Cisco IP Solution Center Carrier Ethernet and L2VPN User Guide, 5.1
Sample Configlets
Download this chapter
Sample ConfigletsSample Configlets
Download the complete book
Carrier Ethernet and L2VPN User Guide, 5.1 - Entire Book in PDFCarrier Ethernet and L2VPN User Guide, 5.1 - Entire Book in PDF (PDF - 7 MB)
give_us_feedback

Table Of Contents

Sample Configlets

Overview

ERS (EVPL) (Point-to-Point)

ERS (EVPL) (Point-to-Point, UNI Port Security)

ERS (EVPL) (1:1 VLAN Translation)

ERS (EVPL) (2:1 VLAN Translation)

ERS (Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

ERS (EVPL) (NBI Enhancements for L2VPN, IOS Device)

ERS (EVPL) or EWS (EPL) (IOS XR Device)

ERS (EVPL) and EWS (EPL) (Local Connect on E-Line)

ERS (EVPL), EWS (EPL), ATM, or Frame Relay (Additional Template Variables for L2VPN, IOS and IOS XR Device)

EWS (EPL) (Point-to-Point)

EWS (EPL) (Point-to-Point, UNI Port Security, BPDU Tunneling)

EWS (EPL) (Hybrid)

EWS (EPL) (Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

EWS (EPL) (NBI Enhancements for L2VPN, IOS Device)

ATM over MPLS (VC Mode)

ATM over MPLS (VP Mode)

ATM (Port Mode, Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

Frame Relay over MPLS

Frame Relay (DLCI Mode)

VPLS (Multipoint, ERMS/EVP-LAN)

VPLS (Multipoint, EMS/EP-LAN), BPDU Tunneling)

FlexUNI/EVC (Pseudowire Core Connectivity, UNI Port Security)

FlexUNI/EVC (Pseudowire Core Connectivity, UNI, without Port Security, with Bridge Domain)

FlexUNI/EVC (Pseudowire Core Connectivity, UNI, and Pseudowire Tunneling)

FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)

FlexUNI/EVC (VPLS Core Connectivity, no UNI Port Security)

FlexUNI/EVC (Local Connect Core Connectivity, UNI Port Security)

FlexUNI/EVC (Local Connect Core Connectivity, UNI, no Port Security, Bridge Domain)


Sample Configlets

This appendix provides sample configlets for L2VPN and Metro Ethernet service provisioning in ISC. It contains the following sections:

Overview

ERS (EVPL) (Point-to-Point)

ERS (EVPL) (Point-to-Point, UNI Port Security)

ERS (EVPL) (1:1 VLAN Translation)

ERS (EVPL) (2:1 VLAN Translation)

ERS (Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

ERS (EVPL) (NBI Enhancements for L2VPN, IOS Device)

ERS (EVPL) or EWS (EPL) (IOS XR Device)

ERS (EVPL) and EWS (EPL) (Local Connect on E-Line)

ERS (EVPL), EWS (EPL), ATM, or Frame Relay (Additional Template Variables for L2VPN, IOS and IOS XR Device)

EWS (EPL) (Point-to-Point)

EWS (EPL) (Point-to-Point, UNI Port Security, BPDU Tunneling)

EWS (EPL) (Hybrid)

EWS (EPL) (Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

EWS (EPL) (NBI Enhancements for L2VPN, IOS Device)

ATM over MPLS (VC Mode)

ATM over MPLS (VP Mode)

ATM (Port Mode, Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

Frame Relay over MPLS

Frame Relay (DLCI Mode)

VPLS (Multipoint, ERMS/EVP-LAN)

VPLS (Multipoint, EMS/EP-LAN), BPDU Tunneling)

FlexUNI/EVC (Pseudowire Core Connectivity, UNI Port Security)

FlexUNI/EVC (Pseudowire Core Connectivity, UNI, without Port Security, with Bridge Domain)

FlexUNI/EVC (Pseudowire Core Connectivity, UNI, and Pseudowire Tunneling)

FlexUNI/EVC (Pseudowire Core Connectivity, UNI, and Pseudowire Tunneling)

FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)

FlexUNI/EVC (VPLS Core Connectivity, no UNI Port Security)

FlexUNI/EVC (Local Connect Core Connectivity, UNI Port Security)

FlexUNI/EVC (Local Connect Core Connectivity, UNI, no Port Security, Bridge Domain)

Overview

The configlets provided in this appendix show the CLIs generated by ISC for particular services and features. Each configlet example provides the following information:

Service

Feature

Devices configuration (network role, hardware platform, relationship of the devices and other relevant information)

Sample configlets for each device in the configuration

Comments

Note The configlets generated by ISC are only the delta between what needs to be provisioned and what currently exists on the device. This means that if a relevant CLI is already on the device, it does not show up in the associated configlet.

Note The CLIs shown in bold are the most relevant commands.

Note All examples in this appendix assume an MPLS core.

ERS (EVPL) (Point-to-Point)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL) (point-to-point).

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, Sup720-3BXL.

Interface(s): FA8/17.

The U-PE is a Cisco 3750ME with 12.2(25)EY1, no port security.

Interface(s): FA1/0/4 - FA1/0/23.

L2VPN point-to-point.

