitted. On S-UNI ports, any such frames that are received are dropped, and none are sent.

On NNI ports, frames received with DA 01-80-C2-00-00-02 include CDP Pagp, VTP, DTP, and UDLD protocols.

7600 Action Table

Table 2-8 lists the actions performed on a packet when the packet is received with a specified destination MAC address.

Table 2-8 7600 Action Table

MAC Address
Protocol
C-UNI Action
S-UNI Action
NNI Action

01-80-C2-00-00-00

Bridge Group Address (BPDUs)

Peer

Data

Data

01-80-C2-00-00-01

802.3X Pause Protocol

Drop

Drop

Drop

01-80-C2-00-00-02

Slow Protocol address: 802.3ad LACP, 802.3ah

Peer

Peer

Peer

01-80-C2-00-00-03

802.1X

May peer

May peer

May peer

01-80-C2-00-00-04

Reserved

Drop

Drop

Drop

01-80-C2-00-00-05

Reserved

Drop

Drop

Drop

01-80-C2-00-00-06

Reserved

Drop

Drop

Drop

01-80-C2-00-00-07

Reserved

Drop

Drop

Drop

01-80-C2-00-00-08

Provider STP (BPDU)

Drop

Drop

Peer

01-80-C2-00-00-09

Reserved for future bridge use

Drop

Drop

Drop

01-80-C2-00-00-0A

Reserved for future bridge use

Drop

Drop

Drop

01-80-C2-00-00-0B

Reserved for future bridge use

Drop

Data

Data

01-80-C2-00-00-0C

Reserved for future bridge use

Drop

Data

Data

01-80-C2-00-00-0D

Reserved for future GVRP address

Drop

Data

Data

01-80-C2-00-00-0E

802.1ab-LLDP

May peer

Data

Data

01-80-C2-00-00-0F

Reserved for future C-bridge or Q-bridge use

Drop

Data

Data

01-80-C2-00-00-10

All bridge addresses

Snoop if implemented. Else drop

Data

Data

01-80-C2-00-00-20

GMRP

May peer

Data

Data

01-80-C2-00-00-21

GVRP

May peer

Data

Data

01-80-C2-00-00-22 - 2F

Other GARP addresses

May peer

Data

Data

01-00-0C-CC-CC-CC

Cisco's CDP DTP VTP PagP UDLD

Peer

Data

Data

01-00-0C-CC-CC-CD

Cisco's PVST

May peer

Data

Data


Interoperability of QinQ and Dot1ad

The interoperability of QinQ and Dot1ad network enables the exchange of data frames between the networks. The 802.1Q network outer tag VLANs are mapped to the provider S-VLANs of the 802.1ad network.

Figure 2-2 illustrates the interoperability of a Dot1ad network and a QinQ network.

Figure 2-2

Interoperability of Dot1ad Network and a QinQ Network

How to Configure IEEE 802.1ad

This section contains the information about following procedures:

Configuring a Switchport

Configuring a Layer 2 Protocol Forward

Configuring a Switchport for Translating QinQ to 802.1ad

Configuring a Switchport (L2PT)

Configuring a Customer-Facing UNI-C Port with EVC

Configuring a Customer-Facing UNI-C Port and Switchport on NNI with EVC

Configuring a Customer-Facing UNI-S Port with EVC

Configuring a Layer 3 Termination

Displaying a Dot1ad Configuration

Configuring a Switchport

A switchport can be configured as a UNI-C port, UNI-S port, or NNI port.

UNI-C Port

A UNI-C port can be configured as either a trunk port or an access port. Perform the following tasks to configure a UNI-C port as an access port for 802.1ad.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. switchport

6. switchport mode {access | trunk}

7. switchport access vlan vlan-id

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router# interface gigabitethernet 2/1

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni c-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-C port.

Step 5 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 6 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode access

Sets the interface type. In this example, it is Access.

Step 7 

switchport access vlan vlan-id

Example:

router(config-if)# switchport access 1000

Sets the VLAN when an interface is in access mode. In this example, the VLAN is set to 1000.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Perform the following tasks to configure a UNI-C port as a trunk port for 802.1ad.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. switchport

6. switchport mode {access | trunk}

7. switchport trunk allowed vlan vlan-list

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router# interface gigabitethernet 2/1

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni c-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-C port.

Step 5 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 6 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode trunk

Sets the interface type. In this example, it is Trunk.

Step 7 

switchport trunk allowed vlan vlan-list

Example:

router(config-if)# switchport trunk allowed vlan 1000, 2000

Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

UNI-S Port

On a UNI-S port, all the customer VLANs that enter are provided with the same service. The port allows only access configuration. In this mode, the customer's port is configured as a trunk port. Therefore, the traffic entering the UNI-S port is tagged traffic.

Perform the following tasks to configure a UNI-S port as an access port for 802.1ad.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. switchport

5. switchport mode {access | trunk}

6. ethernet dot1ad {nni | uni {c-port | s-port}}

7. switchport access vlan vlan-id

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router# interface gigabitethernet 2/1

Configures an interface.

Step 4 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 5 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode access

Sets the interface type. In this example, it is Access.

Step 6 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni s-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-S port.

Step 7 

switchport access vlan vlan-id

Example:

router(config-if)# switchport access 999

Sets the VLAN when an interface is in access mode. In this example, the VLAN is set to 999.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

NNI Port

NNI port allows only trunk configuration. On an NNI port, the frames received on all the allowed VLANs are bridged to the respective internal VLANs.

Perform the following tasks to configure an NNI port as a trunk port for 802.1ad.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. switchport

5. switchport mode {access | trunk}

6. ethernet dot1ad {nni | uni {c-port | s-port}}

7. switchport trunk allowed vlan vlan-list

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router# interface gigabitethernet 2/1

Configures an interface.

Step 4 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 5 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode trunk

Sets the interface type. In this example, it is Trunk.

Step 6 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad nni

Configures a dot1ad NNI port or UNI port. In this example, it is an NNI.

Step 7 

switchport trunk allowed vlan vlan-list

Example:

router(config-if)# switchport trunk allowed vlan 999

Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to configure a UNI-C port as an access port. In this example, all the frames that are received are bridged to one internal VLAN 1000. The transmitted frames do not have the access VLAN Dot1q tag.

router# configure terminal
router(config)#interface gig2/1
router(config-if)#ethernet dot1ad uni c-port
router(config-if)#switchport
router(config-if)#switchport mode access 
router(config-if)#switchport access vlan 1000
 
   

The following example shows how to configure a UNI-C port as a trunk port. In this example, all the frames that are received on all allowed VLANs (1000 and 2000) are bridged to the respective internal VLANs. The transmitted frames have the respective internal VLAN Dot1q tag.

router# configure terminal
router(config)# interface gig2/1
router(config-if)# ethernet dot1ad uni c-port
router(config-if)# switchport
router(config-if)# switchport mode trunk 
router(config-if)# switchport access vlan 1000, 2000

The following example shows how to configure a UNI-S port. In this example, all the frames that are received are bridged to one internal VLAN (999). The transmitted frames do not have the access VLAN Dot1q tag.

router# configure terminal
router(config)#interface gig2/1
router(config-if)#switchport
router(config-if)#switchport mode access 
router(config-if)#ethernet dot1ad uni s-port
router(config-if)#switchport access vlan 999
 
   

The following example shows how to configure an NNI port. Only trunk configuration is allowed on an NNI port. In this example, all the frames that are received on all the allowed VLANs (999) are bridged to the respective internal VLANs. The transmitted frames have the respective internal VLAN Dot1q tag.

router# configure terminal
router(config)#interface gig2/1
router(config-if)#switchport
router(config-if)#switchport mode trunk 
router(config-if)#ethernet dot1ad nni
router(config-if)#switchport trunk allowed vlan 999

The following example shows how to configure Dot1ad on an SVI:

router# configure terminal
router(config)#interface gig2/1
router(config-if)#ethernet dot1ad nni
router(config-if)#switchport
router(config-if)#switchport mode trunk 
router(config-if)#switchport trunk allowed vlan 999 
router(config)#interface vlan 999 
router(config-if)#ip address 1.2.3.4 255.255.0.0

Configuring a Layer 2 Protocol Forward

Perform the following tasks to configure the Layer 2 protocol forward:

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. switchport access valn vlan-id

5. ethernet dot1ad {nni | uni {c-port | s-port}}

6. l2protocol [ forward] [protocol]

7. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 3/0

Configures an interface.

Step 4 

switchport access vlan vlan-id

Example:

router(config)# switchport access vlan 500

Sets the VLAN when an interface is in access mode.

Step 5 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni s-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI S-port.

Step 6 

l2 protocol [forward] [protocol]

Example:

router(config-if)# l2 protocol forward vtp

Processes or forwards the Layer 2 BPDUs. In this example, all the BPDUs are forwarded except VTP PDUs.

Step 7 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to configure a Layer 2 protocol forward:

router# configure terminal
router(config)#interface gig3/0
router(config-if)#switchport access vlan 500
router(config-if)#ethernet dot1ad uni s-port
router(config-if)#l2protocol forward vtp

Configuring a Switchport for Translating QinQ to 802.1ad

Translating a QinQ port to 802.1ad involves configuring the port connecting to QinQ port and NNI port.

Perform the following tasks to configure a port connecting to the QinQ port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. switchport mode {access | trunk}

5. switchport trunk allowed vlan vlan-list

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router# interface gigabitethernet 1/1

Configures an interface.

Step 4 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode trunk

Sets the interface type. In this example, it is Trunk.

Step 5 

switchport trunk allowed vlan vlan-list

Example:

router(config-if)# switchport trunk allowed vlan 1000

Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

Step 6 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Perform the following tasks to configure an NNI port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. switchport

6. switchport mode {access | trunk}

7. switchport trunk allowed vlan vlan-list

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router# interface gigabitethernet 4/1

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad nni

Configures a dot1ad NNI port or UNI port. In this example, it is an NNI.

Step 5 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 6 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode trunk

Sets the interface type. In this example, it is Trunk.

Step 7 

switchport trunk allowed vlan vlan-list

Example:

router(config-if)# switchport trunk allowed vlan 999-1199

Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to translate a QinQ port to 802.1ad. In this example, the peer router to gig1/1 multiplexes various customer VLANs into VLAN 1000.

router# configure terminal
router(config)#interface gig1/1
router(config-if)#switchport mode trunk 
router(config-if)#switchport trunk allowed vlan 1000
 
   
router# configure terminal
router(config)#interface gig4/0
router(config-if)#ethernet dot1ad nni
router(config-if)#switchport
router(config-if)#switchport mode trunk 
router(config-if)#switchport trunk allowed vlan 1000,1199

Configuring a Switchport (L2PT)

Configuring the switchport for L2PT is required to tunnel the STP packets from a customer on the dot1ad network to a customer on the QinQ network.

Perform the following tasks to configure the port connecting to the customer.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. switchport

5. ethernet dot1ad {nni | uni {c-port | s-port}}

6. no l2 protocol [peer | forward] [protocol]

7. l2protocol-tunnel [cdp | stp | vtp]

8. switchport mode {access | trunk}

9. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 2/1

Configures an interface.

Step 4 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 5 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni s-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI S-port.

Step 6 

no l2 protocol [peer | forward] [protocol]

Example:

router(config-if)# no l2 protocol forward

Disables L2 protocol forwarding.

Step 7 

l2protocol-tunnel [cdp | stp | vtp]

Example:

router(config-if)# l2protocol-tunnel stp

Enables protocol tunneling for STP.

Step 8 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode trunk

Sets the interface type. In this example, it is Trunk.

Step 9 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Perform the following tasks to configure an NNI port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. switchport

5. ethernet dot1ad {nni | uni {c-port | s-port}}

6. switchport mode {access | trunk}

7. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 2/1

Configures an interface.

Step 4 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 5 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad nni

Configures a dot1ad NNI or UNI port. In this example, it is an NNI.

Step 6 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode trunk

Sets the interface type. In this example, it is Trunk.

Step 7 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to tunnel the STP packets from a customer on the Dot1ad network to a customer on a QinQ network:

router# configure terminal
router(config)#interface gig1/0
router(config-if)#switchport
router(config-if)#ethernet dot1ad uni s-port
router(config-if)#no l2protocol forward
router(config-if)#l2protocol-tunnel stp 
router(config-if)#switchport mode access
router# configure terminal
router(config)#interface gig4/0
router(config-if)#switchport
router(config-if)#ethernet dot1ad nni
router(config-if)#switchport mode trunk 

Configuring a Customer-Facing UNI-C Port with EVC

Perform the following tasks to configure a UNI-C port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. service instance id service-type

6. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

7. bridge-domain vlan-id

8. service instance id service-type

9. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

10. bridge-domain vlan-id

11. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 2/1

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni c-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI C port.

Step 5 

service instance id service-type

Example:

router(config-if)# service instance 1 ethernet

Configures an Ethernet service instance. In this example, the service instance is 1.

Step 6 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 1-100

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 7 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 1000

Binds a service instance or a MAC tunnel to a bridge domain.

Step 8 

service instance id service-type

Example:

router(config-if)# service instance 2 ethernet

Configures an Ethernet service instance. In this example, the service instance is 2.

Step 9 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 102-4094

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 10 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 500

Binds a service instance or a MAC tunnel to a bridge domain.

Step 11 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Perform the following tasks to configure an NNI port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. service instance id service-type

6. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

7. rewrite ingress tag pop 1 symmetric

8. bridge-domain vlan-id

9. service instance id service-type

10. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

11. rewrite ingress tag pop 1 symmetric

12. bridge-domain vlan-id

13. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 2/1

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni c-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI C port.

Step 5 

service instance id service-type

Example:

router(config-if)# service instance 1 ethernet

Configures an Ethernet service instance. In this example, the service instance is 1.

Step 6 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 1000 second-dot1q 1-100

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 7 

rewrite ingress tag pop 1 symmetric

Example:

router(config-if)# rewrite ingress tag pop 1 symmetric

Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.

Step 8 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 1000

Binds a service instance or a MAC tunnel to a bridge domain.

Step 9 

service instance id service-type

Example:

router(config-if)# service instance 2 ethernet

Configures an Ethernet service instance. In this example, the service instance is 2.

Step 10 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 500 second-dot1q 102-4904

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 11 

rewrite ingress tag pop 1 symmetric

Example:

router(config-if)# rewrite ingress tag pop 1 symmetric

Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.

Step 12 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 500

Binds a service instance or a MAC tunnel to a bridge domain.

Step 13 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to configure a customer-facing UNI port. In this example, a dot1q frame coming on VLAN 50 matches service instance 1, and on the ingress port, the rewrite command pushes the 1000 outer-vlan.

router# configure terminal
router(config)#interface gig1/1
router(config-if)#ethernet dot1ad uni c-port
router(config-if)#service instance 1 ethernet
router(config-if)#encapsulation dot1q 1-100
router(config-if)#bridge-domain 1000 
router(config-if)#service instance 2 ethernet 
router(config-if)#encapsulation dot1q 102-4904 
router(config-if)#bridge-domain 500 

router# configure terminal
router(config)#interface gig4/1
router(config-if)#ethernet dot1ad nni
router(config-if)#service instance 1 ethernet
router(config-if)#encapsulation dot1q 1000 second dot1q 1-100
router(config-if)#rewrite ingress tag pop 1 symmetric  
router(config-if)#bridge-domain 1000 
router(config-if)#service instance 2ethernet
router(config-if)#encapsulation dot1q 500 second dot1q 102-4904
router(config-if)#rewrite ingress tag pop 1 symmetric  
router(config-if)#bridge-domain 500

Configuring a Customer-Facing UNI-C Port and Switchport on NNI with EVC

Perform the following tasks to configure a UNI-C port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. service instance id service-type

6. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

7. bridge-domain vlan-id

8. service instance id service-type

9. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

10. bridge-domain vlan-id

11. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 2/1

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni c-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI C port.

Step 5 

service instance id service-type

Example:

router(config-if)# service instance 1 ethernet

Configures an Ethernet service instance. In this example, the service instance is 1.

Step 6 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 1-100

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 7 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 1000

Binds a service instance or a MAC tunnel to a bridge domain.

Step 8 

service instance id service-type

Example:

router(config-if)# service instance 2 ethernet

Configures an Ethernet service instance. In this example, the service instance is 2.

Step 9 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 102-4094

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 10 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 500

Binds a service instance or a MAC tunnel to a bridge domain.

Step 11 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Perform the following tasks to configure an NNI port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. switchport

6. switchport mode {access | trunk}

7. switchport trunk allowed vlan vlan-list

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router# interface gigabitethernet 4/1

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad nni

Configures a dot1ad NNI port or UNI port. In this example, it is an NNI.

Step 5 

switchport

Example:

router(config-if)# switchport

Put the interface into Layer 2 mode.

Step 6 

switchport mode {access | trunk}

Example:

router(config-if)# switchport mode trunk

Sets the interface type. In this example, it is Trunk.

Step 7 

switchport trunk allowed vlan vlan-list

Example:

router(config-if)# switchport trunk allowed vlan 1000-500

Sets the list of allowed VLANs that transmit traffic from this interface in tagged format when in trunking mode.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to configure a customer-facing UNI-C port and switchport on NNI with EVC:

router# configure terminal
router(config)#interface gig1/1
router(config-if)#ethernet dot1ad uni c-port
router(config-if)#service instance 1 ethernet
router(config-if)#encapsulation dot1q 1-100
router(config-if)#bridge-domain 1000 
router(config-if)#service instance 2 ethernet 
router(config-if)#encapsulation dot1q 102-4904 
router(config-if)#bridge-domain 500 

router# configure terminal
router(config)#interface gig4/0
router(config-if)#switchport 
router(config-if)#ethernet dot1ad uni 
router(config-if)#switchport mode trunk 
router(config-if)#switchport allowed vlan 1000,500

Configuring a Customer-Facing UNI-S Port with EVC

Perform the following tasks to configure a UNI-S port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. service instance id service-type

5. ethernet dot1ad {nni | uni {c-port | s-port}}

6. encapsulation default

7. bridge-domain vlan-id

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 2/1

Configures an interface.

Step 4 

service instance id service-type

Example:

router(config-if)# service instance 1 ethernet

Configures an Ethernet service instance. In this example, the service instance is 1.

Step 5 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni s-port

Configures a dot1ad NNI port or UNI port. In this example, it is a UNI-S port.

Step 6 

encapsulation default

Example:

router(config-if)# encapsulation default

Configures the default service instance on a port. Anything that does not meet the criteria of other service instances on the same physical interface falls into this service instance.

Step 7 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 1000

Binds a service instance or a MAC tunnel to a bridge domain.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Perform the following tasks to configure an NNI port.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. service instance id service-type

5. ethernet dot1ad {nni | uni {c-port | s-port}}

6. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

7. rewrite ingress tag pop 1 symmetric

8. bridge-domain vlan-id

9. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 2/1

Configures an interface.

Step 4 

service instance id service-type

Example:

router(config-if)# service instance 1 ethernet

Configures an Ethernet service instance. In this example, the service instance is 1.

Step 5 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad uni c-port

Configures a dot1ad NNI or UNI port. In this example, it is a UNI C port.

Step 6 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 1000 second-dot1q 1-100

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 7 

rewrite ingress tag pop 1 symmetric

Example:

router(config-if)# rewrite ingress tag pop 1 symmetric

Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.

Step 8 

bridge-domain vlan-id

Example:

router(config-if)# bridge-domain 1000

Binds a service instance or a MAC tunnel to a bridge domain.

