Cisco Systems OL-21636-01 Security Camera User Manual
Contents
1. Table E 2 MEF Ethernet Service Term Mappings Current MEF Term Former MEF Term L2VPN over MPLS Core Ethernet Private Line EPL Ethernet Wire Service EWS Ethernet Virtual Private Line EVPL Ethernet Relay Service ERS ATM over MPLS ATMoMPLS ATM over MPLS ATMoMPLS Frame Relay over MPLS FRoMPLS Frame Relay over MPLS FRoMPLS VPLS over MPLS Core Ethernet Private LAN EP LAN Ethernet Wire Service EWS or Ethernet Multipoint Service EMS Ethernet Virtual Private LAN EVP LAN Ethernet Relay Service ERS or Ethernet Relay Multipoint Service ERMS VPLS over Ethernet Core Ethernet Private LAN EP LAN Ethernet Wire Service EWS Ethernet Virtual Private LAN EVP LAN Ethernet Relay Service ERS For additional information about MEF conventions and additional useful background information on Metro Ethernet standards see the MEF website at the following URL http metroethernetforum org In particular see the document Metro Ethernet Services Definitions Phase 2 available under the section Information Center gt MEF Technical Specifications on the MEF website for a useful presentation of Metro Ethernet terms and definitions Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a OL 21636 01 Appendix E ISC Layer 2 VPN Concepts Layer 2 Terminology Conventions W Mapping MEF Terminologies to Network Technologies The MEF terminology only describes the outside characte2. Note Required Field 138457 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 10 Managing a VPLS Service Request HI Creating a VPLS Service Request with a CE Step 6 Step7 Step 8 Step 9 Step 10 You can enter a description for the service request in the first Description field The description will show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters Click Select CE in the CE column The Select CPE Device window appears See Figure 10 4 Figure 10 4 Select CPE Device Customer Name v 1 C ce3 Customert Menso p ce Customer 4 am 3 C c13 Customer1 east TA 138458 This window displays the list of currently defined CEs a From the Show CPEs with drop down list you can display CEs by Customer Name by Site or by Device Name b You can use the Find button to either search for a specific CE or to refresh the display c You can set the Rows per page to 5 10 20 30 40 or AIl In the Select column choose a CE for the VPLS link Click Select The VPLS Link Editor window appears displaying the name of the selected CE in the CE column Choose the CE interface from the drop down list See Figure 10 5 Figure 10 5 Select the CE Interface VPLS Service Request Editor Select one circuit Circuit De
3. Note Required Field 204779 As shown in Figure 4 8 the Template Association window lists the devices comprising the link the device roles and the template s data file s associated with the devices In this case the template s data file s have not yet been set up For further instructions on how to associate templates and data files with a service request see Appendix B Working with Templates and Data Files especially the section Using Templates with Service Requests page B 10 Saving the FlexUNI EVC Service Request To save a FlexUNI EVC Ethernet service request perform the following steps Step1 When you have finished setting the attributes for the FlexUNI EVC Ethernet service request click Save to create the service request If the FlexUNI EVC service request is successfully created you will see the service request list window similar to what appears in Figure 4 9 Figure 4 9 FlexUNI EVC Service Request Created Service Requests Show Services with Job ID matching F of Type fall Showing 1 2 of 2 records Job Data Operation Customer m ID Files State Type Type Creator ame Policy Name Last Modified Description 1 02 _ REQUESTED Eve ADD admin Customer2 58 7 5108 1 40 PM m __ REQUESTED Eve ADD admin Customer2 FlexUNI_pseudo 7 25 08 4 38 PM Rows perpage 10 gt 14 q Goto page f1 of 1 G3 DDI Auto Refresh v Create
4. I interface FastEthernet8 34 switchport trunk allowed vlan 1 778 779 interface Vlan779 no ip address description L2VPN ERS 2 to 1 vlan translation xconnect 99 99 8 99 89033 encapsulation mpls no shutdown e VLAN translation is only for L2VPN point to point ERS EVPL e In this case the 2 1 VLAN translation occurs on the U PE a 3750 It is provisioned on the NNI uplink port e The customer VLAN 123 and the provider VLAN 234 as part of Q in Q are translated to a new provider VLAN 779 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets ERS Pseudowire Class E Line L2VPN Group Name IOS XR Device ERS Pseudowire Class E Line L2VPN Group Name 10S XR Device Configuration e Service L2VPN Metro Ethernet e Feature ERS EVPL e Device configuration The N PE is a CRS 1 with IOS XR 3 6 1 or later UNI onN PE UNI on U PE Configlets U PE N PE l vlan 700 interface GigabitEthernet0 3 1 1 700 exit l2transport dotiq vlan 700 interface FastEthernet1 0 2 l switchport trunk encapsulation dotlq 1L2vpn switchport trunk allowed vlan 700 pw class PW_AD3 AD7_Customer1 Switchport mode trunk encapsulation mpls switchport nonegotiate transport mode vlan no keepalive preferred path interface tunnel te 1370 mac access group ISC FastEthernet1 0 2 in fallback disable no cdp enable I spanning tree