Configlets

UP-E
N-PE

vlan 772

exit

!

interface FastEthernet1/0/23

switchport trunk allowed vlan 500,772

!

interface FastEthernet1/0/4

no cdp enable

no keepalive

no ip address

switchport trunk allowed vlan 500,772

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet1/0/4 in

!

mac access-list extended ISC-FastEthernet1/0/4

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

permit any any

vlan 772

exit

!

interface FastEthernet8/17

switchport trunk allowed vlan 1,451,653,659,766-768,772,878

!

interface Vlan772

no ip address

description L2VPN ERS

xconnect 99.99.8.99 89027 encapsulation mpls

no shutdown


Comments

The N-PE is a 7600 with an OSM or SIP-600 module.

The U-PE is a generic Metro Ethernet (ME) switch. Customer BPDUs are blocked by the PACL.

ERS (EVPL) (Point-to-Point, UNI Port Security)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL) (point-to-point) with UNI port security.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, OSM.

Interface(s): FA2/18.

The U-PE is a Cisco 3550 with IOS 12.2(25)SEC2. Port security is enabled.

Interface(s): FA3/31- FA3/23.

L2VPN point-to-point.

Configlets

UP-E
N-PE

vlan 788

exit

!

interface FastEthernet3/23

no ip address

switchport trunk allowed vlan 783,787-788

!

interface FastEthernet3/31

no cdp enable

no keepalive

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 788

switchport port-security

switchport nonegotiate

switchport port-security maximum 45

switchport port-security aging time 34

switchport port-security violation shutdown

switchport port-security mac-address 3456.3456.5678

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/31 in

!

mac access-list extended ISC-FastEthernet3/31

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

deny any host 1234.3234.3432

permit any any

vlan 788

exit

!

interface FastEthernet2/18

switchport trunk allowed vlan 350,351,430,630,777,780,783,785-788

!

interface Vlan788

no ip address

description L2VPN ERS with UNI port security

xconnect 99.99.5.99 89028 encapsulation mpls

no shutdown


Comments

The N-PE is a 7600 with an OSM or SIP-600 module.

The U-PE is a generic Metro Ethernet (ME) switch. The customer BPDUs are blocked by the PACL.

Various UNI port security commands are provisioned.

A user-defined PACL entry is added to the default PACL.

ERS (EVPL) (1:1 VLAN Translation)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL) with 1:1 VLAN translation.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, Sup720-3BXL

Interface(s): FA8/34.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY1. VLAN translation on the NNI port (uplink).

Interface(s): FA1/0/8 - GI1/1/1.

L2VPN point-to-point.

Configlets

UP-E
N-PE

!

vlan 123

exit

!

interface FastEthernet1/0/8

no cdp enable

no keepalive

no ip address

switchport trunk allowed vlan 123

switchport nonegotiate

switchport port-security maximum 34

switchport port-security aging time 23

switchport port-security violation protect

switchport port-security

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet1/0/8 in

!

interface GigabitEthernet1/1/1

no ip address

switchport mode trunk

switchport trunk allowed vlan 1,123

switchport vlan mapping 123 778

vlan 778

exit

!

interface FastEthernet8/34

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 1,778

!

interface Vlan778

no ip address

description L2VPN ERS 1 to 1 vlan translation

xconnect 99.99.8.99 89032 encapsulation mpls

no shutdown


Comments

VLAN translation is only for L2VPN (point-to-point) ERS (EVPL).

In this case, the 1:1 VLAN translation occurs on the U-PE, a 3750. It is provisioned on the NNI (uplink) port.

The customer VLAN 123 is translated to the provider VLAN 778.

ERS (EVPL) (2:1 VLAN Translation)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL) with VLAN 2:1 translation.Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, Sup720-3BXL

Interface(s): FA8/34.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY1. VLAN translation on the NNI port (uplink).

Interface(s): FA1/0/5 - GI1/1/1.

L2VPN point-to-point.

Configlets

UP-E
N-PE

vlan 567

exit

!

interface FastEthernet1/0/5

no cdp enable

no keepalive

no ip address

switchport

switchport access vlan 567

switchport mode dot1q-tunnel

switchport trunk allowed vlan none

switchport nonegotiate

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet1/0/5 in

!

interface GigabitEthernet1/1/1

no ip address

switchport trunk allowed vlan 1,123,567

switchport vlan mapping dot1q-tunnel 567 234 779

!

mac access-list extended ISC-FastEthernet1/0/5

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

permit any any

vlan 779

exit

!

interface FastEthernet8/34

switchport trunk allowed vlan 1,778-779

!

interface Vlan779

no ip address

description L2VPN ERS 2 to 1 vlan translation

xconnect 99.99.8.99 89033 encapsulation mpls

no shutdown


Comments

VLAN translation is only for L2VPN (point-to-point) ERS (EVPL).

In this case, the 2:1 VLAN translation occurs on the U-PE, a 3750. It is provisioned on the NNI (uplink) port.

The customer VLAN 123 and the provider VLAN 234 (as part of Q -in-Q) are translated to a new provider VLAN 779.

ERS (Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL).

Device configuration:

The N-PE is a CRS-1 with IOS XR 3.6.1 or later.

UNI on N-PE.

UNI on U-PE.

Configlets

UP-E
N-PE

!

vlan 700

exit

!

interface FastEthernet1/0/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 700

switchport mode trunk

switchport nonegotiate

no keepalive

mac access-group ISC-FastEthernet1/0/2 in

no cdp enable

spanning-tree bpdufilter enable

!

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 700

switchport mode trunk

keepalive 10

!

!

mac access-list extended ISC-FastEthernet1/0/2

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

permit any any

!

!

interface GigabitEthernet0/3/1/1.700 l2transport

dot1q vlan 700

!

l2vpn

pw-class PW_AD3-AD7_Customer1

encapsulation mpls

transport-mode vlan

preferred-path interface tunnel-te 1370 fallback disable

!