Step 9 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to configure an NNI port:

router# configure terminal
router(config)#interface gig1/1
router(config-if)#service instance 1 ethernet
router(config-if)#ethernet dot1ad nni
router(config-if)#encapsulation dot1q 1000
router(config-if)#rewrite ingress tag pop 1 symmetric  
router(config-if)#bridge-domain 1000

Configuring a Layer 3 Termination

Perform the following tasks to configure a Layer 3 termination.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ethernet dot1ad {nni | uni {c-port | s-port}}

5. interface type number

6. encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

7. ip address ip-address mask

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

router> enable

Enables privileged EXEC mode.

Step 2 

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

router(config)# interface gigabitethernet 3/0

Configures an interface.

Step 4 

ethernet dot1ad {nni | uni {c-port | s-port}}

Example:

router(config-if)# ethernet dot1ad nni

Configures a dot1ad NNI or UNI port. In this example, it is an NNI port.

Step 5 

interface type number

Example:

router(config)# interface gigabitethernet 3/0/.1

Configures an interface.

Step 6 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id} [native]

Example:

router(config-if)# encapsulation dot1q 10 second-dot1q 10

Enables IEEE 802.1Q encapsulation of traffic on a specified subinterface in a VLAN.

Step 7 

ip address

Example:

router(config-if)# ip address 1.2.3.4 255.255.0.0

Sets a primary or secondary IP address for an interface.

Step 8 

end

Example:

router(config-if)# end

Returns the CLI to privileged EXEC mode.

Examples

The following example shows how to configure a Layer 3 termination. Note that Layer 3 is supported only on trunk interfaces.

router# configure terminal
router(config)#interface gig3/0
router(config-if)#ethernet dot1ad nni
router(config)#interface gig3/0/0.1
router(config-if)#encapsulation dot1q 10 second dot1q 10
router(config-if)#ip address 1.2.3.4 255.255.0.0

The following example shows how to configure a Layer 3 termination on an SVI:

router# configure terminal
router(config)#interface gig4/1
router(config-if)#ethernet dot1ad nni
router(config-if)#service instance 1 ethernet
router(config-if)#encapsulation dot1q 200 second dot1q 300
router(config-if)#rewrite ingress tag pop 2 symmetric  
router(config-if)#bridge-domain 50 
router(config-if)#service instance 2 ethernet
router(config-if)#encapsulation dot1q 300 
router(config-if)#rewrite ingress tag pop 1 symmetric  
router(config-if)#bridge-domain 60
 
   
router(config)#interface vlan 50
router(config-if)#ip address 2.3.4.5 255.255.0.0
router(config)#interface vlan 60
router(config-if)#ip address 3.4.5.6 255.255.0.0

Displaying a Dot1ad Configuration

You can display a Dot1ad configuration using the show ethernet dot1ad command. This command displays the Dot1ad configuration for all interfaces. To display the configuration on a particular interface, use the show ethernet dot1ad interface command.

The following example shows how to display a Dot1ad configuration on all interfaces:

router# show ethernet dot1ad
Interface: GigabitEthernet4/0/1
DOT1AD C-Bridge Port
L2protocol pass cdp stp vtp dtp pagp dot1x lacp
 
   
Interface: GigabitEthernet4/0/2
DOT1AD C-Bridge Port
L2protocol pass cdp stp vtp dtp pagp dot1x lacp

Troubleshooting Dot1ad

The following section describes how to troubleshoot Dot1ad.


Note The show commands in these examples should be run from a line card console.


How do I verify the Dot1ad configuration on a switchport on an X40G card?

Run the following command to verify the Dot1ad configuration:

XYZ-PE1-dfc1#show platform npc switchport interface gi 1/2
 [GigabitEthernet1/2]
        status [valid, -, applied, enabled]
        src_index [0x1]
        rpcb [0x178BB9C4]
        xlif_id [4097]
        xlif_handle [type:[3] hwidb:[0x20E97F08] if_number:[1121]]
        ft_bits [0x2]
        ing_ctrl_ft_bits [0x2]
        egr_ctrl_ft_bits [0x2]
        port vlan [1]
        mode ingress [NORMAL] egress [NORMAL]
        dot1q_tunnel [No]
        native tagging [No]
        PVLAN isolated or community [No] promiscuous [No]
        ingress vlan-translation [No] BPDU [No]
        egress  vlan-translation [No] BPDU [No]
        dot1ad [Yes] <<<<<<<<<<<<
        ethertype [0x88A8] <<<<<<<<<<<
        Ingress Stat ID: 778698
        Egress Stat ID: 778700
        VLAN List:
        1    
        num of vlans [1]
	    XYZ-PE1-dfc1#
 
   

How do I verify the Dot1ad configuration on the ports with EVCs on an X40G card?

Run the following command to verify the Dot1ad configuration:

XYZ-PE1-dfc1#show platform npc xlif interface gi 1/2 efp 1
EFP XLIF(GigabitEthernet1/2, efp1)[np0] = 4136
 
   
 Ingress XLIF table fields
 
   
 Feature common enable:  0x1
 Feature enable:         0x1
 Feature bits:           0x1
 Control common bits:    0x0
 Control feature bits:   0x0
 Control rewrite opcode: 0x0
 Reserved 1:             0x0
 Match cond              0x1
 Entry valid:            0x1
 Dbus VLAN:              30      
 QoS policy ID:          0       
 ACL ID:                 0       
 Statistics ID:          450976  
 Inner rewrite VLAN:     0       
 Outer rewrite VLAN:     0       
 QoS flow ID:            0       
 Feature data: 00000000 40000000 AAA80000 E0000829
 EFP admin down state  0x0
----- Bridge data ------
 layer2_acl_index:           0x00000000
 evc_feat_data.ip_src_guard     : 0x0
 evc_feat_data.mst_evc          : 0x1
 evc_feat_data.layer2_acl       : 0x0
 EVC - Mac Security:     0x0
 evc_feat_data.sacl       : 0x0
 evc_feat_data.layer2_acl_statid: 0       
 PDT: 0xAAA8
 ipsg_label: 0       
 block_data: 0x0
 block_l2bpdu: 0x0
 split_h: 0x0
 imp_ltl: 0x0829
 EFP dot1ad port type 0x3       <<<<<<<<
 EFP CDP forward 0x1		  <<<<<<<< 	
 EFP DTP forward 0x0
 EFP VTP forward 0x0
 EFP STP forward 0x0
 EFP DOT1X forward 0x0
 
   
 Egress XLIF table fields
 
   
 Feature common enable:  0x1
 Feature enable:         0x1
 Feature bits:           0x01
 Control common bits:    0x00
 Control feature bits:   0x00
 Control rewrite opcode: 0x00
 Port:                   0x1
 Match cond              0x1
 Entry valid:            0x1
 Dbus VLAN:              30      
 QoS policy ID:          0       
 ACL ID:                 0       
 Statistics ID:          450980  
 Inner rewrite VLAN:     0       
 Outer rewrite VLAN:     0       
 QoS flow ID:            0       
 IP Session en :         0       
 Multicast  en :         0       
 Feature data 0          0x00000000
 Intf etype:             0x00008064
 Post Filter Opcode      0x00000008
 Pre Filter Opcode       0x00000000
 Pre Tag Outer           0x00000000
 Pre Tag Inner           0x00000000
 Post Filter Vlan high   0x00000064
 Post Filter Vlan low    0x00000064
 Post Filter Vlan outer  0x00000000
 EVC - MST:              0x1
 EVC etype               0x8100
 CFM MEP Level           0x00000008
 CFM MIP Level           0x00000008
 CFM disable             0x0
 MIP filtering           0x0
 block_data: 			           0x0
 block_l2bpdu:           0x0
 sacl:                   0x0
 sacl index:             0x0000
 sacl statid:            0x00000
XYZ-PE1-dfc1#  
XYZ-PE1-dfc1#
 
   

How do I verify the L2protocol forwarding on a regular L3 switchports?

Run the following command to verify the L2protocol forwarding:

XYZ-PE1-dfc1# show platform npc xlif 0 port_sram 1
 
   
........................
 
   
 dot1ad port type:      0x0002  <<<<<<<<<
 l2proto cdp fwd:       0x0001  <<<<<<<<<
 l2proto dtp fwd:       0x0000
 l2proto vtp fwd:       0x0000
 l2proto stp fwd:       0x0000
 l2proto dot1x fwd:     0x0000
 
   
          ..............................................
 
   

How do I verify the Dot1ad configuration on ES20 cards?

For switchports, run the following command:

XYZ-PE1-dfc1#show platform hardware dot1ad l2protocfg port <port-num>

For EVCs, run the following command:

XYZ-PE1-dfc1# show platform soft efp-client interface gi x/0/y efp-id l2protocfg

To display the default values, run the following commands:

XYZ-PE1-dfc1#show platform hardware dot1ad l2protocfg defaults ?
  <0-2>  0=c-uni, 1=s-uni, 2=nni
 
   
XYZ-PE1-dfc1#show platform hardware dot1ad l2protocfg defaults 0 ?
  <0-2>  0=L3, 1=BD, 2=XCON
 
   
XYZ-PE1-dfc1#show platform hardware dot1ad l2protocfg defaults 0 2  
Raw Data :000FFF77 FFFCFF51
 L2 Proto Configs : 
  Protocol         IEEE       CISCO 
 ------------------------------------
    CDP       :    FRWD       FRWD
    VTP       :    FRWD       FRWD
    DTP       :    FRWD       FRWD
   Others     :    PEER       PEER
 
   
 802.1d protocols : 01:80:C2:00:00:XX
 
   
 XX | Config    XX | Config    XX | Config    XX | Config 
 -----------    -----------    -----------    -----------
 00 : PEER      01 : DROP      02 : PEER      03 : PEER
 04 : FRWD      05 : FRWD      06 : FRWD      07 : FRWD
 08 : DROP      09 : FRWD      0A : FRWD      0B : FRWD
 0C : FRWD      0D : FRWD      0E : FRWD      0F : FRWD
 
   
 All Bridge (0180C2000010)= FRWD
 Group = PEER
 PVST = FRWD

Configuring Layer 2 Features

This section provides ES20 line card-specific information about configuring the Layer 2 interworking features on the Cisco 7600 series router. It includes the following topics:

Cross-Bundling

Configuring Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Configuring Flexible Service Mapping Based on CoS and Ethertype

Configuring the Backup Interface for Flexible UNICross-Bundling

Multichassis Support for Link Aggregation Control Protocol

Configuring the Backup Interface for Flexible UNI

Troubleshooting

Configuring Broadcast Storm Control on Switchports and Ports with Ethernet Virtual Connections

Configuring Asymmetric Carrier-Delay

Configuring MST on EVC Bridge Domain

Cross-Bundling

Follow these restrictions and guidelines during cross-bundling various linecards:

ES20 and ES+ cross-bundling is not supported.

Any LAN card, and ES20/ES+ cross-bundling is not supported.

Configuring EVC EtherChannel and LACP over EVC Port Channel

An Ethernet link bundle or port channel is an aggregation of up to eight physical Ethernet links to form a single logical link for L2/L3 forwarding. Bundled Ethernet ports are used to increase the capacity of the logical link and provide high availability and redundancy. The EVC EtherChannel feature provides support for EtherChannels on Ethernet Virtual Connection Services (EVCS) service instances.

For more information on EtherChannels, and how to configure EtherChannels on Layer 2 or Layer 3 LAN ports, refer: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/channel.html

The EVC EtherChannel feature supports MPBE, local connect, and cross connect service types. IEEE 802.3ad/Link Aggregation Control Protocol (LACP) provides an association of port channels. This feature supports service instances over bundled Ethernet links.

Ethernet flow points (EFPs) are configured on a port channel. The traffic, carried by the EFPs, is load balanced across member links. EFPs on a port channel are grouped and each group is associated with one member link. Ingress traffic for a single EVC can arrive on any member of the bundle. All egress traffic for an EFP uses only one of the member links. Load balancing is achieved by grouping EFPs and assigning them to a member link. In default load balancing, the user has no control over how the EFPs are grouped together, and sometimes the EFP grouping is not ideal. As a workaround, use manual load balancing to control the EFP grouping.

The scalability for a link-bundling EVC is 16k per chassis. Port Channel EVC scalability for ES20 cards is dependent on the same factors as EVCs configured on physical interfaces, with the number of member links and their distribution across PXFs as an additional parameter. EVC port channel QoS leverages EVC QoS infrastructure

Restrictions and Usage Guidelines

When configuring EVC EtherChannel, follow these restrictions and usage guidelines:

All member links of the port channel are on Cisco 7600-ES20-GE line cards.

Bridge-domain, cross connect, connect EVCs, switchports, and IP subinterfaces are allowed over the port-channel interface and the main interface.


Note For a port with a switchport, you can use the service instance ethernet command to create a service instance to support OAM requirements and not data traffic.


The EFP limit decreases by the number of member links on the NP. Egs: If there are 4 members within the same NP, the EVC limit on the NP decreases to 2000 that ie (8000/4).

If you configure a physical port as part of a channel group, you cannot configure EVCs on that physical port.

SPAN is not supported on an EVC source and destination.

You cannot configure switchport on a physical port that is part of an EVC port channel.

You can apply QoS policies on EVCs on a port channel, except that ingress microflow policing is not supported. For more information on configuring QoS with EVCs, see "Configuring QoS on the Cisco 7600 Series Ethernet Services 20G Line Card".

For HQoS and flat policies applied on an EVCS at the egress, the total guaranteed bandwidth of all policies on the EVCS belonging to the port channel cannot exceed the link rate (1 Gbps for 7600-ESM-20X1GE and 10 Gbps for 7600-ESM-2X10GE).

You cannot use the bandwidth percent command on EVC port channels with Cisco 7600-ES20-GE line cards.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface port channel

4. [no] ip address

5. [no] service instance id {Ethernet service-name}

6. encapsulation dot1q vlan-id

7. rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]

8. [no] bridge-domain bridge-id

9. channel-group 5 mode on | off
or
channel-group 5 mode active | passive


Note The channel-group command options on/off are applicable when configuring port channel over EVC and the options active/passive are applicable when configuring port channel over EVC with LACP.


DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# interface port channel number

Example:

Router(config)# interface port channel 1

Creates the port channel interface.

Step 4 

Router(config-if)# ip address ip_address mask

Example:

Router(config-if)# ip address 10.0.0.11 255.255.255.0

Assigns an IP address and subnet mask to the EtherChannel.

Step 5 

[no] service instance id {Ethernet [service-name]}

Example:

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instance of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 6 

 encapsulation dot1q vlan-id

Example:

Router(config-if-srv)# encapsulation dot1q 13

Defines the matching criteria to be used in order to map ingress dot1q frames on an interface to the appropriate service instance.

Step 7 

rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]

Example:

Router(config-if-srv)# rewrite ingress tag push dot1q 20

Specifies the tag manipulation that is to be performed on the frame ingress to the service instance.

Step 8 

[no] bridge-domain bridge-id

Example:

Router(config-subif)# bridge domain 12

Binds the service instance to a bridge domain instance where bridge-id is the identifier for the bridge domain instance.

Step 9 

channel-group 5 mode on |off

Example:

Router(config-if)# channel-group 5 mode on

OR

channel-group 5 mode active |passive

Example:

Router(config-if)# channel-group 5 mode active

Enables EVC port channel.

Enables LACP on the configured EVC port channel.

Examples

In this example, a single port channel interface is created with three possible member links from slots 1 and 2.

Router(config)# interface port channel5
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 350
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-subif)# bridge-domain 350

!

Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 400
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-subif)# bridge-domain 350
 
   
Router(config-if)# service instance 3 ethernet
Router(config-if-srv)# encapsulation dot1q 500
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-subif)# bridge-domain 370

!

Router(config)# interface port channel5.1
Router(config-if-srv)# encapsulation dot1Q 500 second-dot1q 300
Router(config-if)# ip address 60.0.0.1 255.0.0.0

!

Router(config)# interface GigabitEthernet1/0/0
Router(config-if)# channel-group 5 mode on
 
   
Router(config)# interface GigabitEthernet1/0/1
Router(config-if)# channel-group 5 mode on
 
   
Router(config)# interface GigabitEthernet2/0/1
Router(config-if)# channel-group 5 mode on

The next example shows scalable Eompls and EVC connect sample configuration.

Router#enable
Router#configure terminal
Router(config)#interface GigabitEthernet 3/0/0
Router(config-if)#service instance 10 ethernet
Router(config-srv)#encapsulation dot1q 20
Router(config-if-srv)#rewrite ingress tag pop 1 sym 
Router(config-if-srv)#exit
Router(config-if)#exit
Router(config)#interface GigabitEthernet 3/0/1
Router(config-if)#service instance 12 ethernet
Router(config-srv)#encapsulation dot1q 30
Router(config-if-srv)#rewrite ingress tag pop 1 sym 
Router(config-if-srv)#exit
Router(config-if)#exit
Router(config)#connect TEST GigabitEthernet 3/0/0 10 GigabitEthernet 3/0/1 12
Router#sh connection all
 
   
ID   Name            Segment 1              Segment 2                  State    
================================================================================
57   TEST            Gi3/0/0:10             Gi3/0/1:12                 UP    
 
   

Here is a typical QoS configuration.

Router(config)# interface port channel10
Router(config-if)# no ip address
Router(config-if)# mls qos trust cos
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 11
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if)# service-policy input x
Router(config-if)# service-policy output y
Router(config-subif)# bridge-domain 1500
 
   

Here is the configuration for LACP over a configured EVC port channel, on an interface:

Router(config-if)# channel-group 5 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable EtherChannel only
passive Enable LACP only if a LACP device is detected
Router(config-if)#channel-group 5 mode active
Router(config-if)#channel-group 5 mode passive 

Here are LACP EVC Port channel for Fast Switchover (1:1 redundancy) sample configuration outputs.

Port channel Configuration

Router(config-if)#interface port channel102
Router(config-if)#mtu 9216
Router(config-if)#no ip address
Router(config-if)#lacp fast-switchover
Router(config-if)#lacp max-bundle 1
Router(config-if)#service instance 50 ethernet
Router(config-if)# encapsulation dot1q 50
Router(config-if)# rewrite ingress tag pop 1 symmetric
Router(config-if)# service-policy output lacp-parent
Router(config-if)# bridge-domain 50

Member links configuration

Router(config-if)#interface GigabitEthernet3/0/12
Router(config-if)#mtu 9216
Router(config-if)#no ip address
Router(config-if)#no mls qos trust
Router(config-if)#lacp rate fast
Router(config-if)#channel-protocol lacp
Router(config-if)#channel-group 102 mode active
 
   

Verification

Use the following commands to verify operation.

Command
Purpose

Use the following commands to verify EVC configuration

Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detailed option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances on the given interface.

Router# show ethernet service interface [interface-id] [detail]

Displays information in the Port Data Block (PDB).

Use the following commands to verify LACP over EVC

Router#show etherchannel 15 port channel

Displays details for port channel 15. This command is common to EVC port channel, switchport port channel and L3 Port channel. The CLI is run at the RP.


Multichassis Support for Link Aggregation Control Protocol

Configured at the edge of a provider's network, Multichassis Link Aggregation Control Protocol (MLACP) features performs the following actions:

Uses dual-homed devices (DHD) to provide network redundancy between two or more service provider networks.

Allows the LACP state machine and protocol to operate in a dual- homed mode.

Each switch is a point of attachments (PoA), where one PoA is active, and the other is a standby, and the active PoA executes the multichassis link aggregation group with a DHD. A virtual LACP peer on the PoA is created giving the impression that a DHD is connected to one node.

Figure 2-3 shows the placement of PoAs and DHDs in an MLACP configuration.Figure 2-2

Figure 2-3 Placement of PoAs and DHDs in an MLACP Implementation

The status of the PoAs during traffic relay are:

The two PoAs form a redundancy group, and only one of the PoAs is active at any given time.