5. EndToEndWire Editor Showing 1 1 of 1 records a LM IG ce3 pet Defaut WLAN 1104 ce8 pe3 Default VLAN 1 H Modify any of the attributes as desired e The VPN for this service request appears in the Select VPN field If this request has more than one VPN click Select VPN to choose a VPN You can choose any of the blue highlighted values to edit the End to End Wire You can edit the AC link attributes to change the default policy settings After you edit these fields the blue link changes from Default to Changed You can enter a description for the service request in the first Description field The description will show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters You can enter a description for each end to end wire in the Description field provided for each wire The description shows up only in this window The data in this field is not pushed to the device s The maximum length for this field is 256 characters The Circuit ID is created automatically based on the VLAN data for the circuit I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter8 Managing an L2VPN Service Request WE Modifying the L2VPN Service Request e Ifthe policy was set up for you to define a VC ID manually enter it into the empty VC ID field If policy was set to auto pick the VC ID ISC wil
6. Service Type ert luttipoint Service Ethernet Multipoint Service EMS CE Present Oo Note Required Field Step 1 of 3 204788 Perform the following steps Step 1 Click Next The window in Figure 9 34 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 x OL 21636 01 Chapter9 Creating a VPLS Policy Defining an Ethernet EMS EP LAN Policy withoutaCE W Figure 9 34 Ethernet EMS EP LAN without CE Policy Attributes VPLS Policy Editor Attribute Value Editable H PEWU PE Information Interface Type ANY bd Standard UNI Port Vv Vv Intertace Format ft UNI Shutdown C Vv Keep Alive E Vv Interface Type for UNI Display ANY Vv UNI Vv UNI MAC Addresses Edit IV Link Speed None z M Link Duplex None z v VLAN and Other Information PEAN Interface Description ft Vv VLAN ID AutoPick Vv Vv VLAN Name fi wt System MTU in bytes amw Vv Use Existing ACL Name E Port Based ACL Name Vv Disable CDP Iv Vv UHI Port Security a Vv Protocol Tunnelling Bj Vv Note Required Field Step 2 of 3 E e 211703 Step2 Choose an Interface Type from the drop down list You can choose a particular interface on a
7. Step 16 Continue to specify additional PEs as in previous steps if desired Step 17 Click Save The VPLS service request is created and saved into ISC Modifying the VPLS Service Request You can modify a VPLS service request if you must change or modify the VPLS links This is also where you can associate templates and data files to a link Perform the following steps Step1 Choose Service Inventory gt Inventory and Connection Manager gt Service Requests See Figure 10 13 Figure 10 13 VPLS Service Activation Service Requests Show Services with Job ID v matching of Type All ja Find Showing 1 8 of 8 records Job Operation Customer z Pars E D State Type Type Creator Hane Policy Name Last Modified Description 1 07 REQUESTED L2VPN MODIFY admin Customer L2vpnErsCe 8 1 4106 3 49 PM 2 10 REQUESTED L2VPN ADD admin Customer1 L2vpnEwsCe 844 06 11 41 AM 3 0 12 REQUESTED L2VPN ADD admin Customer1 L2vpnErsNoCe 8 1406 2 33 PM 4 14 REQUESTED L2VPN ADD admin Customer L2vpnEwsNoCe 8 14 06 3 31 PM 5 18 REQUESTED L2WPN ADD admin Customer L2tpy3AtmCe 815 06 12 03 PM 6 20 REQUESTED L2VPN ADD admin Customer2 L2tpv3AtmNoCe 8 15 06 1 53 PM 7 6 21 REQUESTED VPLS ADD admin Customer1 YplisMplsErsCe 818 06 11 46 AM ef 22 REQUESTED VPLS ADD admin Customer YpisMplsEwsNoCe 8 18 06 2 37 PM Rowsperpage 10 v I q Goto page 1 of1 DDI Auto Refresh V Create a Details Status E
8. Appendix E ISC Layer 2 VPN Concepts L2VPN Service Provisioning W For the N PE that is serving Site A a VLAN interface Layer 3 interface is created to terminate all L2 traffic for the customer and an EoMPLS tunnel is configured on this interface Note This configuration is based on the Cisco 7600 Optical Services Router Other routers such as the Cisco 7200 have different configurations The VC ID that defines the EoMPLS tunnel is 200 See Figure E 4 Figure E 4 Ethernet over MPLS Configuration N_PE1 N_PE2 interface loopbackO interface loopbackO ip address 10 1 1 1 32 ip address 10 2 2 2 32 mpls label protocol Idp mpls label protocol Idp mpls Idp router id loopbackO mpls Idp router id loopbackO interface vlan 100 interface vlan 200 mpls 12transport route 10 2 2 2 mpls 12transport route 10 1 1 1 VC ID must match N_PE2 e VC ID must be unique N_PE1 102 22 between PE POP pairs 10 1 1 1 VLAN 100 VLAN 200 138358 6 Note that the VC ID has to be the same on both ends of the EoMPLS tunnel On each N PE there is mapping done between the VLANs to the EoMPLS tunnel See Figure E 5 Figure E 5 EoMPLS Tunnel Mapping VLAN ID to VC ID Mapping VC ID to VLAN ID VLAN 200 97072 eVCID 7 Two mapping tables VLAN ID lt gt VC ID For the overall connection this mapping is VLAN ID lt gt VC ID lt gt VLAN ID I OL 21636 01 Cisco IP
9. e The E Line Name attribute only appears if Configure Bridge Domain was not enabled in the EVC Service Request Editor window earlier in the service request workflow Click OK to save the Standard UNI settings and return to the EVC Service Request window The value in the Link Attributes column now displays as Changed signifying that the link settings have been updated You can edit the link attributes now or at a future time by clicking on the Changed link and modifying the settings in the Standard UNI Details window See Modifying the FlexUNI EVC Service Request page 4 21 for details on editing the link attributes To add another link click the Add button and set the attributes for the new link as in the previous steps in this section To delete a link check the check box in the first column of the row for that link and click the Delete button If you want to set up links with L2 access nodes for this service request see Setting Links with L2 Access Nodes page 4 20 When you have completed setting the attributes in the EVC Service Request Editor window click the Save button at the bottom of the window to save the settings and create the FlexUNI EVC service request If any attributes are missing or incorrectly set ISC displays a warning in the lower left of the window Make any corrections or updates needed based on the information provided by ISC and click the Save button For information on modifying a FlexUNI EVC se