!

xconnect group L2VPN_Customer1-Gold_class

p2p GoldPkg_AD3-AD7_Customer1

interface GigabitEthernet0/3/1/1.700

neighbor 192.169.105.30 pw-id 1000

pw-class PW_AD3-AD7_Customer1

!

!


Comments

The N-PE is a CRS-1 with IOS XR 3.7.

The pseudowire class feature is configured with various associated attributes like encapsulation, transport mode, preferred-path, and fallback option.

The disable fallback option is required for IOS XR 3.6.1 and optional for IOS XR 3.7 and later.

The E-Line name (p2p command) and L2VPN Group Name (xconnect group command) is user configured.

ERS (EVPL) (NBI Enhancements for L2VPN, IOS Device)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL).

Device configuration:

The N-PE is a 12.2(18)SXF with IOS.

The U-PE is a 12.2(25)EY4with IOS.

UNI on N-PE.

UNI on U-PE.

Configlets

UP-E
N-PE

!

vlan 3200

exit

!

interface FastEthernet1/0/2

no cdp enable

no ip address

duplex auto

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 3200

switchport nonegotiate

switchport port-security aging type inactivity

switchport port-security maximum 100

switchport port-security aging time 1000

switchport port-security violation protect

switchport port-security

storm-control unicast level 1.0

storm-control broadcast level 50.0

storm-control multicast level 50.0

shutdown

keepalive

spanning-tree bpdufilter enable


!

interface GigabitEthernet1/0/1

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 3200

!

!

vlan 3300

exit

!

interface FastEthernet1/0/24

no cdp enable

no ip address

duplex auto

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 3300

switchport nonegotiate

switchport port-security aging type inactivity

switchport port-security maximum 100

switchport port-security aging time 1000

switchport port-security violation protect

switchport port-security

storm-control unicast level 1.0

storm-control broadcast level 50.0

storm-control multicast level 50.0

shutdown

keepalive

spanning-tree bpdufilter enable


!

interface Vlan3300

no ip address

xconnect 192.169.105.40 7502 encapsulation mpls

no shutdown

!


Comments

None.

ERS (EVPL) or EWS (EPL) (IOS XR Device)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL) or EWS (EPL).

Device configuration(s):

The N-PE is a CRS-1 with IOS XR 3.4.2.

UNI on N-PE. ERS (EVPL) only.

U-PE. EWS (EPL) or ERS (EVPL).

Configlets

N-PE

<?xml version="1.0" encoding="UTF-8"?>

<Request MajorVersion="1" MinorVersion="0">

<Set>

<Configuration Source="CurrentConfig">

<InterfaceConfigurationTable>

<InterfaceConfiguration>

<Naming>

<Name>GigabitEthernet0/0/0/1.302</Name>

<Active>act</Active>

</Naming>

<InterfaceModeNonPhysical>L2Transport</InterfaceModeNonPhysical>

</InterfaceConfiguration>

</InterfaceConfigurationTable>

<L2VPN>

<Enabled>true</Enabled>

<XConnectGroupTable>

<XConnectGroup>

<Naming>

<Name>VPNSC</Name>

</Naming>

<Enabled>true</Enabled>

<P2PXConnectTable>

<P2PXConnect>

<Naming>

<Name>GigabitEthernet0_0_0_1.302</Name>

</Naming>

<Enabled>true</Enabled>

<AttachmentCircuitTable>

<AttachmentCircuit>

<Naming>

<Name>GigabitEthernet0/0/0/1.302</Name>

</Naming>

<Enabled>true</Enabled>

</AttachmentCircuit>

</AttachmentCircuitTable>

<PseudoWireTable>

<PseudoWire>

<Naming>

<Neighbor>

<IPV4Address>10.11.13.15</IPV4Address>

</Neighbor>

<PseudowireID>1005</PseudowireID>

</Naming>

<PseudoWireParameters/>

</PseudoWire>

</PseudoWireTable>

</P2PXConnect>

</P2PXConnectTable>

</XConnectGroup>

</XConnectGroupTable>

</L2VPN>

</Configuration>

</Set>

<Commit/>

</Request>



Comments

In IOS XR, device configuration is specified in XML format.

With respect to the XML schemas, different versions of IOS XR generate different XML configlets. However the configurations will be almost identical, except for changes in the XML schema.

There are different cases to consider. For example, when a service request is decommissioned or modified, the XML configuration will slightly differ.

ERS (EVPL) and EWS (EPL) (Local Connect on E-Line)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL) and EWS (EPL).

Device configuration:

The N-PE is a CRS-1 with IOS XR 3.6 or later.

The U-PE is a 12.2(18)SXF with IOS.

Configlets

UP-E
N-PE

interface GigabitEthernet0/0/0/2.559

dot1q vlan 559

l2transport

!

interface GigabitEthernet0/0/0/4.559

dot1q vlan 559

l2transport

!

l2vpn

xconnect group ISC

p2p cl-test-l2-crs1-1--0--559

interface GigabitEthernet0/0/0/2.559

interface GigabitEthernet0/0/0/4.559

!

!

!


Comments

The default E-Line name has changed for local connect configlets.

The format of the default E-line name is:

device_name_with_underscores--VCID--VLANID

ERS (EVPL), EWS (EPL), ATM, or Frame Relay (Additional Template Variables for L2VPN, IOS and IOS XR Device)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ERS (EVPL), EWS (EPL), ATM and Frame Relay.

Device configuration:

The N-PE is a 12.2(18)SXF with IOS for ERS (EVPL), EWS (EPL), Frame Relay service.

