Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide
Configuring Virtual Private LAN Service
Downloads: This chapterpdf (PDF - 427.0KB) The complete bookPDF (PDF - 13.45MB) | Feedback

Configuring Virtual Private LAN Service

Table Of Contents

Configuring Virtual Private LAN Service

Information About for Virtual Private LAN Service

Layer 2 Services

Attachment Circuits

Pseudowire Interface

Control Word

Virtual Forwarding Interface

Bridge Domain

Ethernet Virtual Circuits

Ethernet Flow Point

Flow per EFP

Border Gateway Protocol Auto Discovery

MAC Address Support

MAC Address Flooding

MAC Address Forwarding

MAC Address Learning

MAC Address Learning Aging

MAC Address Withdrawal

Layer 2 VPN Stateful High Availability

LinkSec

Hop-by-Hop Encryption

Encryption and Decryption at Customer Edge Devices

MPLS Quality of Service

Experimental Bits

Licensing Requirements for Virtual Private LAN Service

Guidelines and Limitations for Virtual Private LAN Service

Configuring Access Circuits for Virtual Private LAN Service

Configuring an Ethernet Virtual Circuit for an 802.1Q Access Circuit

What to Do Next

Manually Configuring a Pseudowire Interface

Configuring a Virtual Forwarding Interface for Static Pseudowires

Configuring a Virtual Forwarding Interface for Auto Discovery

Configuring BGP Auto Discovery and BGP Signaling

Configuring BGP Auto Discovery and LDP Signaling

Customising BGP-Based Auto Discovery Settings (optional)

Configuring Virtual Private LAN Service with a Bridge Domain

Configuring Virtual Private LAN Service with a VLAN

Verifying the Virtual Private LAN Service Configuration

Configuration Examples for Virtual Private LAN Service

Example: VPLS with a Bridge Domain

Example: VPLS with a VLAN

Example: VPLS Auto Discovery and BGP Signaling

Example: VPLS Auto Discovery and LDP Signaling

Additional References for Virtual Private LAN Service

Related Documents

MIBs

Feature History for Virtual Private LAN Service


Configuring Virtual Private LAN Service


This chapter describes how to configure Virtual Private LAN Service (VPLS) Access Circuits (ACs) for Layer 2 Virtual Private Networks (L2VPNs) on Cisco NX-OS devices.

This chapter includes the following sections:

Information About for Virtual Private LAN Service

Licensing Requirements for Virtual Private LAN Service

Guidelines and Limitations for Virtual Private LAN Service

Configuring Access Circuits for Virtual Private LAN Service

Verifying the Virtual Private LAN Service Configuration

Configuration Examples for Virtual Private LAN Service

Additional References for Virtual Private LAN Service

Feature History for Virtual Private LAN Service

Information About for Virtual Private LAN Service

This section includes the following topics:

Layer 2 Services

Attachment Circuits

Virtual Forwarding Interface

Bridge Domain

Ethernet Virtual Circuits

Ethernet Flow Point

Border Gateway Protocol Auto Discovery

MAC Address Support

Layer 2 VPN Stateful High Availability

LinkSec

MPLS Quality of Service

Layer 2 Services

A Layer 2 Virtual Private Network (L2VPN) enables service providers to carry multiple network services over a single converged network using Multiprotocol Label Switching (MPLS). MPLS L2VPN extends the Layer 2 domains in data centers. MPLS can be used to connect branch offices to back up data centers and also to interconnect multiple data centers in the same organization.

L2VPN services using the MPLS/IP core can be divided into two categories: wire and LAN services. The Virtual Private Wire Service (VPWS) provides point-to-point service between two customer edge (CE) devices over the provider core. The Virtual Private LAN Service (VPLS) provides point-to-multipoint service between multiple customer sites using a mesh of point-to-point pseudowires over the provider core to emulate a LAN between the sites.

Attachment Circuits

A Layer 2 circuit that connects a customer edge (CE) node to a provider edge (PE) node is known as an attachment circuit or AC. A Layer 2 VPN (L2VPN) supports only Ethernet ACs on Cisco NX-OS devices.

To cross the network core, the Layer 2 traffic is tunneled inside a pseudowire. A pseudowire is typically a Multiprotocol Label Switching (MPLS) label-switched path (LSP), or a Layer 2 Tunneling Protocol (L2TP) tunnel, or the psuedowire can be locally switched from another AC. Layer 2 VPN connects different types of circuits (that is different types of Layer 2 ACs and pseudowires) together in different ways to implement different types of end-to-end services.

The following types of ACs are supported:

Ethernet port mode—This AC includes all frames that are sent and received on a physical Ethernet port.

Ethernet 802.1Q—This AC includes all frames that are sent and received with a particular VLAN tag.

Ethernet 802.1ad (Q-in-Q)—This AC includes all frames that are sent and received with a specific outer VLAN tag and a specific inner VLAN tag. VLAN-in-VLAN (Q-in-Q) is supported only in the service instance configuration and not in the subinterface configuration.

Ethernet QinAny—This AC includes all frames that are sent and received with a specific outer VLAN tag and any inner VLAN tags, as long as the inner VLAN tag is not used on another subinterface.

An attachment circuit can participate in a Virtual Private LAN Service (VPLS) via a bridge domain. The Layer 2 switch port interfaces can also participate in VPLS forwarding. You can configure link bundles (port channels) with Ethernet Virtual Circuits (EVCs) to provide encapsulation types for link bundles.

Pseudowire Interface

A pseudowire (PW) is a mechanism for emulating various networking or telecommunications services across packet-switched networks that use Ethernet, IP, or MPLS. A pseudowire interface (also known as a PW) in Cisco NX-OS is a logical interface type that represents a PW so that it can be consistently characterized in all communication and operations throughout the system.

You can create a static PW or dynamic PW configuration in pseudowire interface mode. Long form pseudowire interfaces must be explicitly configured using the appropriate Cisco NX-OS commands. Short-term, also known as auto-generated or dynamic, PWs are programmatically created and destroyed; you cannot configure a short-term PW. PW configurations can also be imported using a port profile.

With VPLS, different sites can share an Ethernet broadcast domain via PWs, providing any-to-any connectivity. VPLS uses a full mesh of Ethernet PWs to emulate a LAN segment or broadcast domain that is capable of learning and forwarding, based on Ethernet MAC addresses. The PW if-index is used as a handle for identification throughout the system; MAC entries are also acquired against these PWs.

Control Word

According to RFC 4448, if a pseudowire (PW) is sensitive to packet misordering and is being carried over an MPLS packet switched network (PSN) that uses the contents of the MPLS payload to select the Equal Cost Multipath (ECMP), the PW must employ a mechanism that prevents packet misordering. This is necessary because ECMP implementations may examine the first nibble after the MPLS label stack to determine whether the labeled packet is IP or not. Thus, if the source MAC address of an Ethernet frame carried over the pseudowire without a control word present begins with 0x4 or 0x6, it can be mistaken for an IPv4 or an IPv6 packet. Depending on the configuration and topology of the MPLS network, this can lead to a situation where all packets for a given PW do not follow the same path, increasing out-of-order frames on a given PW or causing Operations, Administration, and Maintenance (OAM) packets to follow a different path than the actual traffic.