10. e The L2VPN Group Name attribute is not available if the MPLS core connectivity type was set as VPLS in the Service Options window see Setting the Service Options page 3 8 e L2VPN Group Name is only applicable for IOS XR devices Step 19 Enter an E Line Name to specify the point to point p2p E line name Usage notes e Tfno value is specified for the E Line Name in either the policy or the service request based on the policy ISC autogenerates a default name as follows For PSEUDOWIRE core connectivity type the format is DeviceName VC_ID For LOCAL core connectivity type the format is DeviceName 0 VLAN_ID If the default name is more than 32 characters the device names are truncated Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 322 ff OL 21636 01 _ Chapter 3 Creating a FlexUNI EVC Ethernet Policy Step 20 Step 21 Enabling Template Association Ml e The E Line Name attribute is not available if the MPLS core connectivity type was set as VPLS in the Service Options window see Setting the Service Options page 3 8 e E Line Name is only applicable for IOS XR devices If you would like to enable template association for this policy click the Next button See the section Enabling Template Association page 3 23 for information about this feature To save the FlexUNI EVC policy click Finish To create a service request based on a FlexUNI EVC policy see Chapter 4 Managin
11. 10 10 15 17 10 15 10 15 17 20 10 20 25 e Ifthe Inner VLAN Ranges attribute is set to true in the policy the Inner VLAN ID field can take a range of inner VLAN tags If the Match Inner and Outer Tags check box is unchecked enter the outer VLAN tag in the Outer VLAN ID field Note Step 17 Step 18 The VLAN specified in Outer VLAN ID will be provisioned on the rest of the L2 access nodes if the link has any including the customer facing UNI In the VLAN Rewrite section of the window choose a Rewrite Type from the drop down list The choices are e Pop e Push e Translate The subsequent attributes in the GUI change depending on the choice of Rewrite Type as covered in the next steps If Pop is the Rewrite Type two check boxes appear a Check the Pop Outer Tag check box to pop the outer VLAN ID tag of the incoming frames that fulfill the match criteria If this check box is unchecked the outer tag of the incoming traffic will not be popped b Check the Pop Inner Tag check box to pop the inner VLAN ID tag of the incoming frames that fulfill the match criteria If this check box is unchecked the inner tag will not be changed Note that if Pop Inner Tag is checked Pop Outer Tag is automatically checked I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 A Chapter4 Managing a FlexUNI EVC Ethernet Service Request HZ Setting the Service Request Detail
12. Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the Filter BPDU check box to specify that the UNI port should not process Layer 2 Bridge Protocol Data Units BPDUs Check the UNI Port Security check box see Figure 9 4 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop
13. Creating an L2VPN Service Request W Figure 8 10 End To End Wire Editor L2VPN Point To Point Service Request Editor oO EndToEndWire Editor Showing 1 1 of 1 records H Add AC Add AC Default e You can enter a description for the service request in the first Description field The description will show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters e You can enter a description for each end to end wire in the Description field provided for each wire The description shows up only in this window The data in this field is not pushed to the device s The maximum length for this field is 256 characters e The ID number is system generated identification number for the circuit e The Circuit ID is created automatically based on the service For example for Ethernet it is based on the VLAN number for Frame Relay it is based on the DLCI for ATM it is based on the VPI VCI Step6 Click Add AC in the Attachment Circuit A1 column The Attachment Tunnel Editor appears See Figure 8 11 Figure 8 11 Select CE for Attachment Circuit L2 PN Point To Point Service Request Editor Attachment Tunnel Editor Select CE po i Note Required Field Step7 Click Select CE The Select CPE window appears See Figure 8 12 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a so
14. This chapter provides information on how to provision a FlexUNI EVC ATM Ethernet Interworking service request It contains the following sections e Overview page 6 1 e Creating a FlexUNI EVC ATM Ethernet Interworking Service Request page 6 2 e Setting the Service Request Details page 6 3 e Modifying the FlexUNI EVC Service Request page 6 23 e Using Templates and Data Files with a FlexUNI EVC Service Request page 6 24 e Saving the FlexUNI EVC Service Request page 6 24 A FlexUNI EVC ATM Ethernet Interworking service request allows you to configure interfaces on an N PE to support the FlexUNI EVC features described in Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy To create a FlexUNI EVC ATM Ethernet Interworking service request a FlexUNI EVC ATM Ethernet Interworking service policy must already be defined as described in Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Based on the predefined FlexUNI EVC policy an operator creates a FlexUNI EVC service request with or without modifications to the policy and deploys the service One or more templates can also be associated to the N PE as part of the service request ATM Ethernet interworking is supported through the following configurations e ATM Transport Mode VC ATM Ethernet Pseudowire ATM ATM Local connect ATM Ethernet Local connect e ATM Transport Mode VP ATM ATM Local connect The following steps are involved
