Jump to content
Калькуляторы

Посоветуйте максимально простой конфинг под SNR-S300G-24FX для организации MPLS канала точка-точка через несколько аналогичных коммутаторов.

Маn перечитал не один раз, но приведенные примеры чересчур избыточны.

В качестве доступа SNR S2982G-24T.

В качестве пограничных L3 коммутаторов выступают SNR-S300G-24FX.

Edited by RN3DCX

Share this post


Link to post
Share on other sites

!
! включаем mpls
mpls enable
!
! сразу максимум, чтобы не думать об этом
mtu 9216
!
! это для передачи любого трафика в езернете
pw-class transport-ethernet
 transport-mode ethernet
!
! это для вланов (99% ваших pw будут именно в нем)
pw-class transport-vlan
!
! два pw с вторым свитчем, один езернет, второй влан, id будут равны номерам вланов (но могут и не быть)
l2-vc 172.16.100.2 pw-id 100 pw-class transport-ethernet
l2-vc 172.16.100.2 pw-id 200 pw-class transport-vlan
!
! vpls с еще двумя свитчами
vfi v300 300
 peer 172.16.100.2 pw-id 300 pw-class transport-vlan
 peer 172.16.100.3 pw-id 300 pw-class transport-vlan
!
! аплинк к другому mpls свитчу
interface Vlan10
 description uplink
 mtu 1608
 mpls mtu 1608
 label-switching
 ip ospf network point-to-point
 ldp enable
 ip address 172.16.0.1 255.255.255.252
!
! лупбек для организации транспортных стыков
interface Loopback101
 description mpls loopback
 ip address 172.16.100.1 255.255.255.255
!
! задаем его же как rid
router-id 172.16.100.1
!
! динамически анонсируем лупбеки по ospf
router ospf 1
 log-adjacency-changes detail
 network 172.16.0.0 0.0.0.3 area 0
 redistribute connected
!
! обмен метками через ldp (тут вроде никак иначе и не получится)
router ldp
 router-id 172.16.100.1
 targeted-peer-hello-interval 10
 hold-time 45
 targeted-peer-hold-time 90
 keepalive-interval 60
 keepalive-timeout 180
 targeted-hello-accept
 ! это надо, если нет прямой p2p связи между свитчами, а видны через l3, но лучше написать на все остальные роутеры
 targeted-peer 172.16.100.2
 targeted-peer 172.16.100.3
 transport-address 172.16.100.1
!
! здесь аплинк
Interface Ethernet1/0/25
 description uplink
 switchport mode trunk
 switchport trunk allowed vlan 10
!
! в этот порт отдаем ethernet канал, в нем может быть всё что угодно
Interface Ethernet1/0/1
 description ethernet over mpls
 xconnect l2-vc pw-id 100
!
! отдаем pw в влане 200
Interface Ethernet1/0/2
 description vlan ver mpls
 xconnect l2-vc pw-id 200 mode vlan svid 200
!
! член vpls домена в влане 300
Interface Ethernet1/0/3
 description vlan over vpls
 xconnect vfi 300 mode vlan svid 300
!

 

На другим роутерах зеркально.

 

Share this post


Link to post
Share on other sites

А как в этой схеме поставить на доступ коммутатор?

Чтоб одни вланы шли стандартным путем, а другие через MPLS? 

Edited by RN3DCX

Share this post


Link to post
Share on other sites

Если на SNR-S300G-24FX на down_link порту указать switchport mode trunk

Interface Ethernet1/0/2
 description vlan over mpls
 switchport mode trunk
 xconnect l2-vc pw-id 200 mode vlan svid 200

будет ли корректно работать MPLS

Edited by RN3DCX

Share this post


Link to post
Share on other sites

Мож, кто поделиться конфигом как скрестить cisco l3 коммутатор с SNR'ами.

 

 

В центре 6500, по краям SNR-S300G-24FX.

 

Share this post


Link to post
Share on other sites

 

Если кто в курсе, ткните чего не хватает в конфиге на циске

 

 

Порт смотрящий на SNR:

interface GigabitEthernet1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216

 

 

Порт смотрящий на клиента:

interface GigabitEthernet1/48
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
!
interface GigabitEthernet1/48.111
 encapsulation dot1Q 111
 xconnect 10.101.101.1 111 encapsulation mpls

 

Конфиг

Скрытый текст

C6506#sh run
Building configuration...