Only two PoAs form a redundancy group; however, you can configure a maximum of 50 redundancy groups connecting to other DHDs.

Active links exist only between a DHD and active PoAs. None of the links between the DHD and the standby PoA relay traffic other than Bridge Protocol Data Unit (BPDU)s.

The state of the etherchannel interface on a standby PoA is UP.

A switchover from an active PoA to a standby PoA occurs when there is a failure on the:

Uplink port on the DHD

DHD's uplink

Downlink port on an active PoA

Active PoA node

Active PoA uplinks

Cable failure

The default switchover mechanism uses dynamic port priority changes on the port channel and member link(s) to provide revertive mode and nonrevertive mode options. The default operation in a multi- chassis LACP is revertive.

Bruteforce is a switchover mechanism where the member link is in a err-disable state after a switchover. To recover the port channel and enable the member link on a new standby PoA, use the err disable recovery cause mlacp-minlink command in the global configuration mode.

Use the lacp max-bundle command in the following modes:

PoA based: Command is executed on the PoA.

Shared based: Command is executed on the PoA and DHD.

DHD based: Command is executed on the DHD.

Use the lacp max-bundle command on all the PoAs to operate in the PoA control and shared control modes. The max-bundle value argument should not be less than the total number of links in the Link Aggregation Group (LAG) that are connected to the PoA. Each PoA may be connected to the DHD with a different number of links for the LAG and, therefore, configured with a different value for the max-bundle value argument.


Note The lacp failover brute-force command cannot be used with a nonrevertive configuration.


Requirements and Restrictions

Follow these requirements and restrictions when configuring the MLACP feature in a ES20 line card:

Supported only on ES20 and ES40 line cards, all member links on a port-channel should be on same type of line card.

Cisco IOS Release 12.2(33)SRE supports service instances only on an MLACP port-channel.

A PoA may be active for one port-channel, and standby for a different port-channel.

The maximum number of port-channels supported on a PoA is 256.

In any LACP configuration, ensure that the numerical value of the system-priority of the virtual LACP instance on the PoAs is lower (higher priority) than that on the DHD for all control variants.

It is not recommended to configure different max bundle configurations on a PoA. For example, if DHD 1 to PoA has 4 links, PoA2 should also have 4 links.

Links can be successfully aggregated based on the following constraints:

Links should be from the same line card type.

QoS should be validated.

Port-channel hashing should be identical for two links.

Flowcontrol should match.

When Cisco 7600 routers are used to form a redundancy group within a PoA, the member links should adhere to the constraints listed in the previous paragraph. These constraints are not validated across PoAs and you should ensure that configuration between the two PoAs are identical.

Ensure that the etherchannel usage configuration is identical on the two PoAs.

The maximum bundle value on a PoA is 8.

A maximum of two PoAs in a redundancy group and 50 redundancy groups per node are supported.

Multiple Spanning Tree (MST) on an EVC is not supported on MLACP etherchannel ports.

Reverse Layer 2 Gateway Protocol (RL2GP) with MLACP is not supported.

DHD port-channel cannot use Spanning Tree Protocol (STP) or Resilient Ethernet Protocol (REP) or Reverse Layer 2 Gateway Protocol (RL2GP) as a redundancy option. DHD port-channel disables the STP enabled by default.

Subinterfaces on port-channels are not supported.

You can configure the channel-group command as active and configuring the channel-group command as passive is not supported.

As the lacp direct-loadswap command is not applicable on a PoA, member links on a PoA are not protected with links on the same PoA.

We do not recommend you to have different bundle configurations on a DHD. For example, if DHD 1 to PoA1 has four links, DHD 1 to PoA 2 should also have the same number of links.

Use the port-channel min-link command to configure each PoA with the minimum number of links. This maintains the LAG in an active state.

The lacp max-bundle command must be used on all the PoAs to operate in PoA control and shared control modes. The value of the max-bundle should not be less than the total number of interfaces in the LAG that are connected to the PoA.

If you use the lacp failover command with brute force, then after the switchover, the port-channel member link moves to a errdisabled state.By default, the interval is 300 seconds (tunable range is 30 seconds to 300 seconds).To recover the port-channel, use the errdisable recovery cause mlacp-minlink command. EVC with connect as forwarding function is not supported.

The lacp failover non-revertive and lacp failover brute-force commands are mutually exclusive within the same port-channel.

Connectivity Fault Management configuration on an MLACP port-channel is not permissible.

For best switchover perforamance, configure LACP fast-switchover in PoAs and DHDs.

You cannot use MLACP port-channel for IP forwarding.

You cannot configure REP on a MLACP port-channel.

Use the errdisable recovery cause mlacp-minlink command to auto-recover the port-channel after timer expiration.

The core interfaces in a VPLS core should be a ES20 or ES40 line card.

The recommended configuration sequence is:

Configure interchassis group and MLACP commands.

Configure MLACP interchassis group and other port-channel commands.

Add member links.

SUMMARY STEPS

1. enable

2. configure terminal

3. redundancy

4. interchassis group {number}

5. monitor peer {BFD}

6. member IP {IP address}

7. mlacp node-id {number}

8. mlacp system-mac {IP address}

9. mlacp system-priority priority

10. backbone interface any interface

11. exit

12. interface port-channel {port-channel number}

13. lacp max-bundle {max-bundle value}

14. lacp failover { non-revertive| brute force }

15. mlacp interchassis group {group-id}

16. backbone int member

17. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

redundancy

Example:

Router(config)# redundency

Enters redundancy configuration mode.

Step 4 

interchassis group {number}

Example:

Router(configure-red)# interchassis group 400

Configures an interchassis group within the redundancy configuration mode and assigns a group number.

Step 5 

monitor peer {BFD}

Example:

Router(configure-red)#

Configures the BFD option to monitor the state of the peer. The default option is route-watch.

Step 6 

member ip {IP address}

Example:

Router(configure-red)# member ip 172.3.3.3

Configures the IP address of the mlacp peer member group.

Step 7 

mlacp node-id {number}

Example:

Router(config-r-ic)# mlacp node-id 5

Defines the node ID to be used in the LACP port-id field. Valid value range is 0 - 7, and the value should be different from the peer values.

Step 8 

mlacp system-mac {address}

Example:

Router(config-r-ic)# mlacp aaaa.aaaa.aaab

Defines and advertises the system MAC address value to the MLACP members of the redundancy group.

Step 9 

mlacp system-priority priority

Example:

Router(config-r-ic)# mlacp system-priority 100

Defines the system priority advertised to the other MLACP members of the redundancy group. System priority values are from 1 to 65535, the default value being 32768. The assigned values should be lower than the DHD.

Step 10 

backbone interface any interface

Example:

Router(config-r-ic)# backbone interface GigabitEthernet2/3

Defines the backbone interface for the MLACP configuration.

Step 11 

exit

Example:

Router(config-r-ic)#exit

Exits the redundancy mode.

Step 12 

interface port-channel {port-channel number}

Example:

Router# interface Port-channel1

To identify the PoA uplink failure, configure the port- channel interface or any physical interface.

Step 13 

lacp max-bundle {max-bundle value}

Example:

Router (config-int)# lacp max-bundle 4

Configures the max-bundle links that are connected to the PoA. The value of the max-bundle links argument should not be less than the total number of links in the LAG that are connected to the PoA.

Step 14 

lacp failover { non-revertive| brute force}

Example:

P19_C7609-S(config-if)#lacp failover ?

brute-force Brute force interface failover

non-revertive Non revertive interface failover

Sets the MLACP switchover to nonrevertive or brute force. Default value is revertive. If you configure brute force, a minimum link or last link failure for every MLACP failure occurs or the dynamic lag priority value is modified.

Step 15 

mlacp interchassis group {group-id}

Example:

Router(config-red)#interchassis group 230

Specifies that the port-channel is an MLACP port-channel. The group-id should match the configured redundancy group.

Step 16 

backbone int member

Example:

Router(config-r-ic)# backbone interface GigabitEthernet2/4

Sets the backbone interface member.

Step 17 

exit

Exits the port-channel interface mode.

Examples

The following is a configuration example for Virtual Private Wire Services (VPWS):

ACTIVE POA

redundancy
interchassis group 100
  monitor peer bfd
  member ip 172.3.3.3
  backbone interface GigabitEthernet2/3
  backbone interface GigabitEthernet2/4
  mlacp system-priority 200
  mlacp node-id 0
!
interface Port-channel1
 no ip address
 load-interval 30
 speed nonegotiate
 port-channel min-links 4
 lacp failover brute-force
 lacp fast-switchover
 lacp max-bundle 4
 mlacp lag-priority 28000
 mlacp interchassis group 100
 service instance 2 ethernet
  encapsulation dot1q 2
  rewrite ingress tag pop 1 symmetric
  xconnect 172.2.2.2 2 pw-class mlacp
   backup peer 172.4.4.4 2 pw-class mlacp
 !
pseudowire-class mlacp
 encapsulation mpls
 status peer topology dual-homed
 
   
mpls ldp graceful-restart
!
!
interface Loopback0
 ip address 172.1.1.1 255.255.255.255
!
interface GigabitEthernet2/3
 ip address 120.0.0.1 255.255.255.0
 carrier-delay msec 0
 mpls ip
 bfd interval 100 min_rx 100 multiplier 3
!
interface GigabitEthernet2/9
 no ip address
 speed 1000
 channel-group 1 mode active

Use the show lacp multi-chassis group command to display the interchassis redundancy group value and the operational LACP parameters.

MLACP-PE1# show lacp multi-chassis group 100
Interchassis Redundancy Group 100
Operational LACP Parameters:
RG State:     Synchronized
System-Id:    200.000a.f331.2680
ICCP Version: 0
Backbone Uplink Status: Connected
Local Configuration:
Node-id:   0
System-Id: 200.000a.f331.2680
 
   
Peer Information:
State:        Up
Node-id:      7
System-Id:    2000.0014.6a8b.c680
ICCP Version: 0
 
   
State Flags: Active            - A
             Standby           - S
             Down              - D
             AdminDown         - AD
             Standby Reverting - SR
             Unknown           - U
          
mLACP Channel-groups
Channel    State      Priority     Active Links   Inactive Links
 Group   Local/Peer  Local/Peer     Local/Peer      Local/Peer
   1        A/S     28000/32768        4/4             0/0

Use the show lacp multi-chassis portchannel command to display the interface port-channel value channel group, LAG state, priority, inactive links peer configuration, and standby links.

MLACP-PE1# show lacp multi-chassis port-channel 1
Interface Port-channel1
Local Configuration:
Address: 000a.f331.2680
Channel Group: 1
State: Active
LAG State: Up
Priority: 28000
Inactive Links: 0
Total Active Links: 4   
           Bundled: 4   
          Selected: 4   
           Standby: 0   
        Unselected: 0   
 
   
Peer Configuration:
Interface: Port-channel1
Address: 0014.6a8b.c680
Channel Group: 1
State: Standby
LAG State: Up
Priority: 32768
Inactive Links: 0
Total Active Links: 4   
                           Bundled: 0   
          Selected: 0   
           Standby: 4   
        Unselected: 0   

Use the show mpls ldp iccp command to display the LDP session and ICCP state information.

MLACP-PE1# show mpls ldp iccp 
ICPM RGID Table
  iccp:
    rg_id: 100, peer addr: 172.3.3.3
    ldp_session 0x3, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM RGID Table total ICCP sessions: 1
ICPM LDP Session Table
  iccp:
    rg_id: 100, peer addr: 172.3.3.3
    ldp_session 0x3, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM LDP Session Table total ICCP sessions: 1

Use the show mpls l2transport command to display the local interface and session details, destination address, and status.

MLACP-PE1# show mpls l2transport vc 2 
 
   
Local intf     Local circuit              Dest address    VC ID      Status    
-------------  -------------------------- --------------- ---------- ----------
Po1            Eth VLAN 2                 172.2.2.2       2          UP        
Po1            Eth VLAN 2                 172.4.4.4       2          STANDBY   
 
   

Use the show etherchannel summary command to display the status and identity of the MLACP member links.

MLACP-PE1# show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
 
   
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
 
   
 
   
Number of channel-groups in use: 2
Number of aggregators:           2
 
   
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(RU)         LACP      Gi2/9(P)    Gi2/20(P)   Gi2/31(P)   
  

Use the show lacp internal command to display the device, port, and member- link information.

MLACP-PE1# show lacp internal 
Flags:  S - Device is requesting Slow LACPDUs 
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode     
 
   
Channel group 1
                            LACP port     Admin     Oper    Port        Port
Port      Flags   State     Priority      Key       Key     Number      State
Gi2/9     SA      bndl-act  28000         0x1       0x1     0x820A      0x3D  
Gi2/20    SA      bndl-act  28000         0x1       0x1     0x8215      0x3D  
Gi2/31    SA      bndl-act  28000         0x1       0x1     0x8220      0x3D  
Gi2/40    SA      bndl-act  28000         0x1       0x1     0x8229      0x3D  
 
   
Peer (MLACP-PE3) mLACP member links
 
   
Gi3/11    FA      hot-sby   32768         0x1       0x1     0xF30C      0x5   
Gi3/21    FA      hot-sby   32768         0x1       0x1     0xF316      0x5   
Gi3/32    FA      hot-sby   32768         0x1       0x1     0xF321      0x7   
Gi3/2     FA      hot-sby   32768         0x1       0x1     0xF303      0x7   

POA2

redundancy
 interchassis group 100
  monitor peer bfd
  member ip 172.1.1.1
  backbone interface GigabitEthernet3/3
  backbone interface GigabitEthernet3/5
  mlacp system-priority 2000
  mlacp node-id 7
!
interface Port-channel1
 no ip address
 load-interval 30
 speed nonegotiate
 port-channel min-links 4
 lacp failover brute-force
 lacp fast-switchover
 lacp max-bundle 4
 mlacp interchassis group 100
 service instance 2 ethernet
  encapsulation dot1q 2
  rewrite ingress tag pop 1 symmetric
  xconnect 172.2.2.2 2 pw-class mlacp
   backup peer 172.4.4.4 2 pw-class mlacp
!
pseudowire-class mlacp
 encapsulation mpls
 status peer topology dual-homed
 
mpls ldp graceful-restart
!
!
interface Loopback0
 ip address 172.3.3.3 255.255.255.255
!
interface GigabitEthernet3/2
 channel-group 1 mode active
!
interface GigabitEthernet3/3
 ip address 123.0.0.2 255.255.255.0
 mpls ip
 mpls label protocol ldp
 bfd interval 100 min_rx 100 multiplier 3
!

Use the show lacp multi-chassis group command to display the LACP parameters, local configuration, status of the backbone uplink, peer information, node ID, channel, state, priority active, and inactive links.

MLACP-PE3# show lacp multi-chassis group 100
Interchassis Redundancy Group 100
Operational LACP Parameters:
RG State:     Synchronized
System-Id:    200.000a.f331.2680
ICCP Version: 0
Backbone Uplink Status: Connected
Local Configuration:
Node-id:   7
System-Id: 2000.0014.6a8b.c680
 
   
Peer Information:
State:        Up
Node-id:      0
System-Id:    200.000a.f331.2680
ICCP Version: 0
 
   
State Flags: Active            - A
             Standby           - S
             Down              - D
             AdminDown         - AD
             Standby Reverting - SR
             Unknown           - U
          
mLACP Channel-groups
Channel    State      Priority     Active Links   Inactive Links
 Group   Local/Peer  Local/Peer     Local/Peer      Local/Peer
   1        S/A     32768/28000        4/4             0/0

Use the show lacp multi-chassis portchannel command to display the interface port-channel value channel group, LAG state, priority, inactive links peer configuration, and standby links.

MLACP-PE3# show lacp multi-chassis port-channel 1
Interface Port-channel1
Local Configuration:
Address: 0014.6a8b.c680
Channel Group: 1
State: Standby
LAG State: Up
Priority: 32768
Inactive Links: 0
Total Active Links: 4   
           Bundled: 0   
          Selected: 0   
           Standby: 4   
        Unselected: 0   
 
   
Peer Configuration:
Interface: Port-channel1
Address: 000a.f331.2680
Channel Group: 1
State: Active
LAG State: Up
Priority: 28000
Inactive Links: 0
Total Active Links: 4   
                           Bundled: 4   
          Selected: 4   
           Standby: 0   
        Unselected: 0   

Use the show mpls ldp iccp command to display the LDP session and ICCP state information.

MLACP-PE3# show mpls ldp iccp 
ICPM RGID Table
  iccp:
    rg_id: 100, peer addr: 172.1.1.1
    ldp_session 0x2, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM RGID Table total ICCP sessions: 1
ICPM LDP Session Table
  iccp:
    rg_id: 100, peer addr: 172.1.1.1
    ldp_session 0x2, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM LDP Session Table total ICCP sessions: 1
 
   
MLACP-PE3# sh mpls l2transport vc 2
 
   
Local intf     Local circuit              Dest address    VC ID      Status    
-------------  -------------------------- --------------- ---------- ----------
Po1            Eth VLAN 2                 172.2.2.2       2          STANDBY   
Po1            Eth VLAN 2                 172.4.4.4       2          STANDBY   
 
   

Use the show etherchannel summary command to display the status and identity of the MLACP member links.

MLACP-PE3# show etherchannel summary 
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
 
   
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
 
   
 
   
Number of channel-groups in use: 2
Number of aggregators:           2
 
   
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(RU)         LACP      Gi3/2(P)    Gi3/11(P)   Gi3/21(P)   
                                 Gi3/32(P)   

Use the show lacp internal command to display the device, port, and member- link information.

MLACP-PE3# show lacp 1 internal 
Flags:  S - Device is requesting Slow LACPDUs 
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode     
 
   
Channel group 1
                            LACP port     Admin     Oper    Port        Port
Port      Flags   State     Priority      Key       Key     Number      State
Gi3/2     FA      bndl-sby  32768         0x1       0x1     0xF303      0x7   
Gi3/11    FA      bndl-sby  32768         0x1       0x1     0xF30C      0x5   
Gi3/21    FA      bndl-sby  32768         0x1       0x1     0xF316      0x5   
Gi3/32    FA      bndl-sby  32768         0x1       0x1     0xF321      0x7   
 
   
Peer (MLACP-PE1) mLACP member links
 
   
Gi2/20    SA      bndl      28000         0x1       0x1     0x8215      0x3D  
Gi2/31    SA      bndl      28000         0x1       0x1     0x8220      0x3D  
Gi2/40    SA      bndl      28000         0x1       0x1     0x8229      0x3D  
Gi2/9     SA      bndl      28000         0x1       0x1     0x820A      0x3D  
MLACP-PE3# 
 
   
 
   

The following is a configuration example for a Virtual Private Lan Service (VPLS):

Active POA

 
   
redundancy
interchassis group 100
  monitor peer bfd
  member ip 172.3.3.3
  backbone interface GigabitEthernet2/3
  backbone interface GigabitEthernet2/4
  mlacp system-priority 200
  mlacp node-id 0
!
interface Port-channel1
 no ip address
 speed nonegotiate
 port-channel min-links 2
 lacp fast-switchover
 lacp max-bundle 4
 mlacp lag-priority 28800
 mlacp interchassis group 100
 service instance 4000 ethernet
  encapsulation dot1q 4000
  rewrite ingress tag pop 1 symmetric
  bridge-domain 4000
!
l2 vfi VPLS manual 
 vpn id 4000
 neighbor 172.2.2.2 encapsulation mpls
 neighbor 172.4.4.4 encapsulation mpls
 status decoupled
!
interface Vlan4000
 xconnect vfi VPLS
!
mpls ldp graceful-restart
!
interface Loopback0
 ip address 172.1.1.1 255.255.255.255
!
interface GigabitEthernet2/3
 ip address 120.0.0.1 255.255.255.0
 carrier-delay 0
 mpls ip
 bfd interval 100 min_rx 100 multiplier 3
!
interface GigabitEthernet2/9
 channel-group 1 mode active
!