15. e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet1 0 6 GigabitEthernet1 0 7 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FastEthernet1 0 12 FastEthernet1 0 14 U PE N PE vlan 45 ethernet evc service_int exit I interface FastEthernet1 0 12 no ip address switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan 45 I interface FastEthernet1 0 14 no spanning tree bpdufilter enable switchport no keepalive no ip address switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan 45 switchport nonegotiate no shutdown mac access group ISC FastEthernet1 0 14 in mac access list extended ISC FastEthernet1 0 14 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any interface GigabitEthernet1 0 6 no shutdown service instance 5 ethernet service_int encapsulation dotliq 56 l interface GigabitEthernet1 0 7 no shutdown service instance 33 ethernet service_int encapsulation dotiq 45 l connect Customer2_195 GigabitEthernet1 0 7 33 GigabitEthernet1 0 6 5 e The transport type is LOCAL e The user manually provided service_int as the Service Instance Name This is pushed onto the device where the Service Instance IDs are 5 and 33 respectively E Cisc
16. e The Bridge Domain Name attribute only appears if Configure Bridge Domain was enabled in the EVC Service Request Editor window earlier in the service request workflow Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This attribute is unchecked by default Usage notes e The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices e If Use PseudoWireClass is checked an additional attribute Pseudo WireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC e The Use PseudoWireClass attribute is only available if the MPLS core connectivity type was set as PSEUDOWIRE in the Service Options window see Setting the Service Options page 3 8 e Use PseudoWireClass is only applicable for IOS XR devices e The Use PseudoWireClass and PseudoWireClass attributes only appear if Configure Bridge Domain was not enabled in the EVC Service Request Editor window earlier in the service request workflow For L2VPN Group Name choose one of the following from the drop down list e ISC e VPNSC Usage notes e This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a configura
17. switchport l trunk allowed vlan add 452 interface FastEthernet1 0 13 no spanning tree bpdufilter enable switchport no keepalive no ip address ethernet evc Customer1_253 interface GigabitEthernet7 0 0 service instance 3 ethernet Customer1_253 encapsulation dotiq 452 rewrite ingress tag pop 1 symmetric bridge domain 3524 split horizon l interface Vlan3524 switchport no ip address switchport trunk encapsulation dotlq description BD T SVI T Flex switchport mode trunk xconnect 22 22 22 22 52500 encapsulation switchport trunk allowed vlan 452 mpls switchport nonegotiate backup peer 22 22 22 22 52501 no shutdown Comments e None I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a AppendixA Sample Configlets HE FiexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI FlexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI Configuration e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with pseudowire core connectivity bridge domain disables and with Pseudowire on SVI disabled on the N PE e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet7 0 0 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FastEthernet1 0 10 Configlets U PE N PE vlan 545 ethernet evc Customer1_248 exit interface GigabitEthernet
18. Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy HZ Setting the Interface Attributes cdp shutdown threshold Enter the number of packets per second to be received before the interface is shut down cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets Enable vtp Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP vtp shutdown threshold Enter the number of packets per second to be received before the interface is shut down vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets Enable stp Enable Layer 2 tunnelling on Spanning Tree Protocol STP stp shutdown threshold Enter the number of packets per second to be received before the interface is shut down stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Step 13 Check the N PE Pseudo wire on SVI check box to have ISC generate forwarding commands under SVIs switch virtual interfaces By default this check box is not checked In this case ISC generates forwarding commands under the service instance For a FlexUNI link the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute
19. Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request Figure 8 12 CPE for Attachment Circuit Show CPEs with Customer Name 7 matching Showing 1 3 of 3 records Device Hame Customer Hame Site Hame 5 T P pen 1 C c3 Customer1 east Managed 2 C Sy ces Customer1 west Managed 3 C cet3 Customer1 east Managed Rows per page 10 14 q Goto page 1 ot1 DDI 138578 This window displays the list of currently defined CEs a From the Show CPEs with drop down list you can display CEs by Customer Name by Site or by Device Name b You can use the Find button to either search for a specific CE or to refresh the display c You can set the Rows per page to 5 10 20 30 40 or All Step 8 In the Select column choose a CE for the L2VPN link Step9 Click Select Step 10 In the Attachment Tunnel Editor window choose a CE interface from the drop down list Step 11 If only one NPC exists for the Chosen CE and CE interface that NPC is autopopulated in the Circuit Selection column and you need not choose it explicitly If more then one NPC is available click Select one circuit in the Circuit Selection column The NPC window appears enabling you to choose the appropriate NPC Each time you choose a CE and its interface the NPC that was precreated from this CE and interface is automatically displayed under Circuit Selection This means that you do not have to further specify the PE to com
20. Creating an L2VPN Policy Step 4 Step 5 amp Defining an Ethernet ERS EVPL Policy witha CE W e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during L2VPN service request creation Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose an Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Note Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 If the Interface Type is ANY ISC will not ask for an Encapsulation type in the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets t
21. Details Status y Edit Deploy Decommission Purge 211676 The newly created FlexUNI EVC Ethernet service request is added with the state of REQUESTED as shown in the figure Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 423 Chapter4 Managing a FlexUNI EVC Ethernet Service Request W Saving the FlexUNI EVC Service Request Step 2 If however the FlexUNI Ethernet service request creation failed for some reason for example a value chosen is out of bounds you are warned with an error message In such a case you should correct the error and save the service request again Step3 If you are ready to deploy the FlexUNI EVC Ethernet service request see Deploying Service Requests page 11 1 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 424 E OL 21636 01 CHAPTER 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy This chapter contains an overview of FlexUNI EVC ATM Ethernet Interworking support in ISC as well as the basic steps to create a FlexUNI EVC ATM Ethernet Interworking policy It contains the following sections e Overview page 5 1 e Defining the FlexUNI EVC ATM Ethernet Interworking Policy page 5 2 e Setting the Service Options page 5 4 e Setting the ATM Interface Attributes page 5 6 e Setting the FlexUNI Attributes page 5 7 e Setting the Interface Attributes page 5 12 e Enabling Template Association page 5 19 F
22. Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP vtp shutdown threshold Enter the number of packets per second to be received before the interface is shut down vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets Enable stp Enable Layer 2 tunnelling on Spanning Tree Protocol STP stp shutdown threshold Enter the number of packets per second to be received before the interface is shut down stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Step 13 Check the N PE Pseudo wire on SVI check box to have ISC generate forwarding commands under SVIs switch virtual interfaces By default this check box is not checked In this case ISC generates forwarding commands under the service instance For a FlexUNI link the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute Configure with Bridge Domain this is available in the policy workflow in the EVC Policy Editor Service Options window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise the service request will not be created with xconnect under SVI even if N PE Pseudo wire on SVI is enabled Usage notes ISC suppo
23. L2 and VPLS Reports W AC1 CDP Drop Threshold Cisco Discovery Protocol drop threshold in packets second for the first attachment circuit AC1 AC1 VTP Drop Threshold VLAN Trunk Protocol drop threshold in packets second for the first attachment circuit AC1 ACI1 UNI Recovery Interval Recovery interval in seconds of the UNI port for the first attachment circuit AC1 AC1 UNI Speed UNI port speed for the first attachment circuit AC1 AC1 UNI Shutdown Shutdown status of the UNI port for the first attachment circuit AC1 ACI1 UNI PortSecurity Status of UNI port security for the first attachment circuit AC1 AC1 UNI Duplex Duplex status none full half or auto of the UNI port for the first attachment circuit AC1 AC1 Maximum MAC Address Maximum MAC addresses allowed on the UNI port for the first attachment circuit AC1 AC1 UNI Aging Length of time in seconds that MAC addresses can stay in the UNI port security table for the first attachment circuit AC1 AC2 ID Second attachment circuit AC2 identification number AC2 UNI Device Interface UNI device interface of the second attachment circuit AC2 AC2 NPC Named physical circuit for the second attachment circuit AC2 AC2 VLAN ID DLCI VCD The VLAN ID DLCI or VCD of the second attachment circuit AC2 AC2 VPI Virtual path identifier for the first attachment circuit AC2 AC2 VCI Virtual channel identifier for the firs