The N-PE is a CRS-1 with IOS XR 3.6 or later for ERS (EVPL), EWS (EPL) service; and IOS XR 3.7 or later for ATM service (ATM port mode).

The U-PE is a 12.2(25)EY4 with IOS for ERS (EVPL) or EWS (EPL) service.

Configlets

UP-E
N-PE

(None).

Template Content:

interface Loopback0

description

LocalLoopbackAddress=$L2VPNLocalLoopback

LocalHostName=$L2VPNLocalHostName

RemoteLoopbackAddress=$L2VPNRemoteLoopback

RemoteHostName=$L2VPNRemoteHostName


Configlets:

interface Loopback0

description LocalLoopbackAddress= 192.169.105.40

LocalHostName=cl-test-l2-7600-2

RemoteLoopbackAddress=192.169.105.80

RemoteHostName= cl-test-l2-7600-4


Comments

These four variables are supported only on the N-PE.

The values will be empty for all other device roles (U-PE, PE-AGG, and CE).

EWS (EPL) (Point-to-Point)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: EWS (EPL) (point-to-point).

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, Sup720-3BXL.

Interface(s): FA8/17.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY1. No port security, no tunneling.

Interface(s): FA1/0/20 - FA1/0/23.

L2VPN point-to-point.

Q-in-Q UNI.

Configlets

UP-E
N-PE

system mtu 1522

!

vlan 774

exit

!

interface FastEthernet1/0/20

no cdp enable

no keepalive

switchport

switchport access vlan 774

switchport mode dot1q-tunnel

switchport nonegotiate

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface FastEthernet1/0/23

no ip address

switchport trunk allowed vlan 774,787-788

vlan 774

exit

!

interface FastEthernet8/17

switchport trunk allowed vlan 1,451,653,659,766-768,772,773-774,878

!

interface Vlan774

no ip address

description L2VPN EWS

xconnect 99.99.8.99 89029 encapsulation mpls

no shutdown


Comments

The N-PE is a 7600 with a OSM or SIP-600 module. Provisioning is the same as the ERS (EVPL) example.

The U-PE is a generic Metro Ethernet (ME) switch.

No PACL provisioned by default. BPDU can be tunneled if desired.

The system MTU needs to set to 1522 to handle the extra 4 bytes of Q-in-Q frames.

EWS (EPL) (Point-to-Point, UNI Port Security, BPDU Tunneling)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: EWS (EPL) (point-to-point) with Port security, BPDU tunneling.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, Sup720-3BXL.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY1. No port security, with tunneling.

L2VPN point-to-point.

Q-in-Q UNI.

Configlets

UP-E
N-PE

system mtu 1522

!

vlan 775

exit

!

system mtu 1522

!

vlan 775

exit

!

interface FastEthernet1/0/19

no cdp enable

no keepalive

switchport

switchport access vlan 775

switchport mode dot1q-tunnel

switchport nonegotiate

switchport port-security maximum 34

switchport port-security aging time 32

switchport port-security violation shutdown

switchport port-security

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

l2protocol-tunnel shutdown-threshold cdp 88

l2protocol-tunnel shutdown-threshold stp 99

l2protocol-tunnel shutdown-threshold vtp 56

l2protocol-tunnel drop-threshold cdp 56

l2protocol-tunnel drop-threshold stp 64

l2protocol-tunnel drop-threshold vtp 34

storm-control unicast level 34.0

storm-control broadcast level 23.0

storm-control multicast level 12.0

spanning-tree portfast

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet1/0/19 in


interface FastEthernet1/0/23

no ip address

switchport trunk allowed vlan 774-775,787-788


!

mac access-list extended ISC-FastEthernet1/0/19

no permit any any

deny any host 3456.3456.1234

permit any any

vlan 775

exit

!

interface FastEthernet8/17

switchport trunk allowed vlan 1,451,653,659,766-768,772,773-775,878

!

interface Vlan775

no ip address

description L2VPN EWS

xconnect 99.99.8.99 89029 encapsulation mpls

no shutdown


Comments

The N-PE is a 7600 with an OSM or SIP-600 module. Provisioning is the same as the ERS (EVPL) example.

The U-PE is a generic Metro Ethernet (ME) switch.

PACL with one user-defined entry.

BPDUs (CDP, STP and VTP) are tunneled through the MPLS core.

Storm control is enabled for unicast, multicast, and broadcast.

EWS (EPL) (Hybrid)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: EWS (EPL) hybrid. One side is EWS (EPL) UNI; the other side is ERS (EVPL) NNI.

Device configuration:

The N-PE is a Cisco 7600 with 12.2(18)SXF, Sup720-3BXL.

Interface(s): FA8/17.

The U-PE is a Cisco 3750ME with 12.2(25)EY1. No port security, with tunneling.

Interface(s): FA1/0/20 - FA1/0/23.

L2VPN point-to-point.

Q-in-Q UNI.

Note The first configlet example is the EWS (EPL) side (UNI). The second configlet is the ERS (EVPL) side (NNI).