Use the show lacp mg command to display the LACP parameters, local configuration, status of the

backbone uplink, peer information, node ID, channel, state, priority active, and inactive links.

MLACP-PE1# show lacp multi-chassis group 100
Interchassis Redundancy Group 100
 
   
Operational LACP Parameters:
RG State:     Synchronized
System-Id:    200.000a.f331.2680
ICCP Version: 0
Backbone Uplink Status: Connected
Local Configuration:
Node-id:   0
System-Id: 200.000a.f331.2680
 
   
Peer Information:
State:        Up
Node-id:      7
System-Id:    2000.0014.6a8b.c680
ICCP Version: 0
 
   
State Flags: Active            - A
             Standby           - S
             Down              - D
             AdminDown         - AD
             Standby Reverting - SR
             Unknown           - U
          
mLACP Channel-groups
Channel    State      Priority     Active Links   Inactive Links
 Group   Local/Peer  Local/Peer     Local/Peer      Local/Peer
   1        A/S     28000/32768        4/4             0/0

Use the show lacp multi-chassis portchannel command to display the interface port-channel value

channel group, LAG state, priority, inactive links peer configuration, and standby links.

MLACP-PE1# show lacp multi-chassis port-channel 1
Interface Port-channel1
Local Configuration:
Address: 000a.f331.2680
Channel Group: 1
State: Active
LAG State: Up
Priority: 28000
Inactive Links: 0
Total Active Links: 4   
           Bundled: 4   
          Selected: 4   
           Standby: 0   
        Unselected: 0   
 
   
Peer Configuration:
Interface: Port-channel1
Address: 0014.6a8b.c680
Channel Group: 1
State: Standby
LAG State: Up
Priority: 32768
Inactive Links: 0
Total Active Links: 4   
                           Bundled: 0   
          Selected: 0   
           Standby: 4   
        Unselected: 0   

Use the show mpls ldp iccp command to display the LDP session and ICCP state information.

MLACP-PE1# show mpls ldp iccp 
ICPM RGID Table
  iccp:
    rg_id: 100, peer addr: 172.3.3.3
    ldp_session 0x3, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM RGID Table total ICCP sessions: 1
ICPM LDP Session Table
  iccp:
    rg_id: 100, peer addr: 172.3.3.3
    ldp_session 0x3, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM LDP Session Table total ICCP sessions: 1
 
   

Use the show mpls l2transport command to display the local interface and session details, destination address, and the status.

MLACP-PE1# show mpls l2transport vc 4000
 
   
Local intf     Local circuit              Dest address    VC ID      Status    
-------------  -------------------------- --------------- ---------- ----------
VFI VPLS       VFI                        172.2.2.2       4000       UP     
VFI VPLS       VFI			  172.4.4.4	  4000	     UP
 
   

Use the show etherchannel summary command to display the status and identity of the MLACP member links.

MLACP-PE1# show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
 
   
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
 
   
 
   
Number of channel-groups in use: 2
Number of aggregators:           2
 
   
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(RU)         LACP      Gi2/9(P)    Gi2/20(P)   Gi2/31(P)   
                                 Gi2/40(P) 

Use the show lacp internal command to display the device, port, and member-link information.

MLACP-PE1# show lacp internal 
Flags:  S - Device is requesting Slow LACPDUs 
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode     
 
   
Channel group 1
                            LACP port     Admin     Oper    Port        Port
Port      Flags   State     Priority      Key       Key     Number      State
Gi2/9     SA      bndl-act  28000         0x1       0x1     0x820A      0x3D  
Gi2/20    SA      bndl-act  28000         0x1       0x1     0x8215      0x3D  
Gi2/31    SA      bndl-act  28000         0x1       0x1     0x8220      0x3D  
Gi2/40    SA      bndl-act  28000         0x1       0x1     0x8229      0x3D  
 
   
Peer (MLACP-PE3) mLACP member links
 
   
Gi3/11    FA      hot-sby   32768         0x1       0x1     0xF30C      0x5   
Gi3/21    FA      hot-sby   32768         0x1       0x1     0xF316      0x5   
Gi3/32    FA      hot-sby   32768         0x1       0x1     0xF321      0x7   
Gi3/2     FA      hot-sby   32768         0x1       0x1     0xF303      0x7   
 
   

Configuration example on a standby PoA:

redundancy
 interchassis group 100
  monitor peer bfd
  member ip 172.1.1.1
  backbone interface GigabitEthernet3/3
  backbone interface GigabitEthernet3/5
  mlacp system-priority 2000
  mlacp node-id 7
!
interface Port-channel1
 no ip address
 speed nonegotiate
 port-channel min-links 2
 lacp fast-switchover
 lacp max-bundle 4
 mlacp lag-priority 28800
 mlacp interchassis group 100
 service instance 4000 ethernet
  encapsulation dot1q 4000
  rewrite ingress tag pop 1 symmetric
  bridge-domain 4000
!
l2 vfi VPLS manual 
 vpn id 4000
 neighbor 172.2.2.2 encapsulation mpls
 neighbor 172.4.4.4 encapsulation mpls
 status decoupled
!
interface Vlan4000
 xconnect vfi VPLS
!
mpls ldp graceful-restart
!
!
interface Loopback0
 ip address 172.3.3.3 255.255.255.255
!
interface GigabitEthernet3/2
 channel-group 1 mode active
!
interface GigabitEthernet3/3
 ip address 123.0.0.2 255.255.255.0
 mpls ip
 mpls label protocol ldp
 bfd interval 100 min_rx 100 multiplier 3
!

Use the show lacp multi-chassis group interchassis group number command to display the LACP parameters, local configuration, status of the backbone uplink, peer information, nodeID, channel, state, priority, active, and inactive links.

MLACP-PE3# show lacp multi-chassis group 100
Interchassis Redundancy Group 100
 
   
Operational LACP Parameters:
RG State:     Synchronized
System-Id:    200.000a.f331.2680
ICCP Version: 0
Backbone Uplink Status: Connected
Local Configuration:
Node-id:   7
System-Id: 2000.0014.6a8b.c680
 
   
Peer Information:
State:        Up
Node-id:      0
System-Id:    200.000a.f331.2680
ICCP Version: 0
 
   
State Flags: Active            - A
             Standby           - S
             Down              - D
             AdminDown         - AD
             Standby Reverting - SR
             Unknown           - U
          
mLACP Channel-groups
Channel    State      Priority     Active Links   Inactive Links
 Group   Local/Peer  Local/Peer     Local/Peer      Local/Peer
   1        S/A     32768/28000        4/4             0/0

Use the show lacp multi-chassis portchannel command to display the interface port-channel valuechannel group, LAG state, priority, inactive links peer configuration, and standby links.

MLACP-PE3# show lacp multi-chassis port-channel 1
Interface Port-channel1
Local Configuration:
Address: 0014.6a8b.c680
Channel Group: 1
State: Standby
LAG State: Up
Priority: 32768
Inactive Links: 0
Total Active Links: 4   
           Bundled: 0   
          Selected: 0   
           Standby: 4   
        Unselected: 0   
 
   
Peer Configuration:
Interface: Port-channel1
Address: 000a.f331.2680
Channel Group: 1
State: Active
LAG State: Up
Priority: 28000
Inactive Links: 0
Total Active Links: 4   
                           Bundled: 4   
          Selected: 4   
           Standby: 0   
        Unselected: 0   
 
   
MLACP-PE3# show mpls ldp iccp 
ICPM RGID Table
  iccp:
    rg_id: 100, peer addr: 172.1.1.1
    ldp_session 0x2, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM RGID Table total ICCP sessions: 1
ICPM LDP Session Table
  iccp:
    rg_id: 100, peer addr: 172.1.1.1
    ldp_session 0x2, client_id 0
    iccp state: ICPM_ICCP_CONNECTED
    app type: MLACP
        app state: ICPM_APP_CONNECTED, ptcl ver: 0
ICPM LDP Session Table total ICCP sessions: 1
MLACP-PE3# sh mpls l2transport vc 2
 
   
Local intf     Local circuit              Dest address    VC ID      Status    
-------------  -------------------------- --------------- ---------- ----------
VFI VPLS       VFI                        172.2.2.2       4000       UP     
VFI VPLS       VFI			  172.4.4.4	  4000	     UP
 
   
Use the show etherchannel summary command to display the status and identity of the MLACP 
member
links.
MLACP-PE3#show etherchannel summary 
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
 
   
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
 
   
Number of channel-groups in use: 2
Number of aggregators:           2
 
   
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(RU)         LACP      Gi3/2(P)    Gi3/11(P)   Gi3/21(P)   
                                 Gi3/32(P)   

Use the show lacp internal command to display the device, port, and member- link information.

MLACP-PE3# show lacp 1 internal 
Flags:  S - Device is requesting Slow LACPDUs 
        F - Device is requesting Fast LACPDUs
        A - Device is in Active mode       P - Device is in Passive mode     
 
   
Channel group 1
                            LACP port     Admin     Oper    Port        Port
Port      Flags   State     Priority      Key       Key     Number      State
Gi3/2     FA      bndl-sby  32768         0x1       0x1     0xF303      0x7   
Gi3/11    FA      bndl-sby  32768         0x1       0x1     0xF30C      0x5   
Gi3/21    FA      bndl-sby  32768         0x1       0x1     0xF316      0x5   
Gi3/32    FA      bndl-sby  32768         0x1       0x1     0xF321      0x7   
 
   
Peer (MLACP-PE1) mLACP member links
 
   
Gi2/20    SA      bndl      28000         0x1       0x1     0x8215      0x3D  
Gi2/31    SA      bndl      28000         0x1       0x1     0x8220      0x3D  
Gi2/40    SA      bndl      28000         0x1       0x1     0x8229      0x3D  
Gi2/9     SA      bndl      28000         0x1       0x1     0x820A      0x3D  
MLACP-PE3# 

Troubleshooting

Table 2-9 provides troubleshooting solutions for Multichassis Support for LACP feature.

Table 2-9

Problem
Solution

If the MLACP or ICCP is down or if the the links between the POA are down or theICCP is in a different state

Use the debug lacp multi-chassis command to verify the MLACP interface, database, interchassis redundancy group and user interface. Share the output with TAC for further investigation.

Connection timer has expired or ICCP is disconnected or attempting to establish an ICCP connection

Use the show lacp multi-chassis group command to verify if the connection timer is enabled. Share the output with TAC for further investigation.

LAG state failure or RG is synchronized or timed out
LAG is enabled for member links, but the hold down timer is running or RG is waiting
Member links are not enabled or link failure detected

Use the show lacp multi-chassis port-channel commandand share the output with TAC for further investigation.

Traffic loss after reversal

Use the test lacp multichassis reversion-delay delay_in_seconds command to extend the amount of time before mLACP reverts to the previous active state after failure recovery. This allows the pseudowires additional time to come UP before the PoA reverts to active state.

Failover performance

Complete these steps:

1. Reduce the pesudowire number to 100and check if the performance issue is corrected.

2. Check the DHD configuration. Remove any min-links configuration from the DHD as it slows down failovers and provides no additional value.

3. Ensure that lacp fast-switchover is configured on DHD and PoAs.

Unexpected active/standby roles or priorities

Complete these steps:

1. Use the show run int port-ch and show lacp mp command to check if the configured priorities match the operational priorities. If they don't match, it implies that there was a failover.

2. Use the monitor event-trace mlacp command on the SP to verify the reasons for any failovers that caused swapping of active/standby roles or dynamic priority changes.


Troubleshooting Multichassis Support for LACP

Pseudo MLACP Support on Cisco 7600

In dual homing, a device is connected to the network using two independent access points or points of attachments (POAs). One POA is the primary connection and the other is a standby connection that is activated in the event of a failure of the primary connection. The Multi-chassis Link Aggregation Protocol (MLACP) solution is an active and standby Provider Edge (PE) redundancy mechanism. The Pseudo MLACP (PMLACP) feature introduced in Cisco IOS release 15.1(3)S, provides a flexible dual homing redundancy mechanism where both the connections are in the active mode (active-active mode). In PMLACP implementation, a PMLACP application is implemented on the PE router. Both the POA ports are placed in active mode with manual VLAN load balancing.

PMLACP provides higher bandwidth utilization than MLACP and other active and standby link level schemes. PMLACP provides VLAN based redundancy by allowing you to configure one primary and one secondary interface pair for each member VLAN. The POAs determine which POA is active and standby for each VLAN on a Multi-Chassis Link Aggregation (MLAG) and only the active POA forwards frames for the respective VLAN. Additionally PMLACP allows maximum flexibility for the PE-CE inter operability in terms of dual-homing redundancy and failover recovery.

Figure 2-4 explains the PMLACP implementation with manual VLAN load-balancing configuration.

Figure 2-4 PMLACP Implementation

In the illustration, POA ports are configured for a PMLACP role, and ports are configured in active-active mode with manual VLAN load-balancing. The POAs are configured to allow certain VLANs on one of their downlinks but not the other VLANs. The POA activates its uplinks for locally active VLANs. DHD is configured to enable all VLANs on both its uplinks. Traffic from DHD is initially flooded on both uplinks until DHD learns which uplink is active for which VLANs.

Failover Operations

The PMLACP feature provides network resiliency by protecting against port, link, and node failures.

Figure 2-5 explains the failure points in a network.

Figure 2-5

PMLACP Failover Protection

These failures can be categorized into five types.

A—Failure of the uplink port on the DHD

B—Failure of the ethernet link

C—Failure of the downlink port on the POA

D—Failure of the POA node

E—Failure of the active POA uplinks

The failover operations are triggered by three different events.

Access side link or port failure (failure types A- C): PMLACP on the failing POA initiates a failover to the peer for any VLANs that were active on the failed link or links. This failover is initiated by sending an MLACP port state Type Length Value (TLV) message, indicating that the port state is down.

Node failure (failure type D): PMLACP on the surviving POA receives a node failure notification and initiates a failover of all VLANs in standby mode on all shared MLAGs.

POA uplink failure (failure type E): The failing POA sends a message to the peer about the core isolation using the MLACP system state TLV, indicating that the POA is isolated. It will then place all VLANs in the blocking mode.

All the three failover events involve the peer POA receiving a notification of the failure. At this point the receiving standby POA completes the following steps:

1. Unblocks any of the affected VLANs which were in standby or blocked mode.

2. Sends a MAC flush message to the access side network device through a Multiple VLAN Registration Protocol (MVRP) message. This message reflects all the VLANs which are being activated only for the associated interface. When DHD receives the MVRP message, DHD responds by flushing the MAC address tables for those VLANs.

3. Triggers the core network edge MAC flushing.

Failure Recovery

PMLACP uses revertive mode after a failure recovery to support the active-active model. The reversal process is also similar to the failover process. The standby POA initates the reversal for each VLAN by indicating that the POA is relinquishing its active role for the VLAN. This is done though an ICCP PLACP interface state TLV message, which indicates that it is no longer in active mode for the affected VLANs. Upon TLV receipt, the recovering POA unblocks the affected VLANs and triggers the MAC flushes towards access side and core side.

Revertive mode is enabled by default. If you want to choose when to trigger reversion after the failover recovery, you can configure non revertive mode. The non revertive mode is enabled by configuring the command lacp failover non-revertive under port channel.

Restrictions for PMLACP

Follow this restrictions and usage guidelines while configuring PMLACP.

PMLACP is supported on ES+ and ES 20 line cards.

PMLACP is supported on SUP 720 and RSP 720.

PMLACP configuration on a port channel supports only service instances.

If PMLACP is enabled on a port channel, Resilient Ethernet Protocol (RTP), Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP), VLAN Trunking Protocol (VTP), or other layer 2 control protocols are not supported.

The ethernet VLAN color blocking needs to be configured on all VLANs under the port channel if it has EVC xconnect or MTP configured on it. Use the ethernet vlan color-block vlan all command for configuring it.

Both POAs must contain the same configuration of manual-load balance VLAN list and LAG.

The bridge-domain that is configured under a PMLACP port channel EVC should not be part of any other non PMLACP interfaces.

Only one port channel of MLACP or PMLACP type is supported on a single redundancy group (RG). There can be one MLACP port channel and another PMLACP port channel on a single RG, but not two port channels of the same type.

Active VLAN list configuration needs to be the same on both POAs.

The port-channel configuration on both POAs must be the same, but port-channel members need not be the same.

The recommended configuration sequence for PMLACP is:

Configure interchassis group and PMLACP commands.

Configure MLACP interchassis group and other port channel commands.

Add member links.

Configuring PMLACP on Cisco 7600

Complete the following steps to configure PMLACP on the Cisco 7600 router.

SUMMARY STEPS

1. enable

2. configure terminal

3. pseudowire-class pw-class-name

4. encapsulation mpls

5. status peer topology dual-homed

6. exit

7. l2 vfi name manual

8. vpn id vpn-id

9. neighbor remote-id encapsulation mpls

10. exit

11. redundancy

12. interchassis group number

13. monitor peer bfd

14. member IP IP-address

15. mlacp node-id number

16. mlacp system-priority priority

17. backbone interface interface

18. exit

19. interface port-channel port-channel number

20. no ip address

21. mlacp interchassis group group-id

22. mlacp mode active-active

23. mlacp load-balance primary vlan range

24. mlacp load-balance secondary vlan range

25. ethernet vlan color-block all

26. service instance id ethernet

27. encapsulation dot1q vlan id

28. rewrite ingress tag pop {1 | 2} symmetric

29. xconnect peer-id vc-id pw-class pw-class-name

or

brige-domain bridge-domain-id

30. backup peer peer-id vc-id pw-class pw-class-name

31. exit

32. interface vlan bridge-domain-id

33. xconnect vfi vfi-name

34. end

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode, and if prompted enter your password.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

pseudowire-class pw-class-name

Example:

Router(config)# pseudowire-class vpws

Specifies the name of a pseudowire class and enters pseudowire class configuration mode.

Step 4 

encapsulation mpls

Example:

Router(config-pw-class)# encapsulation mpls

Specifies that MPLS is used as the data encapsulation method for tunneling Layer 2 traffic over the pseudowire.

Step 5 

status peer topology dual-homed

Example:

Router(config-pw-class)# status peer topology dual-homed

Enables the reflection of the attachment circuit status on both the primary and secondary pseudowires. This configuration is necessary if the peer PEs are connected to a dual-homed device.

Step 6 

exit

Example:

Router(config-pw-class)# exit

Exits pseudowire class configuration mode.

Step 7 

l2 vfi name manual

Example:

Router(config)# l2 vfi vpls manual

Creates a named Layer 2 Virtual Forwarding Instance (VFI) and enables the Layer 2 VFI manual configuration mode.

Note Perform steps 7 to 10 only if you are configuring PMLACP over VPLS. Else go to step 11.

Step 8 

vpn id vpn-id

Example:

Router(config-vfi)# vpn id 17

Configures a VPN ID for the VPLS domain.

Step 9 

neighbor remote-id encapsulation mpls

Example:

Router(config-vfi)# neighbor 1.5.1.1 encapsulation mpls

Specifies the remote peering router ID, which is the IP address of the router, and the tunnel encapsulation type for the emulated VC.

Step 10 

exit

Example:

Router(config-vfi)# exit

Exits the L2 VFI manual configuration mode.

Step 11 

redundancy

Example:

Router(config)# redundancy

Enters redundancy configuration mode.