Current configuration : 4796 bytes
!
! Last configuration change at 05:21:41 UTC Thu Jun 6 2019 by admin
!
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname C6506
!
boot-start-marker
boot system disk0:s72033-adventerprisek9-mz.151-2.SY12.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
!
aaa session-id common
!
!
!
!
!
vtp domain test
vtp mode off
!
!
no ip domain-lookup
ip domain-name C6506.local
mls netflow interface
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 main-cpu
  auto-sync running-config
 mode sso
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 555
!
ip tcp timestamp
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.101.101.2 255.255.255.255
!
interface GigabitEthernet1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!
interface GigabitEthernet1/3
 no ip address
 shutdown
!
interface GigabitEthernet1/47
 no ip address
 shutdown
!
interface GigabitEthernet1/48
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 9216
!
interface GigabitEthernet1/48.111
 encapsulation dot1Q 111
 xconnect 10.101.101.1 111 encapsulation mpls
!
interface GigabitEthernet5/1
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan555
 mtu 1608
 ip address 10.0.0.2 255.255.255.0
 ip ospf network point-to-point
!
router ospf 1
 redistribute connected
 network 10.0.0.2 0.0.0.0 area 0
 network 10.101.101.2 0.0.0.0 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback1 force
!
control-plane
!
!
dial-peer cor custom
!
!
line con 0
 exec-timeout 60 0
 privilege level 15
 logging synchronous
line vty 0 4
 exec-timeout 60 0
 privilege level 15
 logging synchronous
 transport input ssh
!
diagnostic bootup level minimal
!
end

 

 

 

C6506#sh mpls l2transport vc 111

Local intf     Local circuit              Dest address    VC ID      Status
-------------  -------------------------- --------------- ---------- ----------
Gi1/48.111     Eth VLAN 111               10.101.101.1    111        DOWN

 

 

 

Share this post


Link to post
Share on other sites

12 минут назад, zhenya` сказал:

mpls ip на vlan555?

А чё обязательно только IP на сам интерфейс?

т.е. 

#interface GigabitEthernet1/1
ip address 10.0.0.1 255.255.255.0

 

Edited by Jora_Cornev

Share this post


Link to post
Share on other sites

Первым делом при настройке добавил в глобал. Но при sh run почему-то-то не отображается.

6 минут назад, zhenya` сказал:

int vlan555 mpls ip

Добавил. Результат тот же...

Share this post


Link to post
Share on other sites

C6506#sh mpls l2transport vc 111 det
Local interface: Gi1/48.111 up, line protocol up, Eth VLAN 111 up
  Destination address: 10.101.101.1, VC ID: 111, VC status: down
  Load Balance: none
  Flow Label: Disabled
  Create time: 01:30:57, last status change time: 01:06:23
  Signaling protocol: LDP, peer 10.101.101.1:0 up
    Targeted Hello: 10.101.101.2(LDP Id) -> 10.101.101.1
    Status TLV support (local/remote)   : enabled/unknown (no remote binding)
      Label/status state machine        : local ready, LruRnd
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: not sent
      Last local  LDP TLV    status sent: no fault
      Last remote LDP TLV    status rcvd: unknown (no remote binding)
    MPLS VC labels: local 19, remote unassigned
    Group ID: local 0, remote unknown
    MTU: local 9216, remote unknown
    Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 0, send 0
    byte totals:   receive 0, send 0
    packet drops:  receive 0, seq error 0, send 0

 

C6506#show mpls ldp neighbor
    Peer LDP Ident: 10.101.101.1:0; Local LDP Ident 10.101.101.2:0
        TCP connection: 10.101.101.1.646 - 10.101.101.2.12982
        State: Oper; Msgs sent/rcvd: 85/74; Downstream
        Up time: 01:07:45
        LDP discovery sources:
          Targeted Hello 10.101.101.2 -> 10.101.101.1, active
          Vlan555, Src IP addr: 10.0.0.1
        Addresses bound to peer LDP Ident:
          10.0.0.1        10.101.101.1

 

Share this post


Link to post
Share on other sites

11 минут назад, zhenya` сказал:

Конфигурация с s300?

Скрытый текст

SNR-S300G-24FX#sh run
!!
switch convert mode stand-alone
!!
!
service password-encryption
!
hostname SNR-S300G-24FX
sysLocation Building 57/2,Predelnaya st, Ekaterinburg, Russia
sysContact support@nag.ru
!
authentication logging enable
!
username admin privilege 15 password 7 21232f297a57a5a743894a0e4a801fc3
!
authentication line console login local
!
!
!
!
!
ssh-server enable
!
!
!
!
!
!
mpls enable
!
Interface Ethernet0
!
mtu 9216
!
!
!
!
pw-class transport-vlan
!
vlan 1;555
!
l2-vc 10.101.101.2 pw-id 102 pw-class transport-vlan
router-id 10.101.101.1
!
!
Interface Ethernet1/0/1 (Порт смотрящий на клиента)
 switchport mode trunk
 xconnect l2-vc pw-id 111 mode vlan svid 111
!
Interface Ethernet1/0/2
!
Interface Ethernet1/0/16 (Порт смотрящий на циску)
 switchport mode trunk
!
Interface Ethernet1/0/30
!
interface Vlan555
 mtu 1608
 mpls mtu 1608
 label-switching
 ip ospf network point-to-point
 ldp enable
 ip address 10.0.0.1 255.255.255.0
!
interface Loopback1
 ip address 10.101.101.1 255.255.255.255
!
router ospf 1
 network 10.0.0.1 0.0.0.0 area 0
 network 10.101.101.1 0.0.0.0 area 0
 redistribute connected
!
router ldp
 router-id 10.101.101.1
 targeted-peer-hello-interval 10
 hold-time 45
 targeted-peer-hold-time 90
 keepalive-interval 60
 keepalive-timeout 180
 targeted-hello-accept
 targeted-peer 10.101.101.2
 transport-address 10.101.101.1
!
!
no login
!
captive-portal
!
end

 

Share this post


Link to post
Share on other sites

14 часов назад, zhenya` сказал:

VC ID и PW-ID должны совпадать

 

l2-vc 10.101.101.2 pw-id 102 pw-class transport-vlan

должно быть 111

Исправил

 

12 часов назад, vurd сказал:

Еще я подозреваю, что с "MTU: local 9216, remote unknown" оно и не взлетит даже с верным pwid

Выставил везде где можно mtu 1608

 

 

Share this post


Link to post
Share on other sites

 

Циска:

Скрытый текст

#sh run
Building configuration...

Current configuration : 4826 bytes
!
! Last configuration change at 00:29:20 UTC Fri Jun 7 2019 by admin
!
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname C6506
!
boot-start-marker
boot system disk0:s72033-adventerprisek9-mz.151-2.SY12.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
!
aaa session-id common
!
!
!
!
!
vtp domain test
vtp mode off
!
!
no ip domain-lookup
ip domain-name C6506.local
mls netflow interface
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
system jumbomtu 1608
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 main-cpu
  auto-sync running-config
 mode sso
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 555
!
ip tcp timestamp
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.101.101.2 255.255.255.255
!
interface GigabitEthernet1/1 (Порт смотрящий на SNR)
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 1608
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!
interface GigabitEthernet1/3
 no ip address
 shutdown
!
interface GigabitEthernet1/47
 no ip address
 shutdown
!
interface GigabitEthernet1/48 (Порт смотрящий на клиента)
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 mtu 1608
!
interface GigabitEthernet1/48.111
 encapsulation dot1Q 111
 xconnect 10.101.101.1 111 encapsulation mpls
!
interface GigabitEthernet5/1
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan555
 mtu 1608
 ip address 10.0.0.2 255.255.255.0
 ip ospf network point-to-point
 mpls ip
!
router ospf 1
 redistribute connected
 network 10.0.0.2 0.0.0.0 area 0
 network 10.101.101.2 0.0.0.0 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback1 force
!
control-plane
!
!
dial-peer cor custom
!
!
line con 0
 exec-timeout 60 0
 privilege level 15
 logging synchronous
line vty 0 4
 exec-timeout 60 0
 privilege level 15
 logging synchronous
 transport input ssh
!
diagnostic bootup level minimal
!
end

C6506#

 

SNR:

Скрытый текст

SNR-S300G-24FX#sh run
!!
switch convert mode stand-alone
!!
!
service password-encryption
!
hostname SNR-S300G-24FX
sysLocation Building 57/2,Predelnaya st, Ekaterinburg, Russia
sysContact support@nag.ru
!
authentication logging enable
!
username admin privilege 15 password 7 21232f297a57a5a743894a0e4a801fc3
!
authentication line console login local
!
!
!
!
!
ssh-server enable
!
!
!
!
!
!
mpls enable
!
Interface Ethernet0
!
mtu 1608
!
!
!
!
pw-class transport-vlan
!
vlan 1;555
!
l2-vc 10.102.102.2 pw-id 111 pw-class transport-vlan
router-id 10.101.101.1
!
!
Interface Ethernet1/0/1 (Порт смотрящий на клиента)
 switchport mode trunk
 xconnect l2-vc pw-id 111 mode vlan svid 111
!
Interface Ethernet1/0/2
!
Interface Ethernet1/0/3
!
Interface Ethernet1/0/16 (Порт смотрящий на циску)
 switchport mode trunk
!
interface Vlan555
 mtu 1608
 mpls mtu 1608
 label-switching
 ip ospf network point-to-point
 ldp enable
 ip address 10.0.0.1 255.255.255.0
!
interface Loopback1
 ip address 10.101.101.1 255.255.255.255
!
router ospf 1
 network 10.0.0.1 0.0.0.0 area 0
 network 10.101.101.1 0.0.0.0 area 0
 redistribute connected
!
router ldp
 router-id 10.101.101.1
 targeted-peer-hello-interval 10
 hold-time 45
 targeted-peer-hold-time 90
 keepalive-interval 60
 keepalive-timeout 180
 targeted-hello-accept
 targeted-peer 10.101.101.2
 transport-address 10.101.101.1
!
!
no login
!
captive-portal
!
end

SNR-S300G-24FX#
 

 

 

sh mpls l2transport vc 111 de
 

Local interface: Gi1/48.111 up, line protocol up, Eth VLAN 111 up
  Destination address: 10.101.101.1, VC ID: 111, VC status: down
  Load Balance: none
  Flow Label: Disabled
  Create time: 00:54:52, last status change time: 00:47:13
  Signaling protocol: LDP, peer 10.101.101.1:0 up
    Targeted Hello: 10.101.101.2(LDP Id) -> 10.101.101.1
    Status TLV support (local/remote)   : enabled/unknown (no remote binding)
      Label/status state machine        : local ready, LruRnd
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: not sent
      Last local  LDP TLV    status sent: no fault
      Last remote LDP TLV    status rcvd: unknown (no remote binding)
    MPLS VC labels: local 16, remote unassigned
    Group ID: local 0, remote unknown
    MTU: local 1608, remote unknown
    Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 0, send 0
    byte totals:   receive 0, send 0
    packet drops:  receive 0, seq error 0, send 0

 

Share this post


Link to post
Share on other sites

Вопрос ТП как на SNR включить debbug MPLS ?

 

Скрытый текст

SNR-S300G-24FX#debug ?
  aaa                        AAA
  anti-arpscan               Anti-arpscan
  arp                        ARP information
  bfd                        Bidirectional Forwarding Detection
  bgp                        BGP information
  captive-portal             Debug captive portal feature information
  captive-portal-cluster     Debug captive portal cluster feature information
  captive-portal-redirect    Debug captive portal redirect feature information
  chassis                    Chassis information
  cluster                    Debug cluster
  dcp                        Dynamic CPU Protection
  devsm                      DEVSM information
  dns                        DNS
  dot1x                      Dot1x
  driver                     Driver information
  dvmrp                      Distance Vector Multicast Routing Protocol (DVMRP)
  erps                       Ethernet ring protection switching
  ethernet                   Ethernet
  ethernet-oam               Ethernet in the First Mile Operation, Administration and Maintenance
  fulleaps                   FULL Ethernet Automatic Protection Switching
  gre                        Generic route encapsulation protocol
  gvrp                       GVRP
  ha                         HA debugging
  http                       http server
  igmp                       Internet Group Management Protocol
  ip                         Internet Protocol
  ipfix                      IP Flow Information eXport
  ipv6                       IPv6 information
  isis                       IS-IS information
  keepalive-gateway          keepalive-gateway system
  ldp                        Label Distribution Protocol (LDP)
  lldp                       Link Layer Discovery Protocol
  load                       LOAD information
  loopback-detection         Loopback-detection
  mac-authentication-bypass  Debug MAC authentication bypass feature information
  mim                        mac-in-mac
  mld                        Multicast Listener Discovery
  mrpp                       Multi-layer Ring Protection Protocol
  msdp                       Multicast Source Discovery Protocol(MSDP)
  nqa                        Network Quality Analyzer
  ntp                        Network time protocol
  openflow                   OPENFLOW information
  ospf                       OSPF information
  pim                        Protocol Independent Multicast (PIM)
  port-channel               Port group interface
  pppoe-ia                   PPPOE intermediate Agent
  rip                        RIP information
  savi                       Source Address Validation Improvements
  sftp                       sftp Configuration
  snmp                       Snmp information
  sntp                       Simple Network Time protocol
  spanning-tree              Mstp info
  ssh-server                 Debug ssh-server
  ssl                        Ssl
  switchport                 Set switchport character
  tacacs-server              Config tacacs+ server
  track                      Config track entry
  transceiver                Transceiver information
  trill                      TRILL commands
  uldp                       ULDP information
  ulpp                       Uplink Protection Protocol
  ulsm                       Uplink State Monitor
  urpf                       Unicast reverse path forwarding
  vepa                       VEPA configuration
  vepa-old                   Virtual Edge Port Aggregator
  vlan                       Vlan Commands
  vpls                       Virtual Private Lan Service
  vrrp                       Virtual Router Redundancy Protocol (VRRP)
  vsf                        Vsf
 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.