Configlets (EWS)

UP-E
N-PE

system mtu 1522

!

vlan 775

exit

!

system mtu 1522

!

vlan 775

exit

!

interface FastEthernet1/0/19

no cdp enable

no keepalive

switchport

switchport access vlan 775

switchport mode dot1q-tunnel

switchport nonegotiate

switchport port-security maximum 34

switchport port-security aging time 32

switchport port-security violation shutdown

switchport port-security

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

l2protocol-tunnel shutdown-threshold cdp 88

l2protocol-tunnel shutdown-threshold stp 99

l2protocol-tunnel shutdown-threshold vtp 56

l2protocol-tunnel drop-threshold cdp 56

l2protocol-tunnel drop-threshold stp 64

l2protocol-tunnel drop-threshold vtp 34

storm-control unicast level 34.0

storm-control broadcast level 23.0

storm-control multicast level 12.0

spanning-tree portfast

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet1/0/19 in


interface FastEthernet1/0/23

no ip address

switchport trunk allowed vlan 774-775,787-788


!

mac access-list extended ISC-FastEthernet1/0/19

no permit any any

deny any host 3456.3456.1234

permit any any


vlan 775

exit

!

interface FastEthernet8/17

switchport trunk allowed vlan 1,451,653,659,766-768,772,773-775,878

!

interface Vlan775

no ip address

description L2VPN EWS

xconnect 99.99.8.99 89029 encapsulation mpls

no shutdown


Comments

This is the EWS (EPL) side (UNI).

N-PE is 7600 with an OSM or a SIP-600 module. Provisioning is the same as the ERS (EVPL).

The U-PE is a generic Metro Ethernet (ME) switch.

PACL with one user-defined entry.

BPDUs (cdp, stp and vtp) are tunneled through the MPLS core.

Storm control is enabled for unicast, multicast, and broadcast.

Configlets (ERS)

UP-E
N-PE

system mtu 1522


vlan 775

exit


interface FastEthernet1/17

switchport trunk allowed vlan 1,451,653,659,766-768,772,773-775,878


interface FastEthernet1/10

switchport trunk allowed vlan 1,451,653,659,766-768,772,773-775,878

vlan 775

exit

!

interface FastEthernet8/17

switchport trunk allowed vlan 1,451,653,659,766-768,772,773-775,878

!

interface Vlan775

no ip address

description L2VPN EWS

xconnect 99.99.8.99 89029 encapsulation mpls

no shutdown


Comments

This is the ERS (EVPL) side (NNI).

The N-PE is a 7600 with an OSM or a SIP-600 module. Provisioning is the same as the ERS (EVPL).

The U-PE is really a PE-AGG. It connects to the wholesale customer as an NNI. Both ports are regular NNI ports.

EWS (EPL) (Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: EWS (EPL).

Device configuration:

The N-PE is a CRS-1 with IOS XR 3.6.1 or later.

UNI on U-PE.

Configlets

UP-E
N-PE

!

system mtu 1522

!

vlan 700

exit

!

interface FastEthernet1/0/2

switchport

switchport access vlan 700

switchport mode dot1q-tunnel

switchport nonegotiate

no keepalive

no cdp enable

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface GigabitEthernet1/0/1

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 700

switchport mode trunk

!

!

interface GigabitEthernet0/3/1/1.700 l2transport

dot1q vlan 700

!

!

l2vpn

pw-class PW_AD7-AD3_Cutsomer2

encapsulation mpls

transport-mode ethernet

preferred-path interface tunnel-te 2730

!

!

xconnect group ISC

p2p cl-test-l2-12404-2--1000

interface GigabitEthernet0/3/1/1.700

neighbor 192.169.105.30 pw-id 1000

pw-class PW_AD7-AD3_Cutsomer2

!


Comments

The N-PE is a CRS-1 router with IOS XR 3.7.

The pseudowire class feature is configured with various associated attributes like encapsulation, transport mode, preferred-path, and fallback option

The disable fallback option is required for IOS XR 3.6.1 and optional for IOS XR 3.7 and later.

The E-Line name (p2p command) and L2VPN Group Name (xconnect group command) is an ISC-generated default value, if user input is not provided.

EWS (EPL) (NBI Enhancements for L2VPN, IOS Device)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: EWS (EPL).

Device configuration:

The N-PE is a 12.2(18)SXF with IOS.

The U-PE is a 12.2(25)EY4with IOS.

UNI on N-PE.

UNI on U-PE.

Configlets

UP-E
N-PE

!

vlan 3201

exit

!

interface FastEthernet1/0/2

no cdp enable

no ip address

duplex auto

switchport

switchport access vlan 3201

switchport mode dot1q-tunnel

switchport nonegotiate

switchport port-security aging type inactivity

switchport port-security maximum 100

switchport port-security aging time 1000

switchport port-security violation protect

switchport port-security

storm-control unicast level 1.0

storm-control broadcast level 50.0

storm-control multicast level 50.0

shutdown

keepalive

spanning-tree bpdufilter enable


!

interface GigabitEthernet1/0/1

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 3201

!

!

vlan 3301

exit

!

interface FastEthernet1/0/24

no cdp enable

no ip address

duplex auto

switchport

switchport access vlan 3301

switchport mode dot1q-tunnel

switchport nonegotiate

switchport port-security aging type inactivity

switchport port-security maximum 100

switchport port-security aging time 1000

switchport port-security violation protect

switchport port-security

storm-control unicast level 1.0

storm-control broadcast level 50.0

storm-control multicast level 50.0

shutdown

keepalive

spanning-tree bpdufilter enable


!

interface Vlan3301

no ip address

xconnect 192.169.105.40 7502 encapsulation mpls

no shutdown

!


Comments

None.

ATM over MPLS (VC Mode)

Configuration

Service: L2VPN.

Feature: ATM over MPLS (ATMoMPLS, a type of AToM) in VC mode.

Device configuration:

The N-PE is a Cisco 7200 with IOS 12.0(28)S.

No CE.

No U-PE.