Step 12 

interchassis group number

Example:

Router(configure-red)# interchassis group 100

Configures an interchassis group within the redundancy configuration mode and assigns a group number.

Step 13 

monitor peer bfd

Example:

Router(configure-r-ic)# monitor peer bfd

Configures the BFD option to monitor the state of the peer.

Note The monitor peer bfd command is optional. If this command is not specified, the default option is route-watch.

Step 14 

member ip IP-address

Example:

Router(configure-r-ic)# member ip 172.3.3.3

Configures the IP address of the MLACP peer member group.

Step 15 

mlacp node-id node-id

Example:

Router(config-r-ic)# mlacp node-id 5

Specifies the node ID to be used in the LACP port-id field.

node-id — Valid range is 0 - 7, and the value should be different from the peer values.

Step 16 

mlacp system-priority priority

Example:

Router(config-r-ic)# mlacp system-pri- ority 100

Specifies the system priority advertised to the other MLACP members of the redundancy group.

priority — Acceptable range is 1 to 65535. The default value is 32768. The assigned values should be lower than the DHD.

Step 17 

backbone interface interface

Example:

Router(config-r-ic)# backbone inter- face GigabitEthernet2/3

Specifies the backbone interface for the MLACP configuration.

Step 18 

exit

Example:

Router(config-r-ic)# exit

Exits the redundancy mode.

Step 19 

interface port-channel number

Example:

Router(config)# interface Port-channel 10

Specifies the port-channel interface.

Step 20 

no ip address

Example:

Router(config-if)# no ip address

Removes the IP address from the interface.

Step 21 

mlacp interchassis group group-id

Example:

Router(config-if)# mlacp interchassis group 100

Specifies that the port-channel is an MLACP port-channel. The group-id should match the configured redundancy group.

Step 22 

mlacp mode active-active

Example:

Router(config-if)# mlacp mode active-active

Specifies the MLACP mode as active-active.

Step 23 

mlacp load-balance primary vlan range

Example:

Router(config-if)# mlacp load-balance primary vlan 100-109

Specifies the primary VLAN range for manual load balancing.

range — Specifies the VLAN ID range. Values range from 1 to 4094.

Step 24 

mlacp load-balance secondary vlan range

Example:

Router(config-if)# mlacp load-balance secondary vlan 110-120

Specifies the secondary VLAN range for manual load balancing.

Step 25 

ethernet vlan color-block all

Example:

Router(config-if)# ethernet vlan color-block all

Blocks VLANs on EVCs with connect and cross-connect.

devices.

Note This configuration is required if EVC cross connect or MTP is used on the PMLACP port channel.

Step 26 

service instance id ethernet

Example:

Router(config-if)# service instance 101 ethernet

Creates a service instance on an interface.

Step 27 

encapsulation dot1q vlan-id

Example:

Router(config-if-srv)# encapsulation dot1q 100

Configures the encapsulation. Defines the matching criteria to be used in order to map the ingress dot1q frames on an interface to the appropriate service instance.

Step 28 

rewrite ingress tag pop {1 | 2} symmetric

Example:

Router(config-if-srv)# rewrite ingress tag pop 1 symmetric

Specifies the tag manipulation that is to be performed on the frame in ingress direction to the service instance.

Step 29 

xconnect peer-id vc-id pseudowire-class pw-classname

or

brige-domain bridge-domain-id

Example:

Router(config-if-srv)# xconnect 3.3.3.3 90 pseudowire-class vpws

Binds the 802.1Q VLAN attachment circuit to a virtual circuit (VC).

Binds the attachment circuit to a pseudowire VC.

peer-id— specifies the IP address of the peer PE router.

vc-id— specifies the 32-bit value that identifies the VC between the peer PE routers at each endpoint of the VC. You must configure the same VC ID on the peer PE router.

pw-classname— Specifies the pseudowire class.

Note Use the bridge-domain command if you are configuring PMLACP on VPLS.

Step 30 

backup peer peer-id vc-id pseudow- ire-class pw-classname

Example:

Router(config-if-srv)# backup peer 4.3.3.3 90 pseudowire-class vpws

Specifies a redundant peer for a pseudowire virtual circuit.

Step 31 

exit

Example:

Router(config-if-srv)# end

Exits from the interface configuration mode.

Step 32 

interface vlan bridge-domain-id

Example:

Router(config-if)# interface vlan 201

Creates or accesses a dynamic switched virtual interface (SVI).

Note You need to perform steps 32 and 33 only if you are configuring VPLS.

Step 33 

xconnect vfi vfi-name

Example:

Router(config-if)# xconnect vfi vpls

Specifies the Layer 2 VFI that you are binding to the VLAN port.

Step 34 

end

Example:

Router(config-if)# end

Exits the port-channel interface mode.

Configuration Examples

This is a configuration example for PMLACP with EVC xconnect on two POAs, A and B. In this example primary VLAN range is configured as 100-109 on router A and 110-120 on router B. The VLAN range is interchanged so that the primary VLAN range of router A becomes the secondary VLAN range in router B and the secondary VLAN range of router A becomes the primary VLAN range in router B.

RouterA> enable
RouterA# configure terminal
RouterA(config)# pseudowire-class vpws
RouterA(config-pw-class)# encapsulation mpls
RouterA(config-pw-class)# status peer topology dual-homed 
RouterA(config-pw-class)# exit
RouterA(config)# l2 vfi vpls manual
RouterA(config-vfi)# vpn id 100
RouterA(config-vfi)# neighbor 3.3.3.3 encapsulation mpls
RouterA(config-vfi)# exit
RouterA(config)# redundancy
RouterA(config-red)# interchassis group 100
RouterA(config-r-ic)# monitor peer bfd
RouterA(config-r-ic)# member ip 2.2.2.2
RouterA(config-r-ic)# backbone interface GigabitEthernet8/0/10
RouterA(config-r-ic)# mlacp system-priority 100
RouterA(config-r-ic)# mlacp node-id 1 
Router(config)# interface Port-channel10
RouterA(config-if)# no ip address
RouterA(config-if)# mlacp interchassis group 100
RouterA(config-if)# mlacp mode active-active
RouterA(config-if)# mlacp load-balance primary vlan 100-109
RouterA(config-if)# mlacp load-balance secondary vlan 110-120
RouterA(config-if)# ethernet vlan color-block all
RouterA(config-if)# service instance 10 ethernet
RouterA(config-if-srv)# encapsulation dot1q 100
RouterA(config-if-srv)# rewrite ingress tag pop 1 symmetric
RouterA(config-if-srv)# xconnect 3.3.3.3 90 pseudowire-class vpws
RouterA(config-if-srv)# backup peer 4.3.3.3 91
RouterA(config-if)# service instance 11 ethernet 
RouterA(config-if-srv)# encapsulation dot1q 101
RouterA(config-if-srv)# rewrite ingress tag pop 1 symmetric
RouterA(config-if-srv)# bridge-domain 201
RouterA(config-if-srv)# exit
RouterA(config-if)# exit
RouterA(config)# interface vlan 201

RouterA(config-if)# no shutdown

RouterA(config-if)# xconnect vfi vpls

RouterA(config-if)# end
 
   
RouterB> enable
RouterB# configure terminal
RouterB(config)# pseudowire-class vpws
RouterB(config-pw-class)# encapsulation mpls
RouterB(config-pw-class)# status peer topology dual-homed 
RouterB(config-pw-class)# exit
RouterB(config)# l2 vfi vpls manual
RouterB(config-vfi)# vpn id 100
RouterB(config-vfi)# neighbor 3.3.3.3 encapsulation mpls
RouterB(config-vfi)# exit
RouterB(config)# redundancy
RouterB(config-red)# interchassis group 100
RouterB(config-r-ic)# monitor peer bfd
RouterB(config-r-ic)# member ip 1.1.1.1
RouterB(config-r-ic)# backbone interface GigabitEthernet8/0/10
RouterB(config-r-ic)# mlacp system-priority 100
RouterB(config-r-ic)# mlacp node-id 2
Router(config)# interface Port-channel 10
RouterB(config-if)# no ip address
RouterB(config-if)# mlacp interchassis group 100
RouterB(config-if)# mlacp mode active-active
RouterB(config-if)# mlacp load-balance primary vlan 110-120
RouterB(config-if)# mlacp load-balance secondary vlan 100-109
RouterB(config-if)# ethernet vlan color-block all
RouterB(config-if)# service instance 10 ethernet
RouterB(config-if-srv)# encapsulation dot1q 100
RouterB(config-if-srv)# rewrite ingress tag pop 1 symmetric
RouterB(config-if-srv)# xconnect 3.3.3.3 90 pseudowire-class vpws
RouterB(config-if-srv)# backup peer 4.3.3.3 91
RouterB(config-if)# service instance 11 ethernet 
RouterB(config-if-srv)# encapsulation dot1q 101
RouterB(config-if-srv)# rewrite ingress tag pop 1 symmetric
RouterB(config-if-srv)# bridge-domain 201
RouterB(config-if-srv)# exit
RouterB(config-if)# exit
RouterB(config)# interface vlan 201
RouterB(config-if)# no shutdown

RouterB(config-if)# xconnect vfi vpls

RouterB(config-if)# end
 
   

Verification

Use the show lacp multi-chassis load-balance port-channel number command to verify the PMLACP configuration information on the port channel interface.

PE1# show lacp multi-chassis load-balance port-channel 10
Interface Port-Channel 10
        Local Configuration:
                P-mLACP Enabled:      Yes
                Redundancy Group:     100
                Revertive Mode:       Non-Revertive
                Primary VLANs:        4001-4002,4004-4005,4007-4010
                Secondary VLANs:      4012-4013,4015-4016,4018-4021
Local Interface State:
                Interface ID: 10
                Port State:           Up
                Primary VLAN State:   Standby
                Secondary VLAN State: Standby
Peer Interface State:
                Interface ID: 10
                Primary VLAN State:   Active
                Secondary VLAN State: Active

Use the show lacp multi-chassis group command to display the interchassis redundancy group and the operational LACP parameters.

PE1# show lacp multi-chassis group

Interchassis Redundancy Group 100
Operational LACP Parameters:
                RG State:     Synchronized
                System-Id:    32768.001b.0de6.3080
                ICCP Version: 0
        Backbone Uplink Status: Connected
        Local Configuration:
                Node-id:   1
                System-Id: 32768.001b.0de6.3080
Peer Information:
                State:        Up
                Node-id:      2
                System-Id:    32768.f866.f2d2.6680
                ICCP Version: 0
State Flags: Active - A
             Standby           - S
             Down              - D
             AdminDown         - AD
             Standby Reverting - SR
             Unknown           - U
mLACP Channel-groups
Channel    State      Priority     Active Links   Inactive Links
 Group   Local/Peer  Local/Peer     Local/Peer      Local/Peer
   10       A/A     32768/32768        2/2             0/0
 
   
Redundancy Group 100 (0x64)
  Applications connected: mLACP, Pseudo-mLACP
  Monitor mode: BFD
  member ip: 2.2.2.2 "PE2", CONNECTED
    BFD neighbor: GigabitEthernet2/9, next hop 192.168.41.2, UP
    mLACP state: CONNECTED

Pseudo-mLACP state: CONNECTED

backbone int GigabitEthernet8/0/9: UP (IP)
ICRM fast-failure detection neighbor table
  IP Address       Status Type Next-hop IP      Interface
  ==========       ====== ==== ===========      =========
  2.2.2.2          UP     BFD  192.168.41.2     GigabitEthernet2/9

Use the show lacp multi-chassis load-balance group command to display the PMLACP configuration information including redundancy group, link states and interface status.

PE2#sh lacp multi-chassis load-balance group

Interchassis Redundancy Group 100
                RG State:       Synchronized
                ICCP Version:   0
        Backbone Uplink Status: Connected
        Local Configuration:
                Node-id:        2
        Peer Information:
                State:          Up
                Node-id:        1
                ICCP Version:   0
States:      Active     - ACT           Standby    - SBY
             Down       - DN            AdminDown  - ADN
             Unknown    - UN            Reverting  - REV
P-mLACP Interfaces
Interface    Port State     Local VLAN State      Peer VLAN State
   ID          Local       Primary/Secondary     Primary/Secondary
   10           ADN             ADN/ADN                DN/DN 
   34            UP             ACT/SBY               ACT/SBY

Troubleshooting Tips

Table 2-10 Troubleshooting

Command
Purpose

debug lacp load-balance [all | database | redundancy-group | vlan]

Enables debugging of the PMLACP activity. Use this command from the switch processor (SP).

debug redundancy interchassis [all | application | error | event | monitor]

Enables debugging of the interchassis redundancy manager.

debug mpls ldp iccp

Enables debugging of the Inter Chassis Control Protocol (ICCP). Use this command from the RP.


Tips

Configuring Custom Ethertype for EVC Interfaces

Custom Ethertype feature allows you to customize the Ethernet settings on an ES20 line card. This feature enables you to configure an ethertype with the outer tag for dot1Q and QinQ packets. Both EVCs (802.1Q and QinQ) and QinQ routed subinterfaces support custom ethertype. By default Cisco 7600 series router supports Ethertype 0x8100 for dot1Q and Q-in-Q outer tag. You can use the custom ethertype feature to configure the following ethertypes for each port on ES20 line cards:

0x8100 - 802.1q

0x9100 - Q-in-Q

0x9200 - Q-in-Q

0x88a8 - 802.1ad

Use this command to configure a custom ethertype on a physical port.

dot1q tunneling ethertype <0x88A8 | 0x9100 | 0x9200>

In this sample configuration, Ethertype is set to 0x9100, service instance is created, and rewrite is initiated:

interface GigabitEthernet 1/0/0
    dot1q tunneling ethertype 0x9100
    service instance <number> ethernet
        encapsulation dot1q <vlan 1> [second-dot1q <vlan 2>]
        Rewrite <Rewrite>

Note 802.1q (0x8100) is the default ethertype setting.


Supported Rewrite Rules for a Custom Ethertype Configuration

Rewriting allows you to add or remove VLAN tags in the packets that are transferred between two customer sites within a service provider network.

These rewrites are supported on a Network Network Interface (NNI):

Non range on C-Tag on an NNI

Range on C-Tag on an NNI

Supported Rewrites for Non Range on a C-Tag on an NNI

When a custom ethertype is configured within the NNI physical interface, and VLAN range is not specified, the following rewrites are supported for a provider bridge:

For encapsulation untagged:

No rewrite

Rewrite ingress tag push dot1q vlan1 [second-dot1q vlan2] symmetric

For encapsulation default:

No rewrite

For encapsulation dot1q vlan:

No rewrite

Rewrite ingress tag pop 1 symmetric

Rewrite ingress tag translates 1-to-1 dot1q vlan symmetric

Rewrite ingress tag translate 1-to-2 dot1q vlan 1 second-dot1q vlan 2 symmetric

For encapsulation dot1q vlan1 second-dot1q vlan2

No rewrite

Rewrite ingress tag pop 1 symmetric

Rewrite ingress tag pop 2 symmetric

Rewrite ingress tag translate 1-to-1 dot1q vlan symmetric

Rewrite ingress tag translate 1-to-2 dot1q vlan 1 second dot1q vlan 2 symmetric

Rewrite ingress tag translate 2-to-1 dot1q vlan symmetric

Rewrite ingress tag translate 2-to-2 dot1q vlan 1 second-dot1q vlan 2 symmetric

Supported Rewrites for Range on C-Tag with an NNI

When a VLAN range is specified on the C-Tag, push Rewrites are not supported. These rewrites are supported for a VLAN range on C-Tag:

For encapsulation dot1q vlan1 - vlan2:

No rewrite

For encapsulation dot1q vlan1 second-dot1q vlan2 - vlan3:

No rewrite

Rewrite ingress tag pop 1 symmetric

Rewrite ingress tag translate 1-to-1 dot1q vlan symmetric

Rewrite ingress tag translate 1-to-2 dot1q vlan 1 second-dot1q vlan 2 symmetric


Note To avoid hierarchical provider bridges during custom ethertype configuration, NNI interface does not support ingress push rewrite except for encap untagged.


Restrictions and Usage Guidelines

Follow these restrictions and usage guidelines while configuring custom ethertype:

Cisco IOS Release 15.1(1)S supports custom ethertype on port-channels.

Custom ethertype is configured within a physical interface and is applicable to all service instances and subinterfaces of the physical interface.

Mixed custom ethertype is not supported. If you configure the ingress interface values as 8100/9100/9200/88a8, then traffic other than the corresponding ethertype in the outer tag is not supported. If a packet is received with outer-tag other than the configured custom ethertype, then it is treated as untagged. However, when a packet with outer tag 8100 is received, it is treated as tagged packet, irrespective of the configured custom ethertype.

When a custom ethertype is configured on the egress port with connect/cross connect configuration, the egress port does not filter the VLAN, and mismatched VLANs are relayed through the egress port.

If a custom ethertype is configured on the port-channel, the same ethertype is implicitly configured for all the other member interfaces.

You cannot configure custom ethertype explicitly under a member interface of a port-channel.

An interface configured with custom ethertype cannot be a part of port-channel.

This example shows ingress and egress port configuration:

Ingress configuration
Int Gi1/1
Dot1q tunnel ethertype 0x9100
service instance 1 ethernet
Encap dot1q [second-dot1q]
 
   
Egress configuration
Int Gi1/1
Dot1q tunneling ethertype 0x9200
service instance 1 eth
Encap untagged

SUMMARY STEPS

1. enable

2. configure terminal

3. interface gigabitethernet {ethernet |tengigabit Ethernet}

4. dot1q tunneling ethertype [0x9100| 0x9200| 0x88A8]

5. service instance Ethernet id [Ethernet service name]

6. [no] encapsulation untagged, dot1q {any | vlan-id[vlan-id[vlan-id]} second-dot1q {any | vlan-id[vlan-id[vlan-id]]}

7. Rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id}| 2-to-1 dot1q vlan-id }| 1-to-2 {dot1q vlan-id second-dot1q vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id dot1q vlan-id}} symmetric

8. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet slot/subslot/port[.subinterface-number]

or

interface tengigabitethernet slot/subslot/port[.subinterface-number]

Example:

Router# int Gigabit 1/0/0

Router# int Gigabit slot/port ES20

Router# interface Tengigabit slot/subslot/port

Specifies the Gigabit Ethernet or the 10-Gigabit Ethernet interface to configure.

Step 4 

dot1q tunneling ethertype [0x9100| 0x9200| 0x88A8]

Example:

Router# dot1q tunneling ethertype [0x9100 | 0x9200 | 0x88A8]

Configure Custom Ethertype as 9100, 9200, or 88A8 within the physical interface because all service instances on physical interface use the configured Ethertype.

Step 5 

service instance Ethernet id [Ethernet service name]

Example:
Router# service instance Ethernet <id> 
[Ethernet service name]

Creates a service instance (an instance of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 6 

[no] encapsulation untagged, dot1q {any | "<vlan-id>[,<vlan-id>[-<vlan-id>]]"} second-dot1q {any | "<vlan-id>[,<vlan-id>[-<vlan-id>]]"}

Example:

Router# encap dot1q 100 second dot1q 200

Defines the matching criteria that maps the ingress dot1q, QinQ, or untagged frames on an interface for the appropriate service instance.

Step 7 

Rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id}| 2-to-1 dot1q vlan-id }| 1-to-2 {dot1q vlan-id second-dot1q vlan-id dot1q vlan-id} | 2-to-2 {dot1qvlan-id second-dot1q vlan-id dot1q vlan-id}} symmetric

Example:

Router(config-if-srv)# Rewrite ingress tag push dot1q 20

Specifies the Rewrite operation.

Step 8 

exit

Example:

Router(config-if-srv)#exit

Exits the configuration mode.