The Control Word Support feature provides the ability to sequence individual frames on the pseudowire, avoid ECMP paths, and perform OAM mechanisms including Virtual Circuit Connectivity Verification (VCCV).

Virtual Forwarding Interface

A virtual forwarding interface (VFI) defines the configuration and the membership of the core pseudowires in the VPLS. A VFI is a virtual Layer 2 bridge that connects attachment circuits (physical Ethernet ports, logical Ethernet ports, or PWs) from customer edge (CE) devices to virtual circuits (VCs). The VFI is allocated an interface type and index in the system and is used by L2VPN and other components as an identifier.

Bridge Domain

A bridge domain is a generic object that represents a Layer 2 broadcast domain on a device. VPLS uses a bridge domain to define a point-to-multipoint layer 2 service.

Creating a bridge domain also creates the underlying VLAN, if it does not already exist. There is a one-to-one mapping of bridge-domains to VLANs; bridge domain 100 maps to VLAN 100.

Ethernet Virtual Circuits

An Ethernet Virtual Circuit (EVC) as defined by the Metro Ethernet Forum is a port-level point-to-point or multipoint-to-multipoint Layer 2 circuit. It is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer.

Ethernet Flow Point

An Ethernet Flow Point (EFP) is the instantiation of an EVC on a specific interface on a device. The EFP interface representation is similar to that of a subinterface that maintains the parent-child relationship with the port.

The EFP interface is a Layer 2 logical interface. Any Layer 2 feature, protocol, or application that functions on a switchport is equally applicable to an EFP, all though some constraints might apply. Similar to a physical port, the interface state machine and forwarding behavior for the EFP depends on the service to which it belongs.

An EFP interface, also known as a service instance, is implicitly created when you configure an Ethernet service instance on a port. An EFP can be configured under a physical or logical parent port. Each service instance has its own configuration submode. Different features that apply to the service instance can be configured in that submode.

Because a single parent port can support multiple service instances, several EFPs can be associated with the port, with each EFP as part of a different EVC. For this reason, whenever a service instance is configured on a port, the port is internally brought up in trunk mode.


Note The EVC represents a bridge domain. An EFP is an instance of an Ethernet flow on a particular interface, that belongs to a bridge domain. The Ethernet flow, not the entire port, belongs to the bridge domain.


Flow per EFP

EVCs can identify flows based on multiple criteria in the Layer 2 header. In Cisco NX-OS, the flow identification for devices with Earl8 hardware is based on matching the VLAN tag of the incoming packet. If the incoming packet has multiple VLAN tags only the outer tag is used for traffic mapping to EFP.

Encapsulation defines the matching criteria that maps a VLAN to the service instance. A single VLAN ID can be configured for an exact match of the outermost tag. Any VLAN ID that is not specifically configured on an EFP or subinterface is treated as if it is implicitly configured for default encapsulation. On a parent port, you can configure either a single default EFP or one or more EFPs with explicit encapsulation, but not both.

Border Gateway Protocol Auto Discovery

Border Gateway Protocol Auto Discovery (BGP-AD) automatically detects when provider edge (PE) devices are added to or removed from the VPLS domain, eliminating the need to manually configure PWs. BGP-AD can use either BGP or Label Distribution Protocol (LDP) signaling to exchange label binding information for supporting forwarding in an MPLS network.

The BGP-based auto discovery mechanism distributes Layer 2 VPN (L2VPN) endpoint provisioning information. BGP uses a separate L2VPN Routing Information Base (RIB) to store endpoint provisioning information, which is updated each time any Layer 2 VFI is configured. Prefix and path information is stored in the L2VPN database, allowing BGP to make best-path decisions. When BGP distributes the endpoint provisioning information in an update message to all its BGP neighbors, the endpoint information is used to set up a pseudowire mesh to support L2VPN-based services.

The VPLS BGP Signaling feature enables you to use BGP as the control plane protocol for both auto discovery and signaling in accordance with RFC 4761. Internal BGP (iBGP) peers exchange L2VPN AFI/SAFI update messages with L2VPN information to perform both auto discovery and signaling. The BGP multiprotocol Network Layer Reachability Information (NLRI) consists of a Route Distinguisher (RD), VPLS Endpoint ID (VE ID), VE Block Offset (VBO), VE Block Size (VBS), and Label Base (LB). Each NLRI consists of block labels such as LB, LB+1,...., LB+VBS-1. The NLRI is exchanged between BGP devices for BGP auto-discovery with BGP signaling.

Label Distribution Protocol (LDP)-based signaling follows the procedures specified in RFC4447, which states that one Provider Edge device (PE1) sends a Label Mapping message to another PE device (PE2) to establish an LDP session in one direction. If the message is processed successfully, and there is no LDP session for the pseudowire in the opposite (PE2-to-PE1) direction, then PE2 sends a Label Mapping message to PE1.

For PE1 to begin signaling PE2, PE1 must know the address of the remote PE2. This information can be configured at PE1, or it can be generated dynamically through an auto-discovery procedure. The egress PE (PE1), which has knowledge of the ingress PE, initiates the setup by sending a Label Mapping message to the ingress PE (PE2), the Label Mapping message contains the FEC Tag Limit Values (TLV).

When the PE2 receives a Label Mapping message, PE2 interprets the message as a request to set up a pseudowire whose endpoint, PE2 is the forwarder. A Virtual Circuit (VC) or a pseudowire label is used to process packets at each PE device. Each PE device must reserve a PW label (local label) and advertise it to the peer. The VC label bindings exchanged over the targeted LDP session use the Forwarding Equivalence Classes (FEC) element type 128 via the LDP downstream unsolicited mode. Only one targeted session is created for multiple VCs between the PEs. If there already is a targeted session between the PEs by another application, then that session will be used. LDP will use the FEC type 128 to determine that the message is for the AToM application. LDP FEC 129 is used with auto-discovery.


Note VPLS with LDP signaling and no auto discovery is the most widely deployed solution.


MAC Address Support

Layer 2 VPN (L2VPN) MAC address support is enabled by default when you configure a VPLS.

MAC Address Flooding

One of the attributes of an Ethernet service is that frames sent to broadcast addresses and to unknown destination MAC addresses are flooded to all ports. To achieve flooding within the service provider network, all unknown unicast, broadcast and multicast frames are flooded over the corresponding pseudowires (PWs) to all Provider Edge (PE) nodes participating in the VPLS, as well as to all attachment circuits (ACs).

Multicast frames are different and do not necessarily have to be sent to all VPN members. For simplicity, the default approach of broadcasting multicast frames is used. To forward a frame, a PE must be able to associate a destination MAC address with a PW. VPLS-capable PEs have the capability to dynamically learn MAC addresses on both ACs and PWs and to forward and replicate packets across both ACs and PWs.

The MAC address table contains a list of the known MAC addresses and their forwarding information. In a typical VPLS architecture, the MAC address table and its management are distributed, which means that a copy of the MAC address table is maintained on the route processor (RP) card and the line cards.

MAC Address Forwarding

A MAC address table contains address information that the switch uses to forward traffic between ports. All MAC addresses in the address table are associated with one or more ports. The table also contains a list of all known MAC addresses and their forwarding information. To forward a frame, a provider edge (PE) device must associate a destination MAC address with a pseudowire or an attachment circuit. This type of association is provided through a static configuration on each PE device or through dynamic learning that is flooded on all bridge ports.