24. Task Created 2005 09 15 A Job Id 18 Vpn R wy A O 15 01 23 977 Service Deployment 2vpn_ers_vpn3 Single run at 2005 09 15 15 00 00 0 admin Job Id 3 Ypn Vpn Job Id 4 Vpn Service Deployment Job Id 5 Vpn Vpn2 Single run at 2005 09 15 14 21 00 0 admin 2005 09415 3 p Task Crested 2005 09 15 42 44 21 07 05 14 21 02 448 Step2 Click Find to refresh the window The task that is executing will be the first in the list of tasks that being performed in ISC Step3 Choose the task you want to monitor and click Logs The Task Logs window appears See Figure 11 11 Figure 11 11 Task Logs A Stein 2o records W Task Created 2005 09 15 2005 09 15 2005 09 15 Completed ConfigAudit 15 02 11 229 15 02 49 739 15 01 23 977_Thu_Sep_15_15 01 32_PDT_2005_3 successfully Step4 Choose the run time task that you want to monitor and click View Log A window like the one shown in Figure 11 12 appears Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 mN Chapter11 Deploying Monitoring and Auditing Service Requests W Auditing Service Requests Step 5 Step 6 Step 7 Figure 11 12 Task Logs Log Level Info Component Filter Date Level Component Message 2005 09 15 15 02 11 INFO Provisioning ProvDry The argument to the ProvDry are IsProvision false JiTUpload false JobldList 18 targets 2005 09 15 15 02 11 INFO Provisioning ProvDrv Open
25. The policy owner was established when you created customers or providers during ISC setup If the ownership is global the Select function does not appear Choose the Policy Type The choices are e ETHERNET e ATM Ethernet Interworking Note Step 8 Step 9 This chapter describes creating the ATM Ethernet Interworking policy type For information on using the FlexUNI EVC ETHERNET policy type see Chapter 3 Creating a FlexUNI EVC Ethernet Policy Click Next The EVC Policy Editor Service Options window appears as show in Figure 5 2 Continue with the steps contained in the next section Setting the Service Options page 5 4 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy HZ Setting the Service Options Setting the Service Options This section describes how to set the service options for the FlexUNI EVC policy as shown in Figure 5 2 Figure 5 2 EVC Policy Editor Service Options Window EVC Policy Editor Service Options Attribute Value Editable CE Directly Connected To FlexUHI go All Links Terminate On FlexUHI Oo MPLS Core Connectivity Type PSEUDOWIRE Configure With Bridge Domain go Note Required Field Step 2 of 5 j fd 211665 The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who i
26. Tunnel VTP Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP VTP threshold Enter the number of packets per second to be received before the interface is shut down vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets Tunnel STP Enable Layer 2 tunnelling on Spanning Tree Protocol STP STP Threshold Enter the number of packets per second to be received before the interface is shut down Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 9 Creating a VPLS Policy Defining an Ethernet EMS EP LAN Policy withoutaCE W i stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets j Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Step 23 Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to cl
27. VPLS Multipoint ERMS EVP LAN Configuration e Service L2VPN Metro Ethernet VPLS Multipoint ERMS EVP LAN W e Feature VPLS multipoint ERMS EVP LAN e Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF Sup720 3BX L Interface s FA2 18 The U PE is a Cisco 3750ME with IOS 12 2 25 EY1 No port security no tunneling Interface s FA1 0 21 FA1 0 23 VPLS Multipoint VPN with VLAN 767 Configlets U PE N PE vlan 767 12 vfi vpls_ers_1 0 manual exit vpn id 89017 neighbor 99 99 10 9 encapsulation mpls interface FastEthernet1 0 21 neighbor 99 99 5 99 encapsulation mpls no cdp enable no keepalive vlan 767 no ip address exit switchport switchport trunk encapsulation dotlq interface FastEthernet2 18 switchport mode trunk switchport trunk allowed vlan switchport trunk allowed vlan none 350 351 430 630 767 780 783 785 791 switchport trunk allowed vlan 767 switchport nonegotiate interface Vlan767 spanning tree bpdufilter enable no ip address mac access group ISC FastEthernet1 0 21 in description VPLS ERS xconnect vfi vpls_ers_1 0 interface FastEthernet1 0 23 no shutdown no ip address mac access list extended ISc FastEthernet1 0 21 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any Comments e The N PE is a 7600 with OSM or SIP 600 module e The VFI contains all the N PEs neighbors
28. VPLS Policy Editor Attribute Value Policy Hame VplsEtherEmsCe Customer Policy Owner Provider Global Policy F O MPLs Core Type Ethernet Ethernet Relay Multipoint Service ERMS Service Type a Ethernet Multipoint Service EMS CE Present J Note Required Field Step 1 of 3 Pa dt 204787 Perform the following steps Step 1 Click Next The window in Figure 9 29 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 9 Creating a VPLS Policy Step 2 Step 3 Defining an Ethernet EMS EP LAN Policy with a CE W Figure 9 29 Ethernet EMS EP LAN with a CE Policy Attributes VPLS Policy Editor Attribute CE Information Interface Type Interface Format UHI Information Standard UNI Port UNI Shutdown Keep Alive Interface Type for UNI Display ANY UNI UNI MAC Addresses Link Speed Link Duplex VLAN and Other Information PEJUNI Interface Description VLAN ID AutoPick VLAN Name System MTU in bytes Use Existing ACL Name Port Based ACL Name Disable CDP UHI Port Security Protocol Tunnelling Note Required Field Step 2 of 3 Val