L2VPN point-to-point (ATMoMPLS).

C7200 (ATM2/0).

Configlets

UP-E
N-PE

(None)

interface ATM2/0.34234 point-to-point

pvc 213/423 l2transport

encapsulation aal5

xconnect 99.99.4.99 89025 encapsulation mpls


Comments

The N-PE is any MPLS-enabled router.

L2VPN provisioning is on the ATM VC connection.

ATM over MPLS (VP Mode)

Configuration

Service: L2VPN.

Feature: ATM over MPLS (ATMoMPLS, a type of AToM) in VP mode.

Device configuration:

The N-PE is a Cisco 7200 with IOS 12.0(28)S.

Interface(s): ATM2/0.

No CE.

No U-PE.

L2VPN point-to-point (ATMoMPLS).

Configlets

UP-E
N-PE

(None)

pseudowire-class ISC-pw-tunnel-123

encapsulation mpls

preferred-path interface tunnel123 disable-fallback

!

interface ATM2/0

atm pvp 131 l2transport

xconnect 99.99.4.99 89024 pw-class ISC-pw-tunnel-123


Comments

The N-PE is any MPLS-enabled router.

L2VPN provisioning is on the ATM VP connection.

The L2VPN pseudowire is mapped to a TE tunnel.

ATM (Port Mode, Pseudowire Class, E-Line, L2VPN Group Name, IOS XR Device)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: ATM.

Device configuration:

The N-PE is a CRS-1 with IOS XR 3.7 or later for ATM service (port mode only).

UNI on N-PE.

Configlets

UP-E
N-PE

(None)

interface ATM0/1/0/0

description UNIDesc_AC1

l2transport

!

!

l2vpn

pw-class PWClass-1

encapsulation mpls

preferred-path interface tunnel-te 500 fallback disable

!

!

xconnect group ISC

p2p ELine_AC1

interface ATM0/1/0/0

neighbor 192.169.105.70 pw-id 100

pw-class PWClass-1

!



Comments

The N-PE is a CRS-1 router.

The pseudowire class feature is optional and not configured.

The E-Line name (p2p command) and L2VPN Group Name (xconnect group command) are user configured.

Only PORT mode is supported in IOS XR.

This PORT mode will not generate any specific command, such as pvp or pvc, on IOS XR devices.

The ATM interface is included under xconnect.

Frame Relay over MPLS

Configuration

Service: L2VPN.

Feature: Frame Relay over MPLS (FRoMPLS, a type of AToM).

Device configuration:

The N-PE is a Cisco 7200 with IOS 12.0(28)S.

Interface(s): ATM2/0.

No CE.

No U-PE.

L2VPN point-to-point (ATMoMPLS).

Configlets

UP-E
N-PE

(None)

interface Serial1/1

exit

!

connect C1_89001 Serial1/1 135 l2transport

xconnect 99.99.4.99 89001 encapsulation mpls


Comments

The N-PE is any MPLS-enabled router.

L2VPN provisioning is on the serial port for the Frame Relay connection.

Frame Relay (DLCI Mode)

Configuration

Service: L2VPN over a L2TPv3 core.

Feature: FR in DLCI mode.

Device configuration:

The N-PE is a Cisco 7200 with IOS 12.0(28)S.

Interface(s): ATM2/0.

No CE.

No U-PE.

L2VPN point-to-point (ATMoMPLS).

Configlets

UP-E
N-PE

(None)

pseudowire-class ISC-pw-dynamic-default

encapsulation l2tpv3

ip local interface Loopback10

ip dfbit set

!

interface Serial3/2

encapsulation frame-relay

exit

!

connect ISC_1054 Serial3/2 86 l2transport

xconnect 10.9.1.1 1054 encapsulation l2tpv3 pw-class ISC-pw-dynamic-default


Comments

The N-PE is any L2TPv3 enabled router.

L2VPN provisioning is on the serial port for the Frame Relay connection.

VPLS (Multipoint, ERMS/EVP-LAN)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: VPLS (multipoint) ERMS (EVP-LAN).

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, Sup720-3BX.L

Interface(s): FA2/18.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY1. No port security, no tunneling.

Interface(s): FA1/0/21 - FA1/0/23.

VPLS Multipoint VPN with VLAN 767.

Configlets

UP-E
N-PE

vlan 767

exit

!

interface FastEthernet1/0/21

no cdp enable

no keepalive

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 767

switchport nonegotiate

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet1/0/21 in

!

interface FastEthernet1/0/23

no ip address


mac access-list extended ISC-FastEthernet1/0/21

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

permit any any

l2 vfi vpls_ers_1-0 manual

vpn id 89017

neighbor 99.99.10.9 encapsulation mpls

neighbor 99.99.5.99 encapsulation mpls

!

vlan 767

exit

!

interface FastEthernet2/18

switchport trunk allowed vlan 350,351,430,630,767,780,783,785-791

!

interface Vlan767

no ip address

description VPLS ERS

xconnect vfi vpls_ers_1-0

no shutdown


Comments

The N-PE is a 7600 with OSM or SIP-600 module.

The VFI contains all the N-PEs (neighbors) that this N-PE talks to.

The U-PE is a generic Metro Ethernet (ME) switch. The customer BPDUs are blocked by the PACL. The VPLS ERMS (EVP-LAN) UNI is the same as the L2VPN (point-to-point) ERS (EVPL) UNI.

The SVI (interface 767) refers to the global VFI, which contains multiple peering N-PEs.

VPLS (Multipoint, EMS/EP-LAN), BPDU Tunneling)

Configuration

Service: L2VPN/Metro Ethernet.