When Layer 2 frames are received, VPLS does a lookup of the destination MAC address to learn the source MAC address. If the destination MAC address is not present in the MAC address table, the Layer 2 frames are flooded on the VLAN on which these frames were received. Flooded frames are sent on all configured pseudowires.

When Layer 2 frames are received on a pseudowire, the source MAC address is learnt from the MAC address table by using the pseudowire port identifier (peer_id). If the destination MAC address is not present in the MAC address table, the frames are flooded on Layer 2 ports. If the destination MAC 2 address is present in the MAC address table, the frames are forwarded to the Layer 2 port or to the destination peer.

MAC Address Learning

When a Layer 2 frame arrives on a bridge port, such as a pseudowire or an attachment circuit, and the source MAC address is unknown to the receiving Provider Edge (PE) device, the source MAC address is associated with the pseudowire or the attachment circuit. Outbound frames to the MAC address are forwarded to the appropriate pseudowire or attachment circuit.

MAC address learning uses the MAC address information that is learned from the hardware forwarding path. The number of learned MAC addresses is limited through configurable per-port and per-bridge domain MAC address limits.

MAC Address Learning Aging

A timer is associated with the MAC addresses available in the MAC table. When this timer expires, the MAC addresses become invalid and are removed from the table. The relevant MAC entries are repopulated. This event is called MAC address aging. Provider Edge (PE) devices must learn remote MAC addresses and directly attached MAC addresses on customer facing ports. MAC address learning accomplishes this by deriving topology and forwarding information from packets originating at customer sites.

MAC Address Withdrawal

VPLS MAC address withdrawal provides faster convergence by removing (or unlearning) MAC addresses that have been dynamically learned. No configuration is needed for enabling MAC address withdrawal support. Provider Edge (PE) devices learn the remote MAC addresses and directly attached MAC addresses on customer-facing ports by deriving the topology and forwarding information from packets originating at customer sites.

Layer 2 VPN Stateful High Availability

The L2VPN Stateful High Availability (HA) feature uses two supervisor modules to provide uninterrupted service during a system failure. This implementation is the same for both Ethernet over Multiprotocol Label Switching (EoMPLS) and Virtual Private LAN Service (VPLS). During a failure, when an active supervisor is down, the standby supervisor seamlessly takes over all operations without disruptions. The supervisor modules also use Nonstop Forwarding (NSF), Stateful Switchover (SSO), and Graceful Restart (GR) for Any Transport over MPLS (AToM) to recover from an interruption in the service.

Peer Label Switch Routers (LSRs) exchange label binding information in an Multiprotocol Label Switching (MPLS) network to support the forwarding process. The MPLS Label Distribution Protocol Graceful Restart feature provides a mechanism by which the forwarding state between LSRs can be maintained during interruptions such as SSO failover events and temporary loss of Label Distribution Protocol (LDP) communication between the LSRs to enable NSF for MPLS traffic.

To enable NSF for Any Transport over MPLS (AToM) traffic, the Provider Edge (PE) devices and the LDP peers involved in the SSO event must support GR. There is no specific configuration required for Layer 2 VPN stateful HA.

LinkSec

The LinkSec feature provides security for data centers over pseudowires using point-to-point encryption. LinkSec supports IEEE 802.1AE link-layer cryptography that provides hop-by-hop security of data in the MAC layer. Link-layer cryptography helps ensure end-to-end data privacy while enabling the insertion of security service devices along the encrypted path.

Hop-by-Hop Encryption

In this type of deployment, data is encrypted on the egress interface of the device and decrypted on the ingress interface of the device. Hence, data is encrypted while being transmitted on interfaces but decrypted inside devices. However, if LinkSec is unavailable on certain legs of the network, data is sent in decrypted state on these legs. The advantage of this type of deployment is that Layer 2 Virtual Private Network (L2VPN) or Multiprotocol Label Switching (MPLS) is not aware of the encryption.

Hop-by-hop encryption is the default mode of encryption in LinkSec.

Encryption and Decryption at Customer Edge Devices

After Layer 2 Virtual Private Network (L2VPN) or Multiprotocol Label Switching (MPLS) has added its label information to the frame, LinkSec encrypts both the data packet and the VLAN tag. Hence, the VLAN tag is lost and LinkSec sends the entire package across the network as payload.In this type of deployment, data is encrypted and decrypted at customer edge (CE) devices only.

To enable this deployment, you should configure the provider edge (PE) ports in the port mode of L2VPN operation because the VLAN tag is lost during LinkSec encryption.

This method can also be deployed by configuring the PE ports as access switch ports and mapping the packets that enter the ingress PE1 interface to an access VLAN. The packets are then forwarded using Virtual Private Lan Service (VPLS) or Ethernet over Multiprotocol Label Switching (EoMPLS) if the egress PE1 interface is configured to be part of a bridge-domain of the VLAN.

MPLS Quality of Service

Class of service (CoS) bits in the 802.1Q header are commonly referred to as 802.1p bits. To maintain the quality of service (QoS) when a packet traverses both Layer 2 and Layer 3 domains, the type of service (ToS) and CoS values must be mapped to each other. CoS refers to three bits in either an Inter-Switch Link (ISL) header or an 802.1Q header that are used to indicate the priority of an Ethernet frame as it passes through a switched network.

The 802.1p provides QoS-based matching and marking to VLAN user priority bits to provide QoS on the Gigabit Ethernet WAN interface for 802.1Q packets. Packet marking helps identify packet flows. Packet marking enables the partitioning of a network into multiple priority levels, or CoS. During network congestion, packets that are marked as priority are offered a higher priority than other packets.

802.1p input packets are classified at eight different QoS levels (0 to 7) based on the VLAN user priority bits. For 802.1p output packets, QoS marking is done at the VLAN header to modify VLAN user priority bits. QoS services use these priority bit settings to gain traffic priority during network congestion.

Experimental Bits

EXP is a 3-bit field and part of a Multiprotocol Label Switching (MPLS) header. Experimental (EXP) bits in an MPLS header carry the priority of packets. Each label switching device along the network path honors the packet priority by queuing packets in the proper queue and servicing packets according to the priority. EXP bits define the quality of service (QoS) treatment (per-hop behavior) that a node should give to a packet. It is the equivalent of the differentiated service code point (DSCP) in the IP network. A DSCP defines a class and drop precedence. The EXP bits generally carry all information encoded in IP DSCP. However, in some cases, the EXP bits are used exclusively to encode the dropping precedence.

QoS on a Layer 2 VPN (L2VPN) network usually has two parts, an attachment circuit (AC) side and a pseudowire side. Layer 2 QoS is applied on the AC side and Layer 3 MPLS or IP QoS is applied on the pseudowire side.

Virtual Private LAN Service (VPLS) QoS is similar to Ethernet over MPLS (EoMPLS) QoS, except that QoS in VPLS is applied at ACs that participate in a VPLS bridge domain.

The core-facing MPLS interface must support a QoS policy. This QoS policy is applied on Ethernet Virtual Circuits (EVCs) and switchport interfaces. If a switchport interface participates in QoS handling, the matching criteria must include the VLAN on which VPLS forwarding is configured.