Examples

Single Tag Encap with Connect with Custom Ethertype Configured

In this example, custom ethertype is configured on a single tag encap using the connect configuration:

Router#sh running-config int Gi1/0/0
//Building configuration...
interface GigabitEthernet1/0/0
 no ip address
 dot1q tunneling ethertype 0x9100
 no mls qos trust
 service instance 1 ethernet
  encapsulation dot1q 10
 
   
interface GigabitEthernet1/0/2
 no ip address
 dot1q tunneling ethertype 0x9100
 mls qos trust dscp
 service instance 1 ethernet
  encapsulation dot1q 10
Router)#connect LC1 GigabitEthernet 1/0/0 1 GigabitEthernet 1/0/2 1

Single Tag Encap with Bridge Domain

In this example, custom ethertype is configured on a single tag encap using bridge domain configuration:

 
   
interface GigabitEthernet1/0/0
 no ip address
 dot1q tunneling ethertype 0x9100
 no mls qos trust
 service instance 1 ethernet
  encapsulation dot1q 10
  bridge-domain 100
 
   
interface GigabitEthernet1/0/2
 no ip address
 dot1q tunneling ethertype 0x9100
 mls qos trust dscp
 service instance 1 ethernet
  encapsulation dot1q 10
  bridge-domain 100

Single Tag Encap with Cross Connect

In this example, custom ethertype is configured on a single tag encap with cross connect configuration:

interface GigabitEthernet1/0/0
 no ip address
 dot1q tunneling ethertype 0x9100
 no mls qos trust
 service instance 1 ethernet
  encapsulation dot1q 10
  xconnect 3.3.3.3 10 encapsulation mpls
 
   
interface GigabitEthernet1/0/1
 ip address 10.10.10.2 255.255.255.0
 no mls qos trust
 mpls label protocol ldp
 mpls ip

Custom Ethertype Support with Sub Interfaces

In this example, custom ethertype is configured on a subinterface. Custom ethertype is always configured within the main physical interface and QinQ encap is configured within the subinterface.

interface GigabitEthernet1/0/0
 no ip address
 dot1q tunneling ethertype 0x9100
 no mls qos trust
end
interface GigabitEthernet1/0/0.10
 encapsulation dot1Q 10 second-dot1q 20
 ip address 20.20.20.2 255.255.255.0
end

Verification

Use these commands to verify operations.

Command
Purpose

Router# show ethernet service instance [id instance-id | interface interface-id | interface interface-id] [detail]

Displays information about:

Specific EVCs if an EVC ID is specified.

All the EVCs on an interface, if an interface is specified.

The detail option provides additional information about the EVC. This can be given on a route processor of a line card console to determine if the Custom Ethertype is configured within a physical port.


Configuring Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE

The Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature allows service providers to offer triple-play services, residential internet access from a DSLAM, and business Layer 2 and Layer 3 VPN by providing for termination of double-tagged dot1q frames onto a Layer 3 subinterface at the access node.

The access node connects to the DSLAM through the 7600-ESM-2X10GE or 7600-ESM-20X1GE. This provides a flexible way to identify the customer instance by its VLAN tags, and to map the customer instance to different services.

Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE is supported only through Ethernet Virtual Connection Services (EVCS) service instances.

EVCS uses the concepts of EVCs (Ethernet virtual circuits) and service instances. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered. A service instance is the instantiation of an EVC on a given port on a given router.

Figure 2-6 shows a typical metro architecture where the access switch facing the DSLAM provides VLAN translation (selective QinQ) and grooming functionality and where the service routers (SR) provide QinQ termination into a Layer 2 or Layer 3 service.

Figure 2-6

Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE provides the following functionality:

VLAN connect with local significance (VLAN local switching)

Single tag Ethernet local switching where the received dot1q tag traffic from one port is cross connected to another port by changing the tag. This is a 1-to-1 mapping service and there is no MAC learning involved.

Double tag Ethernet local switching where the received double tag traffic from one port is cross connected to another port by changing both tags. The mapping to each double tag combination to the cross-connect is 1-to-1. There is no MAC learning involved.

Hairpinning:is a cross connect between two EFPS on the same port.

Selective QinQ (1-to-2 translation)

Cross connect—Selective QinQ adds an outer tag to the received dot1q traffic and then tunnels it to the remote end with Layer 2 switching or EoMPLS.

Double tag translation (2-to-2 translation) Layer 2 switching— Two received tagged frames are popped and two new tags are pushed.

Cross connect—Selective QinQ adds an outer tag to the received dot1q traffic and then tunnels it to the remote end with Layer 2 switching or EoMPLS.

Layer 2 switching—Selective QinQ adds an outer tag to the received dot1q traffic and then performs Layer 2 switching to allow SVI based on the outer tag for configuring additional services.

Double tag translation (2-to-2 translation) Layer 2 switching— Two received tagged frames are popped and two new tags are pushed.

Double tag termination (2-to-1 tag translation)

Ethernet MultiPoint Bridging over Ethernet (MPBE)—The incoming double tag is uniquely mapped to a single dot1q tag that is then used to do MPBE

Double tag MPBE—The ingress line uses double tags in the ingress packet to look up the bridging VLAN. The double tags are popped and the egress line card adds new double tags and sends the packet out.

Double tag routing—Same as regular dot1q tag routing except that double tags are used to identify the hidden VLAN.

Local VLAN significance—VLAN tags are significant only to the port.

Scalable EoMPLS VC—Single tag packets are sent across the tunnel.

QinQ policing and QoS

Layer 2 protocol data unit (PDU) packet—If the Layer 2 PDUs are tagged, packets are forwarded transparently; if the Layer 2 PDUs are untagged, packets are treated per the physical port configuration.

Restrictions and Usage Guidelines

When configuring Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE, follow these restrictions and usage guidelines:

Service Scalability:

Service Instances per port / NP: 8, 000

Service instances per Line Card: 16, 000

Service instances per port-channel: 8000. This is subject to the number of members per NP. This value would reduce by the factor of the member links per NP. If the members links are spread across various NPs, then the max number of service instances per port channel is unchanged.

TCAM Entry Usage: The number of TCAMs an EVC uses depends on the encapsulation configured on the TCAM as shown in the following examples.

Example 1

service instance 1 eth
encap dot1q 100
 
   

TCAMS used - 1

Example 2

service instance 1 eth
encap dot1q 200 second dot1q 300
 
   

TCAMs used - 1

Example 3

service instance 1 eth
encap dot1q 201, 202
 
   

TCAMs used - 2 (one for each encapsulation)

Example 4

service instance 1 eth
encap dot1q 20-40
 
   

TCAMs used - 4

First entry to match vlans 20-23 
Second entry to match vlans 24-31 
Third entry to match vlans 32-39
Fourth entry to match vlan 40
 
   

A range does not always mean multiple TCAMs as shown in the following example where one TCAM entry is used.

Example 5 -

service instance 1 ethernet
encap dot1q 8-15
service instance 2 ethernet
encap dot1q 2000 second-dot1q 96-127
 
   

TCAM usage per EVC : 1

Service instances per router: 32, 000

Bridge-domains per router: 4, 000

Local switching: 16, 000

Xconnect: 16, 000

Subinterface: 2, 000

Number of service instance on a particular domain: 110 per NP

QoS Scalability:

Shaping - parent queue is 2,000 and child queue is 16,000

Marking - parent queue is 2,000 and child queue is 16,000

Modular QoS CLI (MQC) actions supported include:

Shaping

Bandwidth

Two priority queues per policy

The set cos command, set cos-inner command, set cos cos-inner command, and set cos-inner cos command

WRED aggregate

Queue-limit

SUMMARY STEPS

1. enable

2. configure terminal

3. interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number]

4. [no] service instance id {Ethernet service-name}

5. encapsulation dot1q vlan-id

6. rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet slot/subslot/port[.subinterface-number]

or

interface tengigabitethernet slot/subslot/port[.subinterface-number]

Example:

Router(config)# interface gigabitethernet 4/0/0

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

slot/subslot/port—Specifies the location of the interface.

subinterface-number—(Optional) Specifies a secondary interface (subinterface) number.

Step 4 

[no] service instance id {Ethernet [service-name}

Example:

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 5 

 encapsulation dot1q vlan-id

Example:

Router(config-if-srv)# encapsulation dot1q 13

Defines the matching criteria to be used in order to map ingress dot1q frames on an interface to the appropriate service instance.

Step 6 

rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]

Example:

Router(config-if-srv)# rewrite ingress tag push dot1q 20

Specifies the tag manipulation that is to be performed on the frame ingress to the service instance.

Examples

Single Tag VLAN Connect

The following example shows a typical configuration of a DSLAM facing port of the first PE router.

 
   
! DSLAM facing port
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric 
!L2 facing port
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
! connect service
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101
 
   

Double Tag VLAN Connect

In this example, an incoming frame with an outer dot1q tag of 10 and inner tag of 20 enters TenGigabitEthernet1/0/1. It is index directed to TenGigabitEthernet1/0/2 and exits with an outer dot1q tag of 11 and inner tag 21. No MAC learning is involved.

The following example shows a typical configuration of a MPLS core facting port of the first PE router.

 
   
! DSLAM facing port
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
!L2 facing port
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q 21
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
! connect service
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101

Selective QinQ with Connect

This configuration uses EoMPLS to perform packet forwarding. This is index directed.

! DSLAM facing port - single tag packet from link
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20,30,50-60
!L2/QinQ facing port double tag packets
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
! connecting service instances
! QinQ outer dot1q is 11
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101
 
   

Selective QinQ with Xconnect

This configuration uses EoMPLS under single tag subinterface to perform packet forwarding. The following example shows a typical configuration of a MPLS core facing port of the second PE router.

DSLAM facing port

! DSLAM facing port
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20,30,50-60
Router(config-if-srv)# xconnect 2.2.2.2 999 pw-class vlan-xconnect
!
Router(config)# interface Loopback1
Router(config-if)# ip address 1.1.1.1 255.255.255.255

MPLS core facing port

! MPLS core facing port
Router(config)# interface TenGigabitEthernet2/0/1
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# mpls ip
Router(config-if)# mpls label protocol ldp
!
Router(config)# interface Loopback1
Router(config-if)# ip address 2.2.2.2 255.255.255.255
 
   

CE facing EoMPLS configuration

Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 1000
Router(config-if-srv)# encapsulation dot1q 1000 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)#xconnect 1.1.1.1 999 pw-class vlan-xconnect
 
   

Selective QinQ with Layer 2 Switching

This configuration uses Layer 2 Switching to perform packet forwarding. The forwarding mechanism is the same as MPB-E, only the rewrites for each service instance are different.

 
   

DSLAM facing port, single tag incoming

Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-subif)# bridge-domain 11

QinQ VLAN

Router(config)# interface VLAN11
!QinQ facing port
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk vlan allow 11
 
   

Double Tag Translation (2-to-2 Tag Translation)

In this case, double-tagged frames are received on ingress. Both tags are popped and two new tags are pushed. The packet is then Layer 2 switched to the bridge-domain VLAN.

 
   

QinQ facing port

Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 10
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 200 second-dot1q 20 
second-dot1q 10
Router(config-subif)# bridge-domain 200

QinQ VLAN

Router(config)# interface VLAN200
! 
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 200 second-dot1q 20
Router(config-subif)# bridge-domain 200
 
   

Double Tag Termination (2 to 1 Tag Translation)

This example falls under the Layer 2 switching case.

Double tag traffic

Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 200 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-subif)# bridge-domain 10
 
   
!
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-subif)# bridge-domain 10
!
Router(config)# interface TenGigabitEthernet1/0/3
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 30
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-subif)# bridge-domain 10
 
   

Verification

Use the following commands to verify operation.

Command
Purpose

Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detailed option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances s on the given interface.

Router# show ethernet service interface [interface-id] [detail]

Displays information in the Port Data Block (PDB).

Router# show mpls l2 vc detail

Displays detailed information related to the virtual connection (VC).

Router# show mpls forwarding (Output should have the label entry l2ckt)

Displays the contents of the Multiprotocol Label Switching (MPLS) Label Forwarding Information Base (LFIB).


Troubleshooting

Use these debug commands to troubleshoot Flexible QinQ feature.

Debug commands

Command
Purpose

[no] debug ethernet service evc [id <evc-id>]

Enables EVC debugging on the RP. If no EVC ID is specified, debugging is enabled for all EVCs on the system.

[no] debug ethernet service instance [id <instance-id> interface <interface-id> | interface <interface-id>]

Enables EFP debugging on the RP. If no options are specified, debugging for all EFPs is enabled. If an EFP ID and interface are specified, only those debug messages associatedwith the EFP are displayed as the output. If only an interface is specified, debug messages for all EFPs on that interface is displayed.

[no] debug ethernet service interface [<interface-id>]

Enables PDB debugging.

[no] debug ethernet service api

Enables debugging between Ethernet Services Infrastructure and its clients.

debug ethernet service oam-mgr

Enables OAM Manager debugging, to debug OAM inter-working.

[no] debug ethernet service error

Enables ethernet service error debugging.

[no] debug ethernet service all

Enables EI debugging messages for all PDBs, EVCs and EFPs


Table 2-11 provides the troubleshooting solutions for the Flexible mapping feature.

Table 2-11

Problem
Solution

Erroneous TCAM entries.

Use the show hw-module subslot subslot tcam command to verify and the TCAM entries. Share the output with TAC for further investigation.

Incorrect virtual VLAN IDs on a QinQ subinterface.

Use the test hw-mod subslot subslot command to verify the virtual VLAN ID values on a QinQ subinterface. Share the output with TAC for further investigation.

Wrong interface configured and tag manipulation incorrectly programmed.

Use the command show platform np interface detail to verfiy the interface and tag details. Share the output with TAC for further investigation.

VLAN ID is incorrectly programmed

Use the command show hw-module subslot subslot tcam all_entries vlan to verify the VLAN ID details. Share the output with TAC for further investigation.

Inner, outer start/end VLANs incorrectly programmed.

Use the show platform np efp command to verify the VLAN details. Share the output with TAC for further investigation.

Erroneous TCAM entries on the platform

Use the show plat soft qos tcamfeature and show plat soft qos tcamt commands to verify the TCAM entries. Share the output with TAC for further investigation.


Troubleshooting Flexible mapping feature

Configuring Flexible Service Mapping Based on CoS and Ethertype

The Flexible Serivce Mapping based on CoS and Etherytpe feature enhances the current capability of mapping packets to service instance. It uses CoS and Ethertypes to classify traffic into different service instances and consumes less number of VLANs on the module.

Prior to the implementation of this feature, three different VLANs were required to relay voice, data, and video services. This feature distinguishes an EVC based on the CoS value, and implements one EVC with CoS, and another EVC with inner CoS. You can also use the same VLANs for eight different EVCs (CoS values 0-7 = 8 values) saving the usage of VLANs . These EVCs are associated with bridge domain, cross connect (xconnect), and connect.

This feature extends the following capabilities to the current implementation of mapping the service instances:

Match on a single CoS value (either inner CoS or outer CoS, but not both simultaneously, and applicable only for QinQ).

Match on a range or list of CoS values when a single VLAN is specified in the encapsulation criteria in dot1q/QinQ EVCs.

Match support for a single CoS value for a range or list of VLANs. Acceptable range of CoS value is 0-7.

Match the following supported payload ethertypes

IPv4 (etype 0x0800)

IPv6 (etype 0x086dd)

pppoe-all (0x8863 and 0x8864)

In the case of QinQ, inner VLAN can have a range when the outer VLAN is a single VLAN.

Match on range or list of CoS values when both outer and inner VLANs are single.

Match on ethertype is supported both in the case of a single VLAN or in QinQ.

Supports pppoe-all command (matches both 0x8863 and 0x8864).

Matching on pppoe-session and pppoe-discovery commands are individually not supported.

You can use CoS and ethertype to classify the traffic into various service instances to reduce the number of vlans.

Restrictions and Usage Guidelines

When configuring Flexible Service Mapping based on CoS and Ethertype, follow these restrictions and guidelines:

This release supports pppoe-all (matches both pppoe-discovery and pppoe-session), and does not individually support pppoe-discovery and pppoe-session as ethertypes.

This feature supports both Dot1Q and QinQ.

Egress behavior implemented for mismatched CoS and Ethertype forwards the packet without re-write. There is no filtering on egress, based on the CoS or Layer 3 Ethertype. Even if CoS or Etherype mismatches, if egress VLAN information matches, the frames are forwarded.

Neither pppoe-discovery or pppoe-session are supported individually as Ethertypes. Cisco IOS 12.2(33) SRE release supports pppoe-all.

Service instances on port-channels are supported.

You cannot match Etherype and CoS for the same service instance.

In the case of QinQ, a service instance can match on either outer Cos or inner Cos, but not simultaneously for the same service instance.

You cannot specify a range or list of outer VLANs in double-tag cases.

MAC learning occurs with bridge-domain, but does not occur with xconnect and connect.

Egress checking of VLAN matching does not occur with xconnect and local connect.

Summary Steps

1. enable

2. configure terminal

3. interface gigabitethernet slot/subslot/port or interface tengigabitethernet slot/subslot/port or interface port-channel number

4. [no] shut

5. service instance id {Ethernet [service-name]}

6. encapsulation dot1q vlan-id {cos | comma| hyphen| etype} or encapsulation dot1q vlan-id second-dot1q {any | vlan-id[vlan-id[vlan-id]]} or

7. encapsulation dot1q vlan-id cos [0-7] or encapsulation dot1q vlan-id etype [IPv4|IPv6|pppoe-all] or

8. encapsulation dot1Q vlan-id {vlan id} second-dot1q {{any | vlan-id[vlan-id[vlan-id]} } cos {0-7} or

9. encapsulation dot1Q vlan-id {vlan id} second-dot1q {{any | vlan-id[vlan-id[vlan-id]} } etype {etype string} or

10. encapsulation dot1Q vlan-id {vlan id} cos [0-7] second-dot1q {{any | vlan-id[vlan-id[vlan-id]} }

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet slot/port

or

interface tengigabitethernet slot/port

or

interface port-channel number

Example:

Router(config)# interface gigabitethernet4/0/0

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

slot/port—Specifies the location of the interface.

Creates the port-channel interface.

Step 4 

[no] shut

Example:

Router(config-if)# no sh

Initiates the selected interface.

Step 5 

service instance id {Ethernet service-name}

Example:

R1(config-if)#serv inst 1 eth

Creates a service instance on the selected ethernet interface.

 

Note The commands that follow are used for dot1q or QinQ configurations. Read the purpose of each command to determine which to use.

Step 6 

encapsulation dot1q vlan-id {cos| comma|hyphen|etype}

Example:

R1(config-if-srv)#encap dot1q 100?

Defines the matching criteria to map dot1Q ingress frames on an interface to the appropriate service instance.The value of a VLAN ID is an integer in the range from 1 to 4094. Enter hyphens to separate the starting and ending VLAN IDS used to define a range of VLAN IDs. Available options are CoS and ethertype.

Note If range is used on VLANS, then range on CoS cannot be used, and vice versa.

 

or

 

encapsulation dot1q vlan-id second-dot1q {any | vlan-id[vlan-id[-vlan-id]]}

Example:

Router(config-if-srv)# encapsulation

dot1q 100 cos 2-5 second-dot1q 60

Defines the matching criteria to map Q-in-Q ingress frames on an interface to the appropriate service instance.

or

 

encapsulation dot1q vlan-id cos [0-7]

Example:

Router(config-if-srv)# encapsulation dot1q 100 cos 5-6

Specifies the CoS value in the match criteria for the ingress frames on the service instance.

or

 

encapsulation dot1q vlan-id etype [IPv4|IPv6|pppoe-all]

Example:

Router(config-if-srv)# encapsulation dot1q 100 etype ipv4

Specifies the payload ethertype value in the match criteria for the ingress frames on the service instance.