Feature: VPLS (multipoint) EMS (EP-LAN) with BPDU tunneling.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, Sup720-3BXL.

Interface(s): FA2/18.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY1. No port security, no tunneling.

Interface(s): FA1/0/12 - FA1/0/23.

VPLS Multipoint VPN, with VLAN 767.

Q-in-Q UNI.

Configlets

UP-E
N-PE

system mtu 1522

!

errdisable recovery interval 33

!

vlan 776

exit

!

interface FastEthernet1/0/12

no cdp enable

no keepalive

switchport

switchport access vlan 776

switchport mode dot1q-tunnel

switchport nonegotiate

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

l2protocol-tunnel shutdown-threshold cdp 88

l2protocol-tunnel shutdown-threshold stp 64

l2protocol-tunnel shutdown-threshold vtp 77

l2protocol-tunnel drop-threshold cdp 34

l2protocol-tunnel drop-threshold stp 23

l2protocol-tunnel drop-threshold vtp 45

no shutdown

spanning-tree portfast

spanning-tree bpdufilter enable

l2 vfi vpls_ews-89019 manual

vpn id 89019

neighbor 99.99.8.99 encapsulation mpls

!

vlan 776

exit

!

interface FastEthernet8/17

switchport trunk allowed vlan 1,451,653,659,766-768,772-776,878

!

interface Vlan776

no ip address

description VPLS EWS

xconnect vfi vpls_ews-89019

no shutdown


Comments

The N-PE is a 7600 with an OSM or SIP-600 module.

The VFI contains all the N-PEs (neighbors) that this N-PE talks to.

The VPLS EMS (EP-LAN) UNI is the same as L2VPN (point-to-point) EWS (EPL) UNI.

The SVI is the same as VPLS ERS (EVP-LAN) SVI.

FlexUNI/EVC (Pseudowire Core Connectivity, UNI Port Security)

Configuration

Service: FlexUNI (EVC)/Metro Ethernet.

Feature: FlexUNI/EVC with pseudowire core connectivity, with UNI port security.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(33)SRB3.

Interface(s): GI2/0/0.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY2. Port security is enabled.

Interface(s): FA1/14- FA3/23.

Configlets

UP-E
N-PE

vlan 788

exit

!

interface FastEthernet3/23

no ip address

switchport trunk allowed vlan 783,787-788

!

interface FastEthernet1/14

no cdp enable

no keepalive

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 788

switchport port-security

switchport nonegotiate

switchport port-security maximum 45

switchport port-security aging time 34

switchport port-security violation shutdown

switchport port-security mac-address

3456.3456.5678

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/23 in

!

mac access-list extended

ISC-FastEthernet3/31

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

deny any host 1234.3234.3432

permit any any

interface GigabitEtherne4/0/1

no shut

service instance 10 ethernet

encapsulation dot1q 500

rewrite ingress tag push dot1q 555 symmetric

xconnect 192.169.105.20 505 encapsulation mpls


Comments

UNI on U-PE.

Single match tag is performed.

The rewrite operation push pushes the outer VLAN tag of 555.

FlexUNI/EVC (Pseudowire Core Connectivity, UNI, without Port Security, with Bridge Domain)

Configuration

Service: FlexUNI(EVC)/Metro Ethernet.

Feature: FlexUNI/EVC with pseudowire core connectivity, with UNI, without port security, and with bridge domain.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(33)SRB3.

Interface(s): GI2/0/0.

The U-PE is a Cisco 3750ME with IOS 12.2(25)EY2. Port security is enabled.

Interface(s): FA1/14- FA3/23.

Configlets

UP-E
N-PE

vlan 772

exit

!

interface FastEthernet3/23

switchport trunk allowed vlan 500,772

!

interface FastEthernet1/14

no cdp enable

no keepalive

no ip address

switchport trunk allowed vlan 500,772

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/23 in

!

mac access-list extended

ISC-FastEthernet1/14

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

permit any any

vlan 100

interface GigabitEtherne2/0/0

no shut

service instance 10 ethernet

encapsulation dot1q 500

rewrite ingress tag push dot1q 23 second-dot1q 41 symmetric

bridge-domain 100 split-horizon


Interface Vlan100

no shut

xconnect 192.169.105.20 101 encapsulation mpls


Comments

UNI on U-PE.

Single match tag is performed.

The rewrite operation push pushes two tags.

FlexUNI/EVC (Pseudowire Core Connectivity, UNI, and Pseudowire Tunneling)

Configuration

Service: FlexUNI(EVC)/Metro Ethernet.

Feature: FlexUNI/EVC with pseudowire core connectivity, with UNI, with pseudowire tunneling.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3.

Interface(s): GI4/0/0 <-> GI2/0/0.

Configlets

UP-E
N-PE

(None)

pseudowire-class ISC-pw-tunnel-2147

encapsulation mpls

preferred-path interface Tunnel2147 disable-fallback


interface GigabitEtherne4/0/0

service instance 1 ethernet

encapsulation dot1q 11 second-dot1q 41

rewrite ingress tag pop 2 symmetric

xconnect pw-class ISC-pw-tunnel-2147


Comments

UNI on N-PE (the CE is directly connected).

Match of both tags is performed.

The rewrite operation pops both the inner and outer VLAN tags.

FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)

Configuration

Service: FlexUNI(EVC)/Metro Ethernet.

Feature: FlexUNI/EVC with VPLS core connectivity, with UNI port security.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3.

Interface(s): GI4/0/1.