Setting the EXP bit value helps service providers who do not want to modify the value of the IP precedence field within the IP packets that are transported through their networks. By choosing different values for the Multiprotocol Label Switching (MPLS) EXP bit field, you can specify the priority that a packet requires during periods of network congestion. By default, the IP precedence value is copied into the MPLS EXP field during imposition. On the imposition path, packets are received from the AC and is sent towards the MPLS core. You can specify the MPLS EXP bits with an MPLS quality of service (QoS) policy.

By default, the IEEE 802.1p bits in the VLAN tag header are not mapped to the MPLS EXP bits. The MPLS EXP bits are set to a value of 0.

Licensing Requirements for Virtual Private LAN Service

The following table shows the licensing requirements for this feature:

Product
License Requirement

Cisco NX-OS

Layer 2 MVPN requires an MPLS license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.


Guidelines and Limitations for Virtual Private LAN Service

Virtual Private LAN Service (VPLS) has the following guidelines and limitations:

EoMPLS and VPLS can coexist on the same device

Ethernet over MPLS (EoMPLS) and VPLS can coexist with MPLS Layer 3 VPNs on the same device.

VPLS and Cisco Overlay Transport Virtualization (OTV) can coexist in the same device if they are configured on different bridge domains or VLANs. A typical use case for this type of interaction involves a scenario where one cloud of the network uses OTV and the other cloud functions on an MPLS network using VPLS. A gateway facilitates data and packet forwarding between the two clouds. The OTV cloud and the MPLS cloud can be on the same physical network.

The load balance method required in the Layer 2 VPN is different from the Layer 3 VPN. Layer 3 VPN and Layer 2 VPN forwarding is performed independently on the device using two different types of adjacencies; therefore the forwarding will not be impacted by having a different method of load balance for the Layer 2 VPN.

EVCs have the following configuration guidelines and limitations:

EFPs can be created only on Layer 3 interfaces without a switchport or IP address configuration.

EFPs are not supported on subinterfaces.

The total number of EFPs and subinterfaces that are supported in a system is 4000.

The following features are not supported:

Service instance (Ethernet flow point [EFP]) group support.

EVC cross-connect and connect forwarding services.

Ethernet service protection features such as Ethernet Operations, Administration, and Maintenance (EOAM), Connectivity Fault Management (CFM), or Ethernet Local Management Interface (E-LMI).

Access control lists (ACLs).

Pseudowires have the following configuration guidelines and limitations:

The MTU value of all pseudowires in a service must be the same. A pseudowire with an MTU value that differs from the MTU value of its peers will remain in a down state.

BGP-based auto discovery has the following configuration guidelines and limitations:

BGP-based Virtual Private LAN Service (VPLS) auto discovery supports only IPv4 addresses.

Auto discovery uses Forwarding Equivalence Class (FEC) 129 to convey endpoint information; manually configured pseudowires use FEC 128.

Auto disocovery is not supported with interautonomous system configurations.

Configuring Access Circuits for Virtual Private LAN Service

This section contains the following topics:

Configuring an Ethernet Virtual Circuit for an 802.1Q Access Circuit

Manually Configuring a Pseudowire Interface

Configuring a Virtual Forwarding Interface for Static Pseudowires

Configuring a Virtual Forwarding Interface for Auto Discovery

Customising BGP-Based Auto Discovery Settings (optional)

Configuring Virtual Private LAN Service with a Bridge Domain

Configuring Virtual Private LAN Service with a VLAN


Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.


Configuring an Ethernet Virtual Circuit for an 802.1Q Access Circuit

Repeat this task for each Ethernet Virtual Circuit (EVC) and Ethernet Flow Point (EFP) that you want to configure.

Restrictions

You can configure either a single default EFP or one or more EFPs with dot1q encapsulation on a parent port, but not both. Do not configure the encapsulation default command under an EFP unless it is the only service instance configured on the parent port.

A maximum of 16 rewrite operations are supported per parent port on Cisco Nexus devices.

No two EFPs for a parent port can have the same rewrite configuration.

SUMMARY STEPS

1. configure terminal

2. feature evc

3. interface ethernet slot/port
or
interface port-channel port-channel-number

4. no ip address ip-address mask

5. [no] service instance service-instance-id ethernet

6. (Optional) description description

7. encapsulation {default | dot1q vlan-id}

8. (Optional) rewrite ingress tag push dot1q vlan-id symmetric

9. (Optional) rewrite ingress tag translate 1-to-1 dot1q vlan-id symmetric

10. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

feature evc

Example:

switch(config)# feature evc

Enables Ethernet virtual circuits on the device.

Step 3 

interface ethernet slot/port

or

interface port-channel port-channel-number

Example:

switch(config)# interface ethernet 2/1

switch(config-if)#

or

switch(config)# interface port-channel 1

switch(config-if)#

Enters interface configuration mode and configures an interface.

Step 4 

no ip address ip-address mask

Example:

switch(config-if)# no ip address 10.1.1.1 255.255.255.0

Disables IP processing on an interface.

Step 5 

[no] service instance service-instance-id ethernet

Example:

switch(config-if)# service instance 1 ethernet

switch(config-if-srv)#

Enters interface services configuration mode and configures an EFP on the interface.

The service-instance-id argument is a unique per-interface identifier for this EFP. The valid range is from 1 to 4000. The range might be restricted due to resource constraints.

Note You can use the no form of this command to delete the EFP and the associated configuration.

Step 6 

description description

Example:

switch(config-if-srv)# description EFP1forVPLS

(Optional) Adds a description to this service instance configuration.

The maximum range for the description argument is 80 alphanumeric, case-sensitive characters.

Step 7 

encapsulation {default | dot1q vlan-id}

Example:

switch(config-if-srv)# encapsulation default

or

switch(config-if-srv)# encapsulation dot1q 10

Specifies that all dot1q frames that are otherwise unmatched by any other EFP are matched to this EFP.

Note You can enter the encapsulation default command only once in a parent port configuration.

or

Configures the matching criteria for mapping dot1q frames on an ingress interface to this EFP.

The VLAN ID must match the domain ID of the bridge domain to which this EFP is to be associated. The valid range for the vlan-id argument is from 2 to 967.

Step 8 

rewrite ingress tag push dot1q vlan-id symmetric

Example:

switch(config-if-srv)# rewrite ingress tag push dot1q 30 symmetric

(Optional) Adds one VLAN tag to the incoming dot1q frame and symmetrically applies the operation to the ingress and egress frames.

The VLAN ID must match the domain ID of the bridge domain to which this EFP is to be associated. The valid range for the vlan-id argument is from 2 to 967.

Note This command is supported only on an EFP configured with the encapsulation default command.

Step 9 

rewrite ingress tag translate 1-to-1 dot1q vlan-id symmetric

Example:

switch(config-if-srv)# rewrite ingress tag translate 1-to-1 dot1q 20 symmetric

(Optional) Rewrites one VLAN tag in the incoming dot1q frame and symmetrically applies the operation to the ingress and egress frames.

The VLAN ID must match the domain ID of the bridge domain to which this EFP is to be associated. The valid range for the vlan-id argument is from 2 to 967.

Note This command is supported only on an EFP configured with the encapsulation dot1q command.