 

or

 

encapsulation dot1Q vlan id second-dot1q {{any | vlan-id[vlan-id[vlan-id]}} cos {0-7}

Example:

Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 60 cos 5

Specifies the encapsulation for QinQ with inner CoS.

 

or

 

encapsulation dot1Q vlan-id {vlan id} second-dot1q {{any | vlan-id[vlan-id[vlan-id]}} etype {etype string}

Example:

Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 60 etype ipv6

Specifies the encapsulation for QinQ with ethertype.

 

or

 

encapsulation dot1Q vlan-id {vlan id} cos [0-7] second-dot1q {{any | vlan-id[vlan-id[vlan-id]} }

Example:

Router(config-if-srv)# encapsulation

dot1q 100 cos 2-5 second-dot1q 60

Specifies the encapsulation for QinQ with outer CoS.

Support Configurations

The following are the supported Ethertype and CoS configurations:

Supported payload ethertype configurations for a single tag:

Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q vlan id etype ipv4

Supported payload Ethertype configurations for a double tag:

Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q vlan id second-dot1q vlan id etype ipv4
 
   

Supported payload Ethertype configurations for a single tag with a single VLAN:

Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 etype ipv4
Router(config-if-srv)# exit
Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 10 etype ipv6
Router(config-if-srv)# exit
Router(config-if)# service instance 3 ethernet
Router(config-if-srv)# encapsulation dot1q 10 etype pppoe-all
 
   

Supported payload Ethertype configurations for a single tag with range of VLANs:

Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 11-15 etype ipv4
Router(config-if-srv)# exit
Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 11-15 etype ipv6
Router(config-if-srv)# exit
Router(config-if)# service instance 3 ethernet
Router(config-if-srv)# encapsulation dot1q 11-15 etype pppoe-all

Supported payload Ethertype configurations for a double tag with no range:

Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 1001 etype ipv4
Router(config-if-srv)# exit
Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 1001 etype ipv6
Router(config-if-srv)# exit
Router(config-if)# service instance 3 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 1001 etype pppoe-all

Supported payload Ethertype configurations for double tag with range on inner VLANs:

Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 11-15 etype ipv4
Router(config-if-srv)# exit
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 11-15 etype ipv6
Router(config-if-srv)# exit
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 11-15 etype pppoe-all
 
   

Supported CoS configurations for a single tag:

Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 1 ethernet 
Router(config-if-srv)# encapsulation dot1q 100 cos 5
Router(config)# interface gigabitethernet 1/1 
Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 100 cos 6-7
Router(config)# interface gigabitethernet 1/1
Router(config-if)# service instance 3 ethernet 
Router(config-if-srv)# encapsulation dot1q 100 cos 0-3 
 
   

Supported CoS configurations for a double tag:

Inner Cos:

Router(config)# interface gigabitethernet 1/1 
Router(config-if)# service instance 1 ethernet 
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 60 cos 5 

Outer CoS:

Router(config-if)# service instance 2 ethernet 
Router(config-if-srv)# encapsulation dot1q 100 cos 5 second-dot1q 200

The following example displays EVCs with encap dot1q and CoS within a bridge domain:

R1# sh runn int gi 3/0/11
Building configuration...
 
Current configuration : 84 bytes
!
interface GigabitEthernet3/0/11
 no ip address
 shutdown
 mls qos trust dscp
end
R1# sh runn int gi 3/0/12
Building configuration...
 
Current configuration : 72 bytes
!
interface GigabitEthernet3/0/12
 no ip address
 no mls qos trust
end
 
R1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)# int gi 3/0/11
R1(config-if)# no sh
R1(config-if)# serv inst 1 eth
R1(config-if-srv)# encap dot1q 100 ?
  ,             comma
  -             hyphen
  cos           cos Vlan
  etype         payload ethertype after Vlan Field
  second-dot1q  inner 802.1Q Virtual LAN or C-VLAN
  <cr>
 
R1(config-if-srv)# encap dot1q 100 cos ?
  <0-7>  cos values
 
R1(config-if-srv)# encap dot1q 100 cos 5
R1(config-if-srv)# bridge-domain 202 
R1(config-if-srv)# int gi 3/0/12
R1(config-if)# no sh
R1(config-if)# serv inst 1 eth
R1(config-if-srv)# encap dot1q 100 cos 5
R1(config-if-srv)# bridge-domain 202
R1(config-if-srv)# end
R1# sh bridge-domain 202
Bridge-domain 202 (2 ports in all)
State: UP                    Mac learning: Enabled
    GigabitEthernet3/0/11 service instance 1
    GigabitEthernet3/0/12 service instance 1

The following example shows EVC with encap dot1q and etype ipv4 with bridge-domain:

R1(config)# int gi 3/0/11
R1(config-if)# serv inst 1 eth
R1(config-if-srv)# encap dot1q 100 etype ? 
  ipv4       IPv4
  ipv6       IPv6
  pppoe-all  PPPoE ALL
 
R1(config-if-srv)# encap dot1q 100 etype ipv4
R1(config-if-srv)# bridge-domain 202
R1(config-if-srv)# int gi 3/0/12
R1(config-if)# serv inst 1 eth           
R1(config-if-srv)# encap dot1q 100 etype ipv4
R1(config-if-srv)# bridge-domain 202         
R1(config-if-srv)# end 
R1# sh bridge-domain 202
Bridge-domain 202 (2 ports in all)
State: UP                    Mac learning: Enabled
    GigabitEthernet3/0/11 service instance 1
    GigabitEthernet3/0/12 service instance 1

Supported payload ether type configurations for a single tag:

	int g1/0/1
service instance 1 ethernet
encapsulation dot1q  100 etype ipv4 

Supported payload ether type configurations for a double tag:

int g1/0/1
service instance 2 ethernet
encapsulation dot1q 100 second-dot1q 60 etype ipv6
 
   
service instance 3 ethernet
encapsulation dot1q 100 second-dot1q 60 etype ipv4
 
   
service instance 4 ethernet
encapsulation dot1q 100 second-dot1q 60 etype pppoe-all
 
   

Supported CoS configurations for a single tag:

int g1/0/1
service instance 1 ethernet
encapsulation dot1q 100 cos 5

SupportedCoS configurations for a double tag:

int g1/0/1
service instance 2 ethernet
encapsulation dot1q 100 second-dot1q 60 cos 5
 
   
service instance 3 ethernet
encapsulation dot1q 100 cos 6-7 second-dot1q 60
 
   

Supported CoS configurations for local connect:

Router(config)# interface TenGigabitEthernet2/3 
Router(config-if)# no ip address 
Router(config-if)# service instance 1 ethernet 
Router(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5 
Router(config)# interface TenGigabitEthernet2/4 
Router(config-if)# no ip address 
Router(config-if)# service instance 1 ethernet 
Router(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5 
Router(config-if-srv)# connect local1 te2/3 1 te2/4 1 

Supported flexible service mapping configurations for cross connect:

Router 1(config)# interface TenGigabitEthernet2/3 
Router 1(config-if)# no ip address 
Router 1(config-if)# service instance 1 ethernet 
Router 1(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5 
Router 1(config-if-srv)# xconnect 75.1.1.5 10000 encapsulation mpls 
! 
Router 1(config-if-srv)# end 

The peer side router configuration is below:

Router 2(config)# interface GigabitEthernet3/0/14 
Router 2(config-if)# no ip address 
Router 2(config-if)# service instance 1 ethernet 
Router 2(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5 
Router 2(config-if-srv)# xconnect 75.1.1.1 10000 encapsulation mpls 
Router 2(config-if-srv)# end

Verification

Use the following commands to verify operation.

Command
Purpose

Router# show ethernet service instance [detail | id id interface type number [detail | mac security [address | last violation | statistics] | platform | stats] | interface type number [detail | platform | stats | summary] | mac security [address | last violation | statistics] | platform | policy-map | stats | summary]

Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances on the given interface.

Router# show bridge-domain [bridge-id [mac security [address | last violation | statistics] | split-horizon [group {group-number | all | none}]] | stats]

Displays the bridge domain information.


Sample output for the show ethernet service instance command:

Router# show ethernet service instance id 5 interface gigabitethernet3/1 detail
Service Instance ID: 5
Associated Interface: GigabitEthernet3/1
Associated EVC: 
L2protocol drop
CE-Vlans:                                                                        
Encapsulation: dot1q 11 vlan protocol type 0x8100 cos 3
Interface Dot1q Tunnel Ethertype: 0x8100
State: Up
EFP Statistics:
   Pkts In   Bytes In   Pkts Out  Bytes Out
   2253215  225321500    2248193  224819300

Sample output for the show ethernet service instance stats command:

Router 1# show ethernet service instance interface port-channel stats 
Port maximum number of service instances: 8000
Service Instance 1, Interface Port-channel
    Pkts In   Bytes In   Pkts Out  Bytes Out
   2253215  225321500    2248193  224819300
Service Instance 2, Interface Port-channel
   Pkts In   Bytes In   Pkts Out  Bytes Out
   2253215  225321500    2248193  224819300
Service Instance 3, Interface Port-channel
    Pkts In   Bytes In   Pkts Out  Bytes Out
   2253215  225321500    2248193  224819300
Router 1# show ethernet service instance interface port-channel detail 
Service Instance ID: 1
Associated Interface: Port-channel
Associated EVC: 
Port-channel load-balance interface: None
L2protocol drop
CE-Vlans:                                                                        
Encapsulation: dot1q 10 vlan protocol type 0x8100 second-dot1q 50 vlan protocol type 
0x8100 cos 5
Interface Dot1q Tunnel Ethertype: 0x8100
State: Up
EFP Statistics:
   Pkts In   Bytes In   Pkts Out  Bytes Out
   2253215  225321500    2248193  224819300
EFP Microblocks:
****************
Microblock type: Bridge-domain
Bridge-domain: 2301
Service Instance ID: 2
Associated Interface: Port-channel1
Associated EVC: 
Port-channel load-balance interface: None
L2protocol drop
CE-Vlans:                                                                        
Encapsulation: dot1q 101 vlan protocol type 0x8100 second-dot1q 205 vlan protocol type 
0x8100 payload etype pppoe-all
Interface Dot1q Tunnel Ethertype: 0x8100
State: Up
EFP Statistics:
    Pkts In   Bytes In   Pkts Out  Bytes Out
   2253215  225321500    2248193  224819300
EFP Microblocks:
****************
Microblock type: Bridge-domain
Bridge-domain: 2302
Service Instance ID: 3
Associated Interface: Port-channel
Associated EVC: 
Port-channel load-balance interface: None
L2protocol drop
CE-Vlans:                                                                        
Encapsulation: dot1q 5 vlan protocol type 0x8100 cos 6-7
Interface Dot1q Tunnel Ethertype: 0x8100
State: Up
EFP Statistics:
    Pkts In   Bytes In   Pkts Out  Bytes Out
   2253215  225321500    2248193  224819300
EFP Microblocks:
****************
Microblock type: Bridge-domain
Bridge-domain: 2303
 
   
Router 1# sh run int port-channel
Building configuration...
 
   
Current configuration : 361 bytes
!
interface Port-channel
 no ip address
 load-interval 30
 service instance 1 ethernet
  encapsulation dot1q 10 second-dot1q 50 cos 5
  bridge-domain 2301
 ! service instance 2 ethernet
  encapsulation dot1q 101 second-dot1q 205 etype pppoe-all
  bridge-domain 2302
 ! service instance 3 ethernet
  encapsulation dot1q 5 cos 6-7
  bridge-domain 2303
 !end

Configuring MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE

The MultiPoint Bridging over Ethernet (MPBE) on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature provides Ethernet LAN switching with MAC learning, local VLAN significance, and full QoS support. MPBE also provides Layer 2 switchport-like features without the full switchport implementation. MPBE is supported only through Ethernet Virtual Connection Services (EVCS) service instances.

EVCS uses the concepts of EVCs (Ethernet virtual circuits) and service instances. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered. A service instance is the instantiation of an EVC on a given port on a given router.

For MPBE, an EVC packet filtering capability prevents leaking of broadcast/multicast bridge-domain traffic packets from one service instance to another. Filtering occurs before and after the rewrite to ensure that the packet goes only to the intended service instance.

You can use MPBE to:

Simultaneously configure Layer 2 and Layer 3 services such as Layer 2 VPN, Layer 3 VPN, and Layer 2 bridging on the same physical port.

Define a broadcast domain in a system. Customer instances that are part of a broadcast domain can be in the same physical port or in different ports.

Configure multiple service instances with different encapsulations and map them to a single bridge domain.

Perform local switching between service instances on the same bridge domain.

Span across different physical interfaces using service instances that are part of the same bridge domain.

Use encapsulation VLANs as locally significant (physical port).

Replicate flooded packets from the core to all service instances on the bridge domain.

Configure a Layer 2 tunneling service or Layer 3 terminating service on the bridge domain VLAN.

MPBE accomplishes this by manipulating VLAN tags for each service instance and mapping the manipulated VLAN tags to Layer 2 or Layer 3 services. Possible VLAN tag manipulations include:

Single tag termination

Single tag tunneling

Single tag translation

Double tag termination

Double tag tunneling

Double tag translation

Selective QinQ translation

Restrictions and Usage Guidelines

When configuring the MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature, follow these restrictions and usage guidelines:

Each service instance is considered as a separate circuit on the bridge-domain.

Encapsulation can be dot1q or QinQ packets.

60 MPB VCs per 10G Complex ( or 120 MPB VCs per ES20 line card) are supported on one bridge-domain.

IGMP snooping is supported with MPB VCs.

Split Horizon is supported with MPB VCs.

BPDU packets are either tunneled or dropped.

For ingress policing, only the drop action and the accept action for the police command are supported. Marking is not supported as part of the policing.

Ingress shaping is not supported.

For ingress marking, supports match vlan command, match vlan-inner command, match cos command, match cos-inner command, set cos command, and set cos-inner command.

For egress marking, set cos command and set cos-inner command are supported; match inner-cos command and match inner-vlan command are not supported.

Summary Steps

1. enable

2. configure terminal

3. interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number]

4. [no] service instance id {Ethernet [service-name}

5. encapsulation dot1q vlan-id

6. rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]

7. [no] bridge-domain bridge-id

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet slot/subslot/port[.subinterface-number]

or

interface tengigabitethernet slot/subslot/port[.subinterface-number]

Example:

Router(config)# interface gigabitethernet4/0/0

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

slot/subslot/port—Specifies the location of the interface.

subinterface-number—(Optional) Specifies a secondary interface (subinterface) number.

Step 4 

[no] service instance id {Ethernet [service-name}

Example:

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 5 

encapsulation dot1q vlan-id

Example:

Router(config-if-srv)# encapsulation dot1q 10

Defines the matching criteria to be used in order to map ingress dot1q frames on an interface to the appropriate service instance.

Step 6 

[no] rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]

Example:

Router(config-if-srv)# rewrite ingress tag push dot1q 200

This command specifies the tag manipulation that is to be performed on the frame ingress to the service instance.

Note If this command is not configured, then the frame is left intact on ingress (the service instance is equivalent to a trunk port).

Step 7 

[no] bridge-domain bridge-id

Example:

Router(config-subif)# bridge domain 12

Binds the service instance to a bridge domain instance where bridge-id is the identifier for the bridge domain instance.

Examples

Single Tag Termination Example

In this example, the single tag termination unidentified customers based on a single VLAN tag and maps the single-VLAN tag to the bridge-domain.

Router(config)# interface TenGigabitEthernet1/2/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10 
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge domain 12
}

Single Tag Tunneling Example

In this single tag tunneling example, the incoming VLAN tag is not removed but continues with the packet.

Router(config)# interface TenGigabitEthernet1/2/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# bridge-domain 200
 
   

Single Tag Translation Example

In this single-tag translation example, the incoming VLAN tag is removed and VLAN 200 is added to the packet.

 
   
Router(config)# interface TenGigabitEthernet3/0/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag translate 1-to-1 dot1q 200 symmetric
Router(config-if-srv)# bridge-domain 200
 
   

Double Tag Termination Configuration Example

In this double-tag termination example, the ingress receives double tags that identify the bridge VLAN; the double tags are stripped (terminated) from the packet.

Router(config)# interface TenGigabitEthernet2/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 inner 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric 
Router(config-if-srv)# bridge-domain 200
Router(config-if)# service instance 2
Router(config-if-srv)# encapsulation dot1q 40 inner 30
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric 
Router(config-if-srv)# bridge-domain 200
 
   

Double-Tag Translation Configuration Example

In this example, double tagged frames are received on ingress. Both tags are popped and two new tags are pushed. The packet is then Layer 2-switched to the bridge-domain VLAN.

 
   
Router(config)# interface TenGigabitEthernet1/0/0		
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 40 second-dot1q 30 
symmetric
Router(config-if-srv)# bridge-domain 200
Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 40 second-dot1q 30
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 10 second-dot1q 20 
symmetric
Router(config-if-srv)# bridge-domain 200
 
   

Selective QinQ Configuration Example

In this example, a range of VLANs is configured and plugged into a single MPB VC.

Router(config)# interface TenGigabitEthernet1/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-if-srv)# bridge-domain 200
 
   
Router(config)# interface TenGigabitEthernet2/0/0				
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10-30
Router(config-if-srv)# bridge-domain 200
 
   

Untagged Traffic Configuration Example

In this example, untagged traffic is bridged to the bridge domain and forwarded to the switchport trunk.

Router(config)# interface GigabitEthernet2/0/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation untagged
Router(config-if-srv)# bridge-domain 11
Router(config)# interface TenGigabitEthernet1/0/0
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport allowed vlan 11

MPBE with Split Horizon Configuration Example

In this example, unknown unicast traffic is flooded on the bridge domain except for the interface from which the traffic originated.

Router(config)# interface GigabitEthernet2/0/0
Router(config-if)# no ip address
Router(config-if)# service instance 1000 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 10-20
Router(config-if-srv)# bridge-domain 100 split-horizon
Router(config-if)# service instance 1001 ethernet
Router(config-if-srv)# encapsulation dot1q 101 second-dot1q 21-30
Router(config-if-srv)# bridge-domain 101 split-horizon
Router(config-if)# service instance 1010 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rewrite ingress tag symmetric translate 1-to-2 dot1q 10 
second-dot1q 100 symmetric
Router(config-if-srv)# bridge-domain 10 split-horizon
Router(config-if)# mls qos trust dscp
 
   

In this example, service instances are configured on Ethernet interfaces and terminated on the bridge domain.

 
   
Router(config)# interface GigabitEthernet2/0/0
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 1000
Router(config-if-srv)# bridge-domain 10
 
   
Router(config)# interface GigabitEthernet1/0/0
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 10
 
   

In this example, VPLS is configured in the core with multiple bridge domains.

!
l2 vfi vpls10 manual
 vpn id 10
 neighbor 20.0.0.2 encapsulation mpls
!
l2 vfi vpls100 manual
 vpn id 100
 neighbor 20.0.0.2 encapsulation mpls
!
l2 vfi vpls11 manual
 vpn id 11
 neighbor 20.0.0.2 encapsulation mpls
!         
interface Vlan100
 mtu 9216
 no ip address
 xconnect vfi vpls1
end
 
   

Verification

Use the following commands to verify operation.

Command
Purpose

Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detailed option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances s on the given interface.

Router# show ethernet service interface [interface-id] [detail]

Displays information in the Port Data Block (PDB).

Router# show mpls l2 vc detail

Displays detailed information related to the virtual connection (VC).

Router# show mpls forwarding (Output should have the label entry l2ckt)

Displays the contents of the Multiprotocol Label Switching (MPLS) Label Forwarding Information Base (LFIB).


