Cisco Catalyst SD-WAN Network Configuration Guide, Releases 26.x and Later

PDF

Configure a point-to-point Layer 2 VPN using CLI template

Want to summarize with AI?

Log in

Guides configuration of point-to-point Layer 2 VPNs using CLI templates, including procedures for setting up edge routers at Site A and Site B to establish connectivity.


Before you begin

  • You can use one L2VPN instance ID for one or more bridge domains. It must be the same at both ends of the circuit.

    To identify a particular bridge-domain, use Virtual Circuit (VC) ID. This ID is the identifier of the virtual circuit between the Cisco IOS XE Catalyst SD-WAN devices.

  • To create a P2P pseudowire, L2VPN instance ID, and VC ID must be the same on different Cisco IOS XE Catalyst SD-WAN devices.

  • Remote-site-id is only supported for P2P configuration.

  • For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates for Cisco IOS XE Catalyst SD-WAN Devices

    Note

    By default, CLI templates execute commands in Global Configuration mode.

Follow these steps to configure P2P L2VPN services between two sites (Site A and Site B) on the Cisco Catalyst SD-WAN overlay network.

Procedure

1.

Configure an edge router at Site A for point-to-point Layer 2 VPN using CLI template

2.

Configure an edge router at Site B for point-to-point Layer 2 VPN using CLI temple


Configure an edge router at Site A for point-to-point Layer 2 VPN using CLI template

Site A uses an edge router and connects the Ethernet interface to the L2 network that bridges to Site B.

Follow these steps to configure a an Edge Router at Site A for Point-to-Point Layer 2 VPN Using CLI Template

Procedure

1.

Define the L2VPN instance for point-to-point service:

l2vpn sdwan instance instance-id point-to-point
2.

Configure the Ethernet interface:


interface interface-name
 service instance instance-id ethernet
  encapsulation dot1q vlan-id
3.

Define the bridge domain and associate it with the interface and L2VPN instance:


bridge-domain bridge-id
 member vlan-name service-instance instance-id
 member sdwan instance  instance-id  remote-site remote-site-id vc-id  virtual-circuit-id single-homing
Starting from Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, you can specify the homing type as dual homing to enable multihoming.
bridge-domain bridge-id
member vlan-name service-instance instance-id
member sdwan instance instance-id remote-site remote-site-id vc-id virtual-circuit-id dual-homing 

Example

The following configures Site A using Cisco Catalyst 8000V Edge Software to manage traffic through GigabitEthernet5, which is linked to the Layer 2 network that provides connectivity to Site B.


l2vpn sdwan instance 100 point-to-point

interface GigabitEthernet5 
 service instance 100 ethernet
  encapsulation dot1q 2002
  !
bridge-domain 100
 member GigabitEthernet5 service-instance 100
 member sdwan-instance 100 remote-site 502 vc-id 100 single-homing

Configure an edge router at Site B for point-to-point Layer 2 VPN using CLI temple

Site B uses an edge router and Switchport Ethernet interface.

Follow these steps to configure an edge router at Site B for point-to-point Layer 2 VPN.

Procedure

1.

Define the L2VPN instance for point-to-point service.

l2vpn sdwan instance instance-id point-to-point
2.

Define the VLAN for the L2VPN.


vlan vlan-id
 name l2vpn
3.

Configure the VLAN interface.


interface interface-name
 service instance instance-id ethernet
  encapsulation dot1q vlan-id
  no shutdown
4.

Configure the Ethernet interface as an access port for VLAN.


interface interface-name
 switchport access vlan vlan-id
5.

Define the bridge-domain for site B and associate it with the VLAN and L2VPN instance.


bridge-domain bridge-id
 member vlan-name service-instance instance-id
 member sdwan instance  instance-id  remote-site remote-site-id vc-id  virtual-circuit-id single-homing
Starting from Cisco IOS XE Catalyst SD-WAN Release 17.15.1a, specify the homing type as dual homing to enable multihoming.
bridge-domain bridge-id
member vlan-name service-instance instance-id
member sdwan instance instance-id remote-site remote-site-id vc-id virtual-circuit-id dual-homing 

Example

The following configures Switchport GigabitEthernet 0/1/7 at Site B to connect to the interface with a Cisco ISR1100-8P device.


l2vpn sdwan instance 100 point-to-point
vlan 2002
 name L2vpn
interface Vlan2002 
 service instance 100 ethernet
  encapsulation dot1q 2002 
  no shutdown
  !
interface GigabitEthernet 0/1/7
 switchport access vlan 2002
bridge-domain 100
 member Vlan2002 service-instance 100
 member sdwan-instance 100 remote-site 500 vc-id 100 single-homing
 

After configuring the point-to-point L2VPN service on both sites, you can integrate these configuration blocks into your CLI Template or CLI Add-On Feature Template. This template can then be used to deploy the configuration across the relevant devices in the ​Cisco Catalyst SD-WAN fabric. Verify the connectivity and functionality of the L2VPN service following the deployment to confirm that the bridge between site A and site B is operational.