Step 10 

copy running-config startup-config

Example:

switch(config-if-srv)# copy running-config startup-config

(Optional) Saves this configuration change.

What to Do Next

To bind this interface to a bridge domain, see the "Configuring Virtual Private LAN Service with a Bridge Domain" section.

Manually Configuring a Pseudowire Interface

You can manually configure PWs for Access Circuits (ACs) or you can use BGP auto discovery (BGP-AD) to automatically generate PWs for the VPLS domain. To configure BGP-AD, see the "Configuring a Virtual Forwarding Interface for Auto Discovery" section.

RESTRICTIONS

If you manually configure multiple pseudowires and target different IP addresses on the same PE device for each pseudowire, do not use the same virtual circuit identifier (VC ID) to identify the pseudowires terminated at the same PE router.

You cannot configure a pseudowire by manually configuring a neighbor on one PE device and using auto discovery on the other PE device to configure the same pseudowire in the other direction.

SUMMARY STEPS

1. configure terminal

2. [no] interface pseudowire pw-id

3. (Optional) control word {exclude | include}

4. (Optional) description

5. mtu size

6. neighbor peer-ip-address vc-id

7. encapsulation mpls

8. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

[no] interface pseudowire pw-id

Example:

switch(config)# interface pseudowire 12

switch(config-if-pseudowire)#

Enters interface pseudowire configuration mode and configures a static pseudowire logical interface.

The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.

Note You can use the no form of this command to delete the pseudowire interface and the associated configuration.

Step 3 

control-word {exclude | include}

Example:

switch(config-if-pseudowire)# control-word include

(Optional) Enables control-word support.

The include or exclude keywords specify whether the control word will or will not be included in the pseudowire packet.

If you do not enable control word support in the pseudowire configuration, the default is autosense.

Note A device can receive a packet with or without the control word and the control word capability is negotiated with the peer. However, the device will not be able to generate a sequence number in the control word if the control word is added to the ingress device.

Step 4 

description description

Example:

switch(config-if-pseudowire)# description longform

(Optional) Adds a description to the interface configuration.

The maximum range for the description argument is 254 alpha-numeric, case-sensitive characters.

Step 5 

mtu size

Example:

switch(config-if-pseudowire)# mtu 1400

(Optional) Configures the maximum transmission unit (MTU) size, in bytes, for this interface.

The valid range for the size argument is 576 to 9216. The default is 1500.

Step 6 

neighbor peer-ip-address vc-id

Example:

switch(config-if-pseudowire)# neighbor 10.2.2.2 100

Configures a emulated virtual circuit for this interface.

The combination of the peer-ip-address and vc-id arguments must be unique on a device.

The peer IP address is the address of the provider edge (PE) peer.

The vc-id argument is an identifier for the virtual circuit between devices. The valid range is from 1 to 4294967295.

Step 7 

encapsulation mpls

Example:

switch(config-if-pseudowire)# encapsulation mpls

switch(config-pseudowire-mpls)#

Enters pseudowire MPLS configuration mode and specifies MPLS encapsulation for this interface.

Step 8 

copy running-config startup-config

Example:

switch(config-pseudowire-mpls)# copy running-config startup-config

(Optional) Saves this configuration change.

Configuring a Virtual Forwarding Interface for Static Pseudowires

BEFORE YOU BEGIN

Ensure that you have configured the PWs.

RESTRICTIONS

You can configure both auto discovered and manually configured pseudowires in a single virtual forwarding instance (VFI). However, the pseudowires cannot go to the same peer PE device.

You cannot configure a pseudowire by manually configuring a neighbor on one PE device and using auto discovery on the other PE device to configure the same pseudowire in the other direction.

SUMMARY STEPS

1. configure terminal

2. [no] l2vpn vfi context vfi-name

3. (Optional) description description

4. vpn vpn-id

5. member pseudowire pw-id

6. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

[no] l2vpn vfi context vfi-name

Example:

switch(config)# l2vpn vfi context foo

switch(config-l2vpn-vfi)#

Establishes a Layer 2 VPN (L2VPN) Virtual Forwarding Interface (VFI) between two or more separate networks.

The vfi-name argument is a unique per-interface identifier for this VFI. The maximum range is 100 alphanumeric, case-sensitive characters.

Note You can use the no form of this command to delete the VFI and the associated configuration.

Step 3 

description description

Example:

switch(config-l2vpn-vfi)# description PWsforVPLS

(Optional) Adds a description to the interface configuration.

The maximum range for the description argument is 254 alpha-numeric characters.

Step 4 

vpn vpn-id

Example:

switch(config-l2vpn-vfi)# vpn 100

Configures a Virtual Private Network (VPN) ID on a VFI context.

The valid range is from 1 to 4294967295.

Step 5 

member pseudowire pw-id

Example:

switch(config-l2vpn-vfi)# member pseudowire 12

Binds a static pseudowire to this VFI.

This command is supported for a static pseudowire only.

The pw-id argument is a unique per-interface identifier for a static pseudowire. The valid range is from 1 to 8192.

Repeat this step for each static pseudowire to be associated with this VFI.

Step 6 

copy running-config startup-config

Example:

switch(config-l2vpn-vfi)# copy running-config startup-config

(Optional) Saves this configuration change.

Configuring a Virtual Forwarding Interface for Auto Discovery

Perform just one of the following tasks:

Configuring BGP Auto Discovery and BGP Signaling

Configuring BGP Auto Discovery and LDP Signaling

Configuring BGP Auto Discovery and BGP Signaling

RESTRICTIONS

You can configure both auto discovered and manually configured pseudowires in a single virtual forwarding instance (VFI). However, the pseudowires cannot go to the same peer PE device.

You cannot configure a pseudowire by manually configuring a neighbor on one PE device and using auto discovery on the other PE device to configure the same pseudowire in the other direction.

After enabling VPLS autodiscovery, if you manually configure a neighbor by using the member command and both peers are in autodiscovery mode, each peer will receive discovery data for that VPLS. To prevent peers from receiving data for the VPLS domain, manually configure route target (RT) values. For information, see the "Customising BGP-Based Auto Discovery Settings (optional)" section.

SUMMARY STEPS

1. configure terminal

2. [no] l2vpn vfi context vfi-name

3. (Optional) description description

4. vpn vpn-id

5. autodiscovery bgp signaling bgp

6. ve id ve-id-number

7. ve range range

8. router bgp as-number

9. bgp graceful restart

10. neighbor peer-ip-address vc-id remote as as-number

11. address-family l2vpn vpls

12. neighbor [peer-ip-address | peer-group-name] activate

13. neighbor [peer-ip-address | peer-group-name] send-community extend

14. neighbor [peer-ip-address | peer-group-name] suppress-signaling-protocol ldp

15. Repeat steps 11 to 15 to configure additional neighbors in an L2VPN address family.

16. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

[no] l2vpn vfi context context-name

Example:

switch(config)# l2vpn vfi context foo

switch(config-l2vpn-vfi)#

Establishes a Layer 2 VPN (L2VPN) Virtual Forwarding Interface (VFI) context between two or more separate networks.

The context-name argument is a unique per-interface identifier for this context. The maximum range is 100 alphanumeric, case-sensitive characters.