29. When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter7 Creating an L2VPN Policy HZ Defining an Ethernet EWS EPL Policy without a CE Defining an Ethernet EWS EPL Policy without a CE This section describes how to define an Ethernet EWS EPL policy without a CE present Figure 7 15 is an example of the first page of this policy Figure 7 15 Ethernet EWS EPL Policy without a CE L2VPN Point To Point Policy Editor Attribute Value Policy Name L2vpnEwsNoCe Customer Policy Owner Provider Global Policy C L2VPN ERS L2VPN EWS Service Type C Frame Relay C ATM CE Present B Note Required Field Step 1 of 2 CS oo eo Perform the following steps Step 1 Click Next The window in Figure 7 16 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 722 E OL 21636 01 Chapter7 Creating an L2VPN Policy Defining an Ethernet EWS EPL Policy withoutaCE W Figure 7 16 Ethernet EWS EPL without CE Policy Attrib
30. e DEFAULT Note Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 When creating a service request based on the Ethernet EMS EP LAN without CE policy the Encapsulation attribute is ignored Therefore setting this value has no effect Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in
31. example e The U PE is a generic Metro Ethernet ME switch e PACL with one user defined entry e BPDUs CDP STP and VTP are tunneled through the MPLS core e Storm control is enabled for unicast multicast and broadcast Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets EWS EPL Hybrid W EWS EPL Hybrid Configuration e Service L2VPN Metro Ethernet e Feature EWS EPL hybrid One side is EWS EPL UNI the other side is ERS EVPL NNI e Device configuration The N PE is a Cisco 7600 with 12 2 18 SXF Sup720 3BXL Interface s FA8 17 The U PE is a Cisco 3750ME with 12 2 25 EY1 No port security with tunneling Interface s FA1 0 20 FA1 0 23 L2VPN point to point Q in Q UNI amp Note The first configlet example is the EWS EPL side UNI The second configlet is the ERS EVPL side NND Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 ESN Appendix A Sample Configlets W EWS EPL Hybrid Configlets EWS Comments U PE N PE system mtu 1522 vlan 775 exit vlan 775 exit interface FastEthernet8 17 x system mtu 1522 1 vlan 775 exit l interface FastEthernet1 0 19 no cdp enable no keepalive switchport switchport access vlan 775 switchport mode dotiq tunnel switchport nonegotiate switchport port security maximum 34 switchp
32. no keepalive no ip address switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan none switchport trunk allowed vlan 788 switchport port security switchport nonegotiate Switchport port security maximum 58 switchport port security aging time 85 switchport port security violation shutdown switchport port security mac address 1252 1254 2544 spanning tree bpdufilter enable mac access group ISC FastEthernet3 23 in 1 mac access list extended Isc FastEthernet3 31 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 deny any host 1234 3234 3432 permit any any 12 vfi attest 226 manual vpn id 226 neighbor 192 169 105 20 encapsulation mpls vlan 200 bridge domain 200 split horizon interface GigabitEtherne4 0 1 no shut service instance 10 ethernet encapsulation dotlq 500 rewrite ingress tag translate 1 to 1 dotlq 222 symmetric Interface vlan 200 xconnect vfi attest 226 e UNI on U PE e The rewrite operation translates the incoming VLAN tag 500 to 222 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC VPLS Core Connectivity no UNI Port Security W FlexUNI EVC VPLS Core Connectivity no UNI Port Security Configuration Service FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with VPLS core co
33. 1 of1 DDI 138385 This window displays the list of currently defined PEs a The Show PEs with drop down list shows PEs by customer name by site or by device name b The Find button allows a search for a specific PE or a refresh of the window c The Rows per page drop down list allows the page to be set to 5 10 20 30 40 or All Step6 In the Select column choose the PE device name for the L2VPN link Step7 Click Select The Service Request Editor window appears displaying the name of the selected PE in the PE column See Figure 8 18 Figure 8 18 Select the UNI Interface L2VPN Point To Point Service Request Editor Attachment Tunnel Editor SRID New Job ID New Policy Name L2vpnErsNoCe Select Topology JFullMesh z Showing 1 1 of 1 records Ea m N PE PE AGG U PE UNI Interface Circuit Selection Circuit Details le m sw2 SelectOne j Petan Select one circuit Circuit Details Rows per page 10 1d q coto page f1 of 1 6 D Dl Add Link Delete Link OK Cancel Note Required Field 8 Step8 Choose the UNI interface from the drop down list S Note When you provision an L2VPN ERS EVPL service when you choose a UNI for a particular device ISC determines if there are other services using the same UNI If so a warning message is displayed If you ignore the message and save the service request all of the underlying service requests lying on the same UNI are synchronized with the modified shared attr
34. 1500 9216 IV PW Tunnel Selection Vv Note Required Field Step 2 0f3 e 204855 Step2 Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Note The Standard UNI Port attribute will be unavailable within service requests based on this policy if the UNI is on an N PE device running IOS XR Note In previous releases the only Layer 2 VPN support for EWS EPL was from EWS EPL to EWS EPL In ISC 4 1 2 and later support is also from EWS EPL to Network to Network Interface NNI as a trunk port To create this new type of service request you need to create an EWS EPL hybrid policy by unchecking the standard UNI flag When using the EWS EPL hybrid policy for service request creation check the Standard UNI Port flag for the EWS EPL side of the connection and uncheck the standard UNI flag for the NNI side of the connection Note In the case of hybrid services UNI on an N PE running IOS XR is not supported E Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 7 Creating an L2VPN Policy Step 3 Step 4 Step 5 Defining an Ethernet EWS EPL Policy witha CE W Choose an Interface Type from the drop down list You can choose a