.

Configuring Gigabit Ethernet Link Aggregation with Advanced Load Balancing

When you configure an Ethernet Flow Point (EFP) within a port-channel interface, you can specify a primary and multiple backup member-links to use as the egress interface for that EFP when the interface state is set to UP and it is part of the port-channel group. When the preferred member link is not available (interface is state is set to DOWN or not part of the port-channel group), a backup member link is used to manually load balance the EFP traffic over the port-channel. For each port-channel member link, you can configure a unique link ID within an acceptable range of 1-16 within the channel group. For each of the member links, you can specify a list of Ethernet Virtual Connections (EVC)s in the member link to relay egress traffic.

If none of the backup links are available, or you have not configured the primary or the backup links, the router selects an egress interface for the specific EFP. The backup link is selected based on the order of the configured list of backup link IDs. The first backup link in the list is used if available or the next backup link in the list is used. This continues until an available backup link is found.

In bridge domains, ingress traffic can access any port with an EFP in the same bridge domain and port channel. In local switching (connect) and cross-connect (xconnect), ingress traffic is received at the EVC port specified in the connect or cross-connect configurations.

To associate an EFP, or a set of EFPs to an EFP Port channel member link, you should:

Assign a link ID to the port-channel member link at the interface configuration level.

Associate a list of EFPs to an egress member link in the port-channel interface configuration level.

Restriction and Usage Guidelines

Follow these restrictions and guidelines when you configure a Gigabit Ethernet Link Aggregation with Link Aggregation Control Protocol with Advanced Load Balancing:

When you configure a link ID for a port-channel member link, and configure that member link as the preferred egress link for the same service instances in that port-channel and the traffic is redistributed based on the following scenarios:

Service instances configured to be relayed over the preferred egress member links are relayed over the preferred member link. This is an expected behavior.

If you have not configured the preferred member link, traffic is not redistributed based on the following scenarios:

For example, if there are 8 member links in a port-channel, the port manager allocates the load share of the member links as follows:

Member 1 - Load share bit 0, Member 2 - Load share bit 1,

Member 3 - Load share bit 2, Member 4 - Load share bit 3,

Member 5 - Load share bit 4, Member 6 - Load share bit 5,

Member 6 - Load share bit 6, Member 7 - Load share bit 7.

When you configure Member 1 with link ID 2, the port manager allocates the load share bit of 2 to member 1. So, the new assignments are:

Member 1 - Load share bit 2, Member 3 - Load share bit 0 [Load share of the other members remain the same].

If the platform relays data over an egress link that has the load share bit 2, before the user has configured the link ID = 2 for Member 1, this EFP traffic is relayed over Member 3. After the user configuration happens, member 1 has the load share bit = 2, this traffic is relayed over member 1. The reverse also happens; traffic relayed over member 1 before the user configuration is relayed over member 3.

SUMMARY STEPS TO ASSIGN A LINK ID TO THE PORT- CHANNEL MEMBER LINK

1. enable

2. configure terminal

3. interface gigabitethernet type|slot|port

4. channel-group {group} mode {active | on | passive} {link {ID}

5. exit

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet type/slot/port

Example:

Router(config)#interface gigabitethernet 4/0/0

Specifies the Gigabit Ethernet interface to configure, where:

slot/subslot/port—Specifies the location of the interface.

Step 4 

channel-group channel-group-number mode {active | on | passive} link id

Router(config-if)#channel-group 100 mode on link 1

Assigns a link identifier to load balance the links in the channel group.

Step 5 

exit

Exits the configuration mode.

DETAILED STEPS TO ASSIGN A LINK ID TO THE PORT- CHANNEL MEMBER LINK

SUMMARY STEPS TO CREATE EVCS AND RELAY EGRESS TRAFFIC THROUGH ITS MEMBER LINKS

1. enable

2. configure terminal

3. interface PortChannel {ID}

4. PortChannel load-balance link {ID}

5. backup link {ID1} [...[ID8]]

6. service-instance {service instance list}

7. exit

8. enable

9. configure terminal

10. interface gigabitethernet type| slot|port

11. channel-group {group} mode {mode} {link {ID}}

DETAILED STEPS TO CREATE EVCS AND RELAY EGRESS TRAFFIC THROUGH ITS MEMBER LINKS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface PortChannel{ID}

Example:

Router#(config)#interface PortChannel 100

Specifies the port-channel interface.

Step 4 

PortChannel load-balance link {ID}

Example:

Router(config-if)#port-channel load-balance link 1

Assigns the link ID used for egress load balancing.

Step 5 

backup link {ID1} [...[ID8]]

Example:

Router#(config-if-lb)#backup link 3

Configures the backup link ID of a member link.

Step 6 

service-instance {service instance list}

Example:

Router#(config-if-lb)#service-instance 1

Configures a list of ethernet service instances whose egress traffic over the member link identified by Step 4.

Step 7 

exit

Example:

Router#(config-if-lb)#exit

Exits from port-channel load-balance config mode.

Step 8 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 9 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 10 

interface gigabitethernet slot/subslot/port

Example:

Router(config)#interface gigabitethernet 4/0/0

Specifies the Gigabit Ethernet interface to configure, where:

slot/subslot/port—Specifies the location of the interface.

Step 11 

channel-group {group} mode {mode} {link| link {ID}

Example:

Router(config-if)#channel-group 100 mode on link 2

Associates the specified member link to the EVC.

Examples

The following example shows the assignment of a link identified to a port-channel member link and its running configuration.

On RP
=====
Router-EoM1#show runn int Gig 3/0/2
Building configuration...
 
Current configuration : 149 bytes
!
interface GigabitEthernet3/0/2
 ip arp inspection limit none
 no ip address
 loopback mac
 no mls qos trust
 channel-group 100 mode on link 2
end
 
Router-EoM1#show runn int Gig 3/0/3
Building configuration...
 
Current configuration : 119 bytes
!
interface GigabitEthernet3/0/3
 no ip address
 loopback mac
 no mls qos trust
 channel-group 100 mode on link 3
end
 
Router-EoM1#
Router-EoM1#show runn int PortChannel 100
Building configuration...
 
Current configuration : 350 bytes
!
interface PortChannel100
 no ip address
 PortChannel load-balance link 1
  service-instance 1
  backup link 3
 !
 PortChannel load-balance link 2
  service-instance 2
  backup link 3
 !
 service instance 1 ethernet
  encapsulation dot1q 10
  bridge-domain 100
 !
 service instance 2 ethernet
  encapsulation dot1q 11
  bridge-domain 100
 !
end
 
Router-EoM1#show etherchannel summary 
Flags:  D - down        P - bundled in PortChannel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
 
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
 
 
   
Number of channel-groups in use: 2
Number of aggregators:           2
 
Group  PortChannel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(RD)          -        
100    Po100(RU)        -        Gi3/0/1(P)  Gi3/0/2(P)  Gi3/0/3(P)  

The following example shows the creation of EVCS and relaying the egress traffic through its member links.

Router-EoM1#show ethernet service instance load-balance 
Manually Assigned Load-Balancing Status for PortChannel100
 
 Link ID 1: GigabitEthernet3/0/1 (Active)
  Backup: Link ID 3 GigabitEthernet3/0/3
  Service instances: 1
 
 Link ID 2: GigabitEthernet3/0/2 (Active)
  Backup: Link ID 3 GigabitEthernet3/0/3
  Service instances: 2
Port maximum number of service instances: 8000
Service Instance 1, Interface PortChannel100
   Pkts In   Bytes In   Pkts Out  Bytes Out
         0          0          0          0
 
Service Instance 2, Interface PortChannel100
   Pkts In   Bytes In   Pkts Out  Bytes Out
         0          0          0          0
 
Router-EoM1#show ethernet service instance interface PortChannel 100 lo    
Router-EoM1#$et service instance interface PortChannel 100 load-balance 
Manually Assigned Load-Balancing Status for PortChannel100
 
 Link ID 1: GigabitEthernet3/0/1 (Active)
  Backup: Link ID 3 GigabitEthernet3/0/3
  Service instances: 1
 
 Link ID 2: GigabitEthernet3/0/2 (Active)
  Backup: Link ID 3 GigabitEthernet3/0/3
  Service instances: 2
 
Router-EoM1#
Router-EoM1#$et service instance interface PortChannel 100 summ         
Router-EoM1#$et service instance interface PortChannel 100 summary 
Associated interface: PortChannel100
            Total       Up  AdminDo     Down  ErrorDi  Unknown  Deleted  BdAdmDo  
bdomain         2        2        0        0        0        0        0        0  
xconnect        0        0        0        0        0        0        0        0  
local sw        0        0        0        0        0        0        0        0  
other           0        0        0        0        0        0        0        0  
Router-EoM1#
Router-EoM1#
Router-EoM1#show etherchannel ?
  <1-564>       Channel group number
  detail        Detail information
  load-balance  Load-balance/frame-distribution scheme among ports in
                PortChannel
  port          Port information
  PortChannel  PortChannel information
  protocol      protocol enabled
  summary       One-line summary per channel-group
  |             Output modifiers
  <cr>
 
Router-EoM1#show etherchannel Por
Router-EoM1#show etherchannel Port-c 
Router-EoM1#show etherchannel PortChannel 100 ?
% Unrecognized command
Router-EoM1#show etherchannel Port-channe      
Router-EoM1#show etherchannel PortChannel ?
  |  Output modifiers
  <cr>
 
Router-EoM1#show etherchannel PortChannel 
                Channel-group listing: 
 
   
On LC
======
ESM-20G-3#show platform interface PortChannel 100 efp all
index 0x10000001        if_number 38            efp ID 1     
service: bridging
configured member ports:
slot 3 port 2 pseudo_slotunit 140
slot 3 port 3 pseudo_slotunit 138
slot 3 port 4 pseudo_slotunit 136
egress interface: Gi3/0/1
ppe [0]: index 3    
 
index 0x10000002        if_number 38            efp ID 2     
service: bridging
configured member ports:
slot 3 port 2 pseudo_slotunit 141
slot 3 port 3 pseudo_slotunit 139
slot 3 port 4 pseudo_slotunit 137
egress interface: Gi3/0/2
ppe [0]: index 4    
 
 Number of entries: 2
ESM-20G-3#

Verification

Use the following commands to verify operation.

Table 2-12 Commands for Displaying Traffic Storm Control Status and Configuration

Command
Purpose

Router# show ethernet service instance interface interface load-balance

Displays the current egress memberlink assignments for service instances configured with port-channel load-balancing.

Router# show ethernet service instance id <efp> interface port-channel <group> detail

Displays detailed status for the specified service instance, including the egress memberlink assignment, if any.


Troubleshooting Load Balancing Features

Table Table 2-13 provides troubleshooting solutions for the LoadBalancing features.

Table 2-13 Troubleshooting Scenarios for Load Balancing features

Problem
Solution

Link group creation command is rejected with an error message "Incomplete command".

Re-configure the link group with the specific link ID and these keywords:

port-channel load-balance link:<< Missing link ID>>

no port-channel load-balance link : << Missing link ID>>

default port-channel load-balance link: << Missing link ID

port-channel load-balance: << Missing 'link' keyword

port-channel: << Missing 'load-balance' keyword>>

Error message "Invalid input detected".

Re-configure the link group with valid IDs.

Back up link command is rejected and an error message displayed

Ensure that:

The back up link ID does not overlap with the primary link ID.

You have not exceeded the permissible number of back up links.

You have not entered a sub-mode command in a deleted load-balance group.

Invalid input

1. Execute the show run command to confirm if duplicate back up link IDs exists between two link groups.

2. Ensure that the configured EFPs have valid IDs.

3. Ensure that you have not configured an existing EFP ID in a different link group.

Member link is disabled

Use the show etherchannel port-channel command to verify the load share of each member link. Study the derived output and share the information with TAC for further investigation.

Traffic is not dsitributed equally among all members (Port channel load balancing issue)

Use the show ethernet service instance interface port-channel load-balance command to verify the load balancing information for all the port channels. Share the output with TAC for further investigation.

Traffic is not dsitributed equally among all members (EFP load balancing issues)

Use the show ethernet service instance id efp interface port-channel group detail command to verify and display the the load balancing information for the EFPs. Share the output with TAC for further investigation.


Configuring Virtual Private LAN Service (VPLS) with Port-Channel as a Core Interface

Virtual Private LAN Service interconnects geographically disparate LAN segments as a single bridged domain over a packet switched network, such as MPLS Core.

The current Cisco IOS L2VPN implementation builds a point-to-point connection to interconnect the VCs of peer customer sites. To communicate directly among all the L2VPN sites, a distinct emulated VC is created between each pair of peer VCs. For instance, when two sites of the same L2VPN is connected to the same Provider Edge (PE) router, two separate emulated VCs are mapped to the remote site instead of sharing a common emulated VC.

For an L2VPN customer who uses the service provider backbone to interconnect its LAN segments, the multi-access broadcast network is transformed into a fully meshed point-to-point network. This requires extensive reconfiguration on the existing Customer Edge (CE) devices.

In a VPLS deployment model, the service provider backbone network acts as a logical bridge. The topology and signaling of the backbone is transparent to the interconnected LAN segments.

You can use this feature to:

Configure VPLS/H-VPLS on the port-channel interfaces of the ES20 line card as a core facing interface to provide port-channel member link redundancy and load balancing. The load-balancing is per-flow based, i.e. traffic of a VPLS VC is loadbalanced across member links based on the flow. For more information on the advanced load balancing options, see "Fat Pseudo-Wire Load Balancing" section and "Provider Router Load Balancing" section.

Match the capabilities and requirements of the VPLS in a single link. Due to multiple links in a Link Aggregation Group, the packets of a particular flow are always transmitted only to one link.

Configure VPLS with port-channel interfaces as the core facing interface, where the member links of the port-channel are from a ES20 or a ES40 line card.

TE-FRR Support on VPLS LAG NNI

In an MPLS environment, traffic engineering (TE) provides a fast protection mechanism for link and node failures using fast reroute (FRR). On the Cisco 7600 series router, TE/FRR across port channel bundles is supported using Bidirectional Forwarding Detection (BFD), Reservation Protocol (RSVP) fast hello packets, min-link or max-bundle configuration. The default interval for hello packets is 200 milliseconds. It takes three hello packets (600 milliseconds) to detect the downtime of a bundle.

The Link Aggregation Control Protocol (LACP) fast switchover with fast link detection, takes about 200 to 600 milliseconds from the time a link has failed to the time the line card has processed the membership change request. TE/FRR measurements are highly dependent on LACP convergence, RSVP fast hello intervals, and LTL programming.

Traffic engineering fast reroute (TE-FRR) for VPLS over port-channel (PoCH) is supported in Cisco IOS Release 15.0(1)S.

For more information on MPLS TE- FRR, see the MPLS Traffic Engineering (TE) - Fast Reroute (FRR) Link and Node Protection feature guide at the following url:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_frr_node_prot.html

Load Balancing

Load balancing ensures that the packets reach their destination in an orderly fashion. You can use the port-channel as the core facing interface in the PE routers to load balance per flow for the VCs mapped to this port-channel. To maintain the load balancing at the PE routers, you can use Fat Pseudo-Wire Load Balancing and Provider Router Load Balancing.

Fat Pseudo-Wire Load Balancing

Fat pseudo-wire load balancing balances the VPLS VC traffic across the core network. An additional load balance label is inserted along with the VPLS VC labels such as VC label, and IGP label at the PE side. The remote end PE removes the load-balance label on the packet. For a single VC, the load-balance label is calculated based on the flow information of a VC.

At the core router, you can use the fat pseudo-wire to perform the following load balancing types:

Equal Cost Multi-Path (ECMP): In a core network, multiple ECMP paths are used to reach the remote PE. Application of the load-balance label balances the traffic load across the multiple paths. This is because the load-balance label is different for different flows of a VC,and the hash algorithm using the mpls label for load-balancing generates a different hash to distribute the traffic.

Port-channel: In a core network, if the selected path is a port-channel, the member links are load balanced due to modifications in the load balance label.

You can use the platform vfi load-balance-label vlan [vlan|vlan-vlan] command to configure the Fat pseudo-wire load balancing per vlan on a PE router. This is irrespective of the core facing interface being a port-channel or a non port-channel.

Provider Router Load Balancing

This is not supported in the ES20 line card. For more information about its support on a ES40 line card, see Cisco 7600 Series Ethernet Services + Line Card Configuration Guide located at the following URL:

http://www.cisco.com/en/US/docs/routers/7600/install_config/ES40_config_guide/es40_sw_config.html

BPDU PW Over LAG NNI

BPDU PW can be provisioned over a port channel interface. Provisioning BPDU PW on a port channel enables you to benefit from the link redundancy provided by LAG NNI. The redundancy helps pseudowire to remain always UP.

Effective from Cisco IOS Release 15.1(2)S, this feature is supported on the Cisco 7600 series routers. For configuration information, see Configuring BPDU PW on a Port Channel.

Restrictions and Usage Guidelines

Follow these restrictions and guidelines to configure H-Virtual Private LAN Service (VPLS) within a port-channel core interface:

Provider Edge (PE) router LAG is supported on the ES-20 line card, for VPLS imposition or disposition functions.

Provider router load balancing is not supported on the ES20 line card.

A highly scaled VPLS setup or a highly scaled multicast configuration over VPLS on port-channel interfaces, can impact LACP fast switchover convergence.

Existing port-channel features are supported.

A maximum of six VPLS port-channel core interfaces are supported in the core router.

QoS is not supported on ES20 port-channel interfaces, member-links, and port-channel subinterfaces.

When a fat pseudowire (P/W) is configured, the core facing interface should be from a ES20 or a ES40 line card.

A fat P/W is supported through a configurable command and should be uniformly enabled across all the peer PE routers.

SUMMARY STEPS

1. enable

2. configure terminal

3. platform vfi load-balance-label vlan [vlan|vlan-vlan]

or

port-channel load-balance src-dst-mixed-ip-port

or

[no] port-channel load-balance mpls

or

[no] platform mpls load-balance ingress-port

4. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable 

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters the global configuration mode.

Step 3 

platform vfi load-balance-label vlan [vlan|vlan-vlan]

Example:

Router(config)# platform vfi load-balance-label vlan 5

Configures fat pseudowire load balance label.

or

 

[no] port-channel load-balance src-dst-mixed-ip-port

Example:

Router(config)# port-channel load-balance src-dst-mixed-ip-port

Configures port channel load balancing.

The src-dst-mixed-ip-port mode allows load balance of IPV4 packets by source and destination MAC address, source and destinationIP address and TCP/UDP port number.

or

 

[no] port-channel load-balance mpls [label|label-ip]

Example:

Router(config)# Router(config)# port-channel load-balance mpls label

Configures port channel load balancing. The mpls mode uses the MPLS label or IP address during load balancing. Load-balance label balances the traffic across the multiple paths

or

 

[no] platform mpls load-balance ingress-port

Example:

Router(config)# platform mpls load-balance ingress-port

Configures ingress port-based load balancing on the P-router. Use the no form of the command to disable the configuration.

Step 4 

exit

Exits from the configuration mode.

Verification

You can execute the show running-config | include load-balance command to confirm if the load balance label is applied, and the fat pseudowire is enabled on the router.

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# end
Router# show running-config | include load-balance
platform vfi load-balance-label vlan 6-100
port-channel load-balance src-dst-mixed-ip-port

Configuring BPDU PW on a Port Channel

Configure BPDU PW on a port channel between two PEs. Before you begin, you need to configure a VFI on a remote peer enabling BPDU PW on it. Complete the following steps:

SUMMARY STEPS

1. enable

2. configure terminal

3.