Note You can use the no form of this command to delete the context and the associated configuration.

Step 3 

description description

Example:

switch(config-l2vpn-vfi)# description PWsforVPLS

(Optional) Adds a description to the interface configuration.

The maximum range for the description argument is 254 alpha-numeric characters.

Step 4 

vpn vpn-id

Example:

switch(config-l2vpn-vfi)# mtu 1400

Configures a Virtual Private Network (VPN) ID on a VFI context.

The valid range is from 1 to 4294967295.

Step 5 

autodiscovery bgp signaling bgp

Example:

switch(config-l2vpn-vfi)# autodiscovery bgp signaling bgp

Enables BGP auto discovery and BGP signaling.

Step 6 

ve id ve-id-number

Example:

switch(config-l2vpn-vfi)# ve id 1

Configures a VPLS Endpoint ID (VEID) for the NLRI exchanged between BGP devices.

Repeat this step to add each additional VE ID. The VE ID must be unique within the same VPLS domain for all PE devices.

Note Numbering sequences such as 1,2,3 or 501, 502, 503 are good because the VEIDs are contiguous. A numbering scheme such as 100, 200, 300 is bad because it is non-contiguous

If you change the VEID, the virtual circuit (VC) reprovisions and traffic is impacted as a result.

Step 7 

ve range ve-range-number

Example:

switch(config-l2vpn-vfi)# ve range

(Optional) Configures the number of VEIDs for the Autonomous System (AS).

The range for the ve-range-number argument is from 1 to 100. The default is 10.

The VE range can be configured based on the number of neighboring PE devices in the network. The VE range value should be approximately the same as the number of neighbors (up to 100).

If no VE range is configured or an existing VE range value is removed, then the default VE range is applied. The default VE range should not be used if the router has many PE neighbors.

If you change the VE range, then the virtual circuit (VC) reprovisions and traffic is impacted as a result.

Step 8 

router bgp as-number

Example:

switch(config-l2vpn-vfi)# router bgp 100

switch(config-router)#

Enters the router BGP configuration mode and assigns an autonomous system (AS) number to the local BGP speaker device.

The as-number argument identifies the device to other BGP devices and tags the routing information to be passed along. The range is from 1 to 65535.

The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in the xx.xx format.

Step 9 

bgp graceful restart

Example:

switch(config-router)# bgp graceful restart

Enables the graceful restart and the graceful restart helper capability.

Step 10 

neighbor peer-ip-address remote-as as-number

Example:

switch(config-router)# neighbor 10.1.1.1 remote-as 100

Adds the IP address of the neighbor in the specified autonomous system to the multi protocol BGP neighbor table of the local device.

The combination of the peer-ip-address and as-number arguments must be unique on a device.

The peer IP address is the address of the provider edge (PE) peer.

If the as-number argument matches the autonomous system number specified in the router bgp command, the neighbor is an internal neighbor.

If the as-number argument does not match the autonomous system number specified in the router bgp command, the neighbor is an external neighbor.

Step 11 

address-family l2vpn vpls

Example:

switch(config-router)# address-family l2vpn vpls

switch(config-router-af)#

Creates an L2VPN address family session and specifies that VPLS endpoint provisioning information is to be distributed to BGP peers.

Step 12 

neighbor [peer-ip-address | peer-group-name] activate

Example:

switch(config-router-af)# neighbor 10.10.10.1 activate

Enables the exchange of information with the specified BGP neighbor

Step 13 

neighbor [peer-ip-address | peer-group-name] send-community extend

Example:

switch(config-router-af)# neighbor 10.10.10.1 send-community extend

Specifies that a community attribute should be sent to the BGP neighbor.

Step 14 

neighbor [peer-ip-address | peer-group-name] suppress-signaling-protocol ldp

Example:

switch(config-router-af)# neighbor 10.10.10.1 suppress-signaling-protocol ldp

Suppresses LDP signaling for a BGP neighbor so that BGP signaling for auto discovery is used.

Step 15 

Repeat steps 11 to 15 to configure additional neighbors in an L2VPN address family.

Step 16 

copy running-config startup-config

Example:

switch(config-router-af)# copy running-config startup-config

(Optional) Saves this configuration change.

Configuring BGP Auto Discovery and LDP Signaling

RESTRICTIONS

You can configure both auto discovered and manually configured pseudowires in a single virtual forwarding instance (VFI). However, the pseudowires cannot go to the same peer PE device.

You cannot configure a pseudowire by manually configuring a neighbor on one PE device and using auto discovery on the other PE device to configure the same pseudowire in the other direction.

After enabling VPLS autodiscovery, if you manually configure a neighbor by using the member command and both peers are in autodiscovery mode, each peer will receive discovery data for that VPLS. To prevent peers from receiving data for the VPLS domain, manually configure route target (RT) values. For information, see the "Customising BGP-Based Auto Discovery Settings (optional)" section.

SUMMARY STEPS

1. configure terminal

2. [no] l2vpn vfi context vfi-name

3. (Optional) description description

4. vpn vpn-id

5. autodiscovery bgp signaling ldp

6. router bgp as-number

7. neighbor peer-ip-address vc-id

8. address-family l2vpn vpls

9. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

[no] l2vpn vfi context context-name

Example:

switch(config)# l2vpn vfi context foo

switch(config-l2vpn-vfi)#

Establishes a Layer 2 VPN (L2VPN) Virtual Forwarding Interface (VFI) context between two or more separate networks.

The context-name argument is a unique per-interface identifier for this context. The maximum range is 100 alphanumeric, case-sensitive characters.

Note You can use the no form of this command to delete the context and the associated configuration.

Step 3 

description description

Example:

switch(config-l2vpn-vfi)# description PWsforVPLS

(Optional) Adds a description to the interface configuration.

The maximum range for the description argument is 254 alpha-numeric characters.

Step 4 

vpn vpn-id

Example:

switch(config-l2vpn-vfi)# mtu 1400

Configures a Virtual Private Network (VPN) ID on a VFI context.

The valid range is from 1 to 4294967295.

Step 5 

autodiscovery bgp signaling ldp

Example:

switch(config-l2vpn-vfi)# autodiscovery bgp signaling ldp

Enables BGP auto discovery and LDP signaling.

Step 6 

router bgp as-number

Example:

switch(config-l2vpn-vfi)# router bgp 100

switch(config-router)#

Enters the router BGP configuration mode and assigns an autonomous system (AS) number to a device.

The as-number argument identifies the device to other BGP devices and tags the routing information to be passed along. the range is from 1 to 65535.

Step 7 

neighbor peer-ip-address remote-as as-number

Example:

switch(config-router)# neighbor 10.1.1.1 remote-as 100

Adds the IP address of the neighbor in the specified autonomous system to the multi protocol BGP neighbor table of the local device.

The combination of the peer-ip-address and as-number arguments must be unique on a device.

The peer IP address is the address of the provider edge (PE) peer.

If the as-number argument matches the autonomous system number specified in the router bgp command, the neighbor is an internal neighbor.

If the as-number argument does not match the autonomous system number specified in the router bgp command, the neighbor is an external neighbor.

Step 8 

address-family l2vpn vpls

Example:

switch(config-router)# address-family l2vpn vpls

Creates an L2VPN address family session and specifies that VPLS endpoint provisioning information is to be distributed to BGP peers.