The U-PE is a Cisco 3750ME with IOS 12.2(25) EY2. Port security is enabled.

Interface(s): FA1/14- FA3/23.

Configlets

UP-E
N-PE

vlan 788

exit

!

interface FastEthernet3/23

no ip address

switchport trunk allowed vlan 783,787-788

!

interface FastEthernet1/14

no cdp enable

no keepalive

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 788

switchport port-security

switchport nonegotiate

switchport port-security maximum 58

switchport port-security aging time 85

switchport port-security violation shutdown

switchport port-security mac-address

1252.1254.2544

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/23 in

!

mac access-list extended

ISC-FastEthernet3/31

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

deny any host 1234.3234.3432

permit any any

l2 vfi attest-226 manual

vpn id 226

neighbor 192.169.105.20 encapsulation mpls


vlan 200

bridge-domain 200 split-horizon


interface GigabitEtherne4/0/1

no shut

service instance 10 ethernet

encapsulation dot1q 500

rewrite ingress tag translate 1-to-1 dot1q 222 symmetric

Interface vlan 200

xconnect vfi attest-226


Comments

UNI on U-PE.

The rewrite operation translates the incoming VLAN tag 500 to 222.

FlexUNI/EVC (VPLS Core Connectivity, no UNI Port Security)

Configuration

Service: FlexUNI(EVC)/Metro Ethernet.

Feature: FlexUNI/EVC with VPLS core connectivity, without UNI port security.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3.

Interface(s): GI4/0/1.

The U-PE is a Cisco 3750ME with IOS 12.2(25) EY2.

Interface(s): FA1/14- FA3/23.

Configlets

UP-E
N-PE

vlan 772

exit

!

interface FastEthernet3/23

switchport trunk allowed vlan 500,772

!

interface FastEthernet1/14

no cdp enable

no keepalive

no ip address

switchport trunk allowed vlan 500,772

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/23 in

!

mac access-list extended

ISC-FastEthernet1/14

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

permit any any

l2 vfi attest1-458 manual

vpn id 452

neighbor 192.169.105.20 encapsulation mpls


vlan 200

bridge-domain 200 split-horizon


interface GigabitEtherne4/0/1

no shut

service instance 10 ethernet

encapsulation dot1q 500

rewrite ingress tag translate 1-to-2 dot1q 222 second-dot1q 41 symmetric

Interface vlan 200

xconnect vfi attest1-458


Comments

UNI on U-PE.

The rewrite operation translates the incoming VLAN tag 500 to two tags, 222 and 41.

FlexUNI/EVC (Local Connect Core Connectivity, UNI Port Security)

Configuration

Service: FlexUNI(EVC)/Metro Ethernet.

Feature: FlexUNI/EVC with local connect core connectivity, with UNI port security.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3.

Interface(s):GI2/0/0.

The U-PE is a Cisco 3750ME with IOS 12.2(25) EY2. Port security is enabled.

Interface(s): FA1/14- FA3/23.

Configlets

UP-E
N-PE

vlan 788

exit

!

interface FastEthernet3/23

no ip address

switchport trunk allowed vlan 783,787-788

!

interface FastEthernet1/14

no cdp enable

no keepalive

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 788

switchport port-security

switchport nonegotiate

switchport port-security maximum 45

switchport port-security aging time 34

switchport port-security violation shutdown

switchport port-security mac-address

4111.4545.1211

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/23 in

!

mac access-list extended

ISC-FastEthernet3/31

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

deny any host 1234.3234.3432

permit any any

Connect Customer_1 GigabitEthernet4/0/1 10 GigabitEthernet4/0/10 25


interface GigabitEtherne4/0/1

no shut

service instance 10 ethernet

encapsulation dot1q 500

rewrite ingress tag push dot1q 555 symmetric

interface GigabitEtherne4/0/10

no shut

service instance 25 ethernet

encapsulation dot1q 500 second-dot1q 501

rewrite ingress tag translate 2-to-1 dot1q 222 symmetric


Comments

UNI on U-PE.

Two tag matching operations are carried out.

The rewrite operation translates two tags to a single tag.

Two service instances are connected through the connect command.

FlexUNI/EVC (Local Connect Core Connectivity, UNI, no Port Security, Bridge Domain)

Configuration

FlexUNI(EVC)/Metro Ethernet.

Feature: FlexUNI/EVC with local connect core connectivity, with UNI, without port security, and with bridge domain.

Device configuration:

The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3.

Interface(s):GI2/0/0.

The U-PE is a Cisco 3750ME with IOS 12.2(25) EY2.

Interface(s):FA1/14- FA3/23.

Configlets

UP-E
N-PE

vlan 772

exit

!

interface FastEthernet3/23

switchport trunk allowed vlan 500,772

!

interface FastEthernet1/14

no cdp enable

no keepalive

no ip address

switchport trunk allowed vlan 500,772

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/23 in

!

mac access-list extended

ISC-FastEthernet1/14

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

permit any any

interface GigabitEtherne2/0/0

no shut

service instance 10 ethernet

encapsulation dot1q 500 second-dot1q 501

rewrite ingress tag translate 2-to-2 dot1q 222 second-dot1q 41 symmetric

bridge-domain 200 split-horizon


interface GigabitEtherne2/0/10

no shut

service instance 15 ethernet

encapsulation dot1q 24

rewrite ingress tag pop 1 symmetric

bridge-domain 200 split-horizon


Comments

UNI on U-PE.

The rewrite operation maps/translates the incoming two tags into two different tags.

The service instances here are connected through bridge domain.