35. 2 Select where 2 1 translation takes place Auto U PE PE Agg N PE 2 In 2 1 VLAN translation there are three VLANs involved e A The CE VLAN to be translated from You specify this in the From CE VLAN field For out of range translation a value of asterisk character should be provided Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt a OL 21636 01 AppendixC Setting Up VLAN Translation Setting Up VLAN Translation W e B The PE VLAN that is the outer VLAN of the Q in Q port You specify this in the Outer VLAN field You can choose this VLAN manually by entering a value or you can choose the AutoPick check box to have one automatically assigned e C The PE VLAN that the A and B VLANs are translated to You specify this in the WLAN and Other Information section above on the Link Attributes window See Figure C 4 and Figure C 5 You must specify VLAN A the CE VLAN and VLAN C the PE VLAN translated to For VLAN B the Q in Q outer VLAN what to specify depends on the UNI port type e Ifitis an empty port you must specify VLAN B e If itis an existing Q in Q port then VLAN B has been defined and it cannot be changed at this point Some additional comments on 2 1 VLAN translation e For 2 1 VLAN translation if you build an ERS EVPL service on an empty port then this UNI port will be provisioned a
36. Bi Seite act Attributes ID Ac2 Attributes 1D iat Mio l ce3 pe1 Default ce8 pe3 Default Rows per page 10 19 q Goto page 1 of 1 63 DDI Add Link Delete Link Save Cancel Note Required Field Click Save The EWS EPL service request is created and saved in ISC 138579 Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request without a CE Step 1 This section includes detailed steps for creating an L2VPN service request without a CE present for ERS EVPL ATM and Frame Relay policies If you are creating an L2VPN service request for an EWS EPL policy go to Creating an EWS EPL L2VPN Service Request without a CE page 8 16 Perform the following steps Create the L2VPN service request for ERS EVPL without a CE The L2VPN Service Request Editor window appears See Figure 8 15 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request Step 2 Step 3 Step 4 Step 5 Figure 8 15 L2VPN Service Request Editor L2VPN Point To Point Service Request Editor Attachment Tunnel Editor Full Mesh RE E oee O oasen 138383 Choose a Topology from the drop down list If you choose Full Mesh each CE will have direct connections to every other CE If you choose Hub and Spoke then only the Hub CE has connection to each Spoke CE and th
37. Click Select VPN to choose a VPN for use with this service request The Select VPN window appears with the VPNs defined in the system amp Note The same VPN can be used by service requests with LOCAL and PSEUDOWIRE core types If a VPN for a service request is used with VPLS core type the same VPN cannot be used for service requests with LOCAL or PPEUDOWIRE core type Choose a VPN Name in the Select column Click Select The EVC Service Request Editor window appears with the VPN name displayed Check the Configure Bridge Domain check box to determine bridge domain characteristics Usage notes Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Pas D OL 21636 01 _ Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Step 7 Step 8 Step 9 Step 10 Setting the Service Request Details W e If Configure Bridge Domain is checked all links will have the same bridge domain ID allocated from the VLAN pool on the N PE All non FlexUNI links will have the Service Provider VLAN as the bridge domain ID On the other hand if no FlexUNI links are added the Service Provider VLAN will be allocated first and this will be used as the bridge domain ID when FlexUNI links are added e If Configure Bridge Domain is unchecked a maximum of two links that terminate on the same N PE can be added This uses the connect command available in the EVC infrastructure amp Note See the following comment
38. I OL 21636 01 Contents W Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E E Contents Defining a Frame Relay Policy without a CE 7 31 Defining an ATM Policy with a CE 7 33 Defining an ATM Policy without a CE 7 36 CHAPTER 8 Managing an L2VPN Service Request 8 1 Introducing L2VPN Service Requests 8 1 Creating an L2VPN Service Request 8 2 Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request witha CE 8 2 Creating an EWS EPL L2VPN Service Request withaCE 8 8 Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request without a CE 8 11 Creating an EWS EPL L2VPN Service Request withouta CE 8 16 Modifying the L2VPN Service Request 8 20 Saving the L2VPN Service Request 8 26 CHAPTER 9 Creating a VPLS Policy 9 1 Defining a VPLS Policy 9 1 Defining an MPLS ERMS EVP LAN Policy witha CE 9 3 Defining an MPLS ERMS EVP LAN Policy without a CE 9 7 Defining an MPLS EMS EP LAN Policy witha CE 9 11 Defining an MPLS EMS EP LAN Policy without a CE 9 16 Defining an Ethernet ERMS EVP LAN Policy witha CE 9 22 Defining an Ethernet ERMS EVP LAN Policy withouta CE 9 27 Defining an Ethernet EMS EP LAN Policy witha CE 9 32 Defining an Ethernet EMS EP LAN Policy without a CE 9 37 cuapter 10 Managing a VPLS Service Request 10 1 Introducing VPLS Service Requests 10 1 Creating a VPLS Service Request 10 2 Creating a VPLS Service Request witha CE 10 2 Creating a VPLS Service Request with
39. ISC allocates a VC ID for pseudowires from the ISC managed VC ID resource pool In this case the text field for the VC ID option is non editable Step 5 If AutoPick VC ID