Step 9 

copy running-config startup-config

Example:

switch(config-router)# copy running-config startup-config

(Optional) Saves this configuration change.

Customising BGP-Based Auto Discovery Settings (optional)

Before You Begin

Ensure that you have configured BGP-based auto discovery for VPLS.

SUMMARY STEPS

1. configure terminal

2. [no] l2vpn vfi context vfi-name

3. (Optional) vpls-id {autonomous-system-number:nn | ip-address:nn}

4. (Optional) rd {autonomous-system-number:nn | ip-address:nn}

5. (Optional) auto-route-target
or
(Optional) route-target [import | export | both] {autonomous-system-number:nn | ip-address:nn}

6. (Optional) copy running-config startup-config

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

[no] l2vpn vfi context context-name

Example:

switch(config)# l2vpn vfi context foo

switch(config-l2vpn-vfi)#

Establishes a Layer 2 VPN (L2VPN) Virtual Forwarding Interface (VFI) context between two or more separate networks.

The context-name argument is a unique per-interface identifier for this context. The maximum range is 100 alphanumeric, case-sensitive characters.

Note You can use the no form of this command to delete the context and the associated configuration.

Step 3 

vpls-id {autonomous-system-number:nn | ip-address:nn}

Example:

switch(config-l2vpn-vfi)# vpls-id 5:200

(Optional) Changes the value of the VPLS ID from the generated value to the specified value.

Auto discovery automatically generates a VPLS ID using the Border Gateway Protocol (BGP) autonomous system (AS) number and the configured Virtual Private Network (VPN) ID on the VFI context.

The value for the nn argument is the network number.

Step 4 

rd {autonomous-system-number:nn | ip-address:nn}

Example:

switch(config-l2vpn-vfi)# rd 2:2

(Optional) Changes the value of the route distinguisher (RD) from the generated value to the specified value.

Auto discovery automatically generates an RD using the BGP autonomous system number (AS) and the configured Virtual Private Network (VPN) ID on the VFI context.

The value for the nn argument is the network number. The network number must be preceded by a colon (:).

Step 5 

auto-route-target

or

route-target [import | export | both] {autonomous-system-number:nn | ip-address:nn}

Example:

switch(config-l2vpn-vfi)# route-target 600:2222

(Optional) Enables auto discovery to generate a route target (RT) using the lower 6 bits of the RD and and the configured Virtual Private Network (VPN) ID on the VFI context.

This is the default. If you previously configured the route-target command, use this command to change the explicitly configured RT to a generated RT.

or

(Optional) Changes the value of the route target(RT) from the generated value to the specified value.

The value for the nn argument is the network number. The network number must be preceded by a colon (:).

Step 6 

copy running-config startup-config

Example:

switch(config-l2vpn-vfi)# copy running-config startup-config

(Optional) Saves this configuration change.

Configuring Virtual Private LAN Service with a Bridge Domain

You can configure VPLS either with a bridge domain or with a VLAN. To associate a VFI directly to a VLAN, go to the "Configuring Virtual Private LAN Service with a VLAN" section.

BEFORE YOU BEGIN

Ensure that you have configured the VFI.

Ensure that you have configured an EFP for the 802.1Q Access Circuit (AC).

Restrictions

Switchport VLANs and EFPs cannot be associated with the same bridge domain.

SUMMARY STEPS

1. configure terminal

2. feature mpls l2vpn

3. feature evc

4. system bridge-domain id [-id | -id,...,id-id]

5. interface ethernet slot/port
or
interface port-channel port-channel-number

6. [no] service instance service-instance-id ethernet

7. (Optional) description description

8. encapsulation dot1q vlan-id

9. [no] bridge-domain domain-id

10. member vfi vfi-id

11. member interface slot/port service instance service-instance-id

12. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

[no] feature mpls l2vpn

Example:

switch(config)# feature mpls l2vpn

Enables Multiprotocol Label Switching (MPLS) Layer 2 VPN (L2VPN) features.

Note Using the no feature mpls l2vpn command removes all existing L2VPN configurations. Using the feature mpls l2vpn command again does not restore the earlier L2VPN configuration.

Step 3 

feature evc

Example:

switch(config)# feature evc

Enables Ethernet virtual circuits on the device.

Step 4 

system bridge-domain id [-id |-id,...,id-id]

Example:

switch(config)# system bridge-domain 10-50,100-500

Identifies the IDs that are available for bridge-domain configurations.

The valid range for the id argument is from 2 to 967.

The optional -id keyword and argument combination identifies the last ID in a range of contiguous IDs. The hyphen (-) is required.

The optional list of ID ranges are separated by commas (,). Do not type the ellipses (...).

Step 5 

interface ethernet slot/port

or

interface port-channel port-channel-number

Example:

switch(config)# interface ethernet 2/1

switch(config-if)#

or

switch(config)# interface port-channel 1

switch(config-if)#

Enters interface configuration mode.

Step 6 

[no] service instance service-instance-id ethernet

Example:

switch(config-if)# service instance 1 ethernet

switch(config-if-srv)#

Enters interface services configuration mode and configures an EFP on the interface.

The service-instance-id argument is a unique per-interface identifier for this EFP. The valid range is from 1 to 4000. The range might be restricted due to resource constraints.

Note You can use the no form of this command to delete the EFP and the associated configuration.

Step 7 

description description

Example:

switch(config-if-srv)# description EFP1forVPLS

(Optional) Adds a description to this service instance configuration.

The maximum range for the description argument is 80 alphanumeric, case-sensitive characters.

Step 8 

encapsulation dot1q vlan-id

Example:

switch(config-if-srv)# encapsulation dot1q 100

Allows flow from the specified VLAN ID to pass through the EFP.

The VLAN ID must match the domain ID of the bridge domain to which this EFP is to be associated. The valid range for the vlan-id argument is from 2 to 967.

Step 9  

[no] bridge-domain domain-id

Example:

switch(config-if-srv)# bridge-domain 100

switch(config-bdomain)#

Enters bridge-domain configuration mode and configures a bridge domain.

The domain-id argument is a unique identifier for the bridge domain and underlying VLAN to be created. The valid range is defined by the system bridge-domain configuration.

Note You can use the no form of this command to remove the bridge-domain configuration including port associations. Removing the bridge-domain configuration does not remove the underlying VLAN.
If a VLAN is associated with a bridge domain, you cannot remove the VLAN without first removing the bridge domain. To remove the underlying VLAN, use the no vlan command after you remove the bridge domain.

Step 10 

member vfi vfi-id

Example:

switch(config-bdomain)# member vfi foo

(Optional) Binds a VFI to this bridge domain.

The vfi-id argument identifies the VFI to be bound. The maximum range is 100 alphanumeric, case-sensitive characters.

Step 11 

member interface slot/port service instance service-instance-id

Example:

switch(config-bdomain)# member ethernet 2/1 service instance 1

(Optional) Binds a service instance to this bridge domain.

The interface slot/port argument identifies the interface under which the service instance is configured.

The service-instance-id argument identifies the service instance to be bound. The valid range is from 1 to 4000.

Step 12 

copy running-config startup-config

Example:

switch(config-bdomian)# copy running-config startup-config

(Optional) Saves this configuration change.

Configuring Virtual Private LAN Service with a VLAN

You can configure VPLS either with a bridge domain or with a VLAN. To associate the VFI (or EFP) to a bridge domain, go to the "Configuring Virtual Private LAN Service with a Bridge Domain" section.

BEFORE YOU BEGIN

Ensure that you have configured the VFI.

SUMMARY STEPS

1. configure terminal

2. [no] vlan id

3. member vfi vfi-id

4. exit

5. interface ethernet slot/port

6. switchport mode trunk

7. switchport allowed vlan vlan-id

8. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

[no] vlan domain-id

Example:

switch(config)# vlan 100

switch(config-vlan)#

Enters VLAN configuration mode and configures a VLAN.

The vlan-id argument is a unique identifier for the VLAN. The valid range is from 1 to 4094.

Note You can use the no form of this command to remove the VLAN configuration including port associations.

Step 3 

member vfi vfi-id

Example:

switch(config-vlan)# member vfi foo

Binds a VFI to this VLAN.

The vfi-id argument identifies the VFI to be bound. The maximum range is 100 alphanumeric, case-sensitive characters.

Step 4 

exit

Example:

switch(config-vlan)# exit

switch (config)#

Exits VLAN configuration mode.

Step 5 

interface ethernet slot/port

Example:

switch(config)# interface ethernet 2/1

switch(config-if)#

Enters interface configuration mode and configures an Ethernet interface.

Step 6 

switchport mode trunk

Example:

switch(config-if)# switchport mode trunk

Sets the interface type to be a Layer 2 host port for a trunk.

Step 7 

switchport allowed vlan vlan-id

Example:

switch(config-if)# switchport allowed vlan 100

Allows flow from the specified VLAN to pass through the trunk.

The VLAN ID must match the ID of the VLAN to which this VFI is to be associated. The valid range for the vlan-id argument is from 1 to 4094.

Step 8 

copy running-config startup-config

Example:

switch(config-if)# copy running-config startup-config

(Optional) Saves this configuration change.

Verifying the Virtual Private LAN Service Configuration

To verify pseudowire redundancy configuration information, perform one of the following tasks:

Command
Purpose

show ethernet service instance [detail]

Displays information about service instances that are configured on the device.

show ethernet service instance interface ethernet slot/port [detail]

Displays information about service instances that are configured on an interface.

show interface [brief description]

Displays the interface status and information.

show interface pseudowire pw-id

Displays the status and information about the specified interface.

show interface pseudowire pw-id brief

Displays brief information about the specified interface.

show interface pseudowire pw-id counters

Displays the in and out counters for the specified interface.

show interface status

Displays the interface line status.

show interface vfi name

Displays the status and information about the specified interface.

show l2vpn atom vc

Displays information about the Any Transport over MPLS (AToM) virtual circuit.

show l2vpn service xconnect all

Displays status information about the specified XConnect service.

show mac address-table

Displays the list of the known MAC addresses and their forwarding information


Configuration Examples for Virtual Private LAN Service

This section includes the following topics:

Example: VPLS with a Bridge Domain

Example: VPLS with a VLAN

Example: VPLS Auto Discovery and BGP Signaling

Example: VPLS Auto Discovery and LDP Signaling

Example: VPLS with a Bridge Domain

The following example shows how to configure VPLS with a bridge domain configuration:

bridge-domain 100
  member vfi foo
  member Ethernet2/1 service instance 1
!
l2vpn vfi context foo
  vpn id 100
  member Pseudowire12
  member Pseudowire13
!
interface Pseudowire12  #mesh
  encapsulation mpls
  neighbor 10.2.2.2 100
!
interface Pseudowire13  #mesh
  encapsulation mpls
  neighbor 10.3.3.3 100
!
interface Ethernet2/1
   service instance 1 ethernet
      encapsulation dot1q 100

Example: VPLS with a VLAN

The following example shows how to configure the same VPLS with a VLAN configuration:

vlan 100
vlan configuration 100
  member vfi foo
!
port-profile type pseudowire mpls
  encapsulation mpls
!
l2vpn vfi context foo
  vpn id 100
  member Pseudowire12
  member Pseudowire13
!
interface Pseudowire12 #mesh
  inherit port-profile mpls
  neighbor 10.2.2.2 100
!
interface Pseudowire13  #mesh
  inherit port-profile mpls
  neighbor 10.3.3.3 100
!
interface Ethernet2/1
   switchport mode trunk
   switchport allowed vlan 100

Example: VPLS Auto Discovery and BGP Signaling

The following example show how to configure VPLS auto discovery and BGP signaling:

Device bgp 100
neighbor 10.0.0.2 remote-as 100
  address-family l2vpn vpls
   neighbor 10.0.0.2 activate
   neighbor 10.0.0.2 send-community extended
   neighbor 10.0.0.2 suppress-signaling-protocol ldp
exit-address-family

Example: VPLS Auto Discovery and LDP Signaling

The following example show how to configure VPLS auto discovery and LDP signaling:

bridge-domain 100
  member vfi foo
  member Ethernet2/1 service instance 1
!
l2vpn vfi context foo
  vpn id 100
  autodiscovery bgp signaling ldp
!
router bgp 100
  neighbor 10.0.0.1 remote-as 100
    address-family l2vpn vpls
!
interface Ethernet2/1
   service instance 1 ethernet
      encapsulation dot1q 100

Additional References for Virtual Private LAN Service

For additional information related to configuring ACs for VPLS, see the following sections:

Related Documents

MIBs

Related Documents

Related Topic
Document Title

Interface commands

Cisco Nexus 7000 Series NX-OS Interfaces Command Reference

VLAN commands

Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference

Nondirectly connected MPLS LDP sessions

"Establishing Nondirectly Connected MPLS LDP Sessions" section of the "Configuring the MPLS Label Distribution Protocol" chapter.


MIBs

MIBs
MIBs Link

BRIDGE-MIB

CISCO-EVC-MIB

CISCO-VLAN-MEMBERSHIP-MIB

CISCO-IETF-PW-ATM-MIB (PW-ATM-MIB)

CISCO-IETF-PW-ENET-MIB (PW-ENET-MIB)

CISCO-IETF-PW-FR-MIB (PW-FR-MIB)

CISCO-IETF-PW-MIB (PW-MIB)

CISCO-IETF-PW-MPLS-MIB (PW-MPLS-MIB)

CISCO-VLAN-MEMBERSHIP-MIB

To locate and download MIBs, go to the following URL:

http://www.cisco.com/dc-os/mibs


Feature History for Virtual Private LAN Service

Table 29-1 lists the release history for this feature.

Table 29-1 Feature History for Pseudowire Logical Interfaces

Feature Name
Releases
Feature Information

Virtual Private Lan Service (VPLS)

6.2(2)

This feature was introduced.

The following commands were introduced or modified: address-family, autodiscovery bgp, bridge-domain, control-word, description, encapsulation, feature mpls l2vpn, interface pseudowire, l2vpn vfi context, member, member vfi, mtu, neighbor, router bgp, service instance, show interface, show interface pseudowire, show l2vpn atom vc, show l2vpn service vfi, show l2vpn vfi, switchport mode trunk, switchport allowed vlan, system bridge-domain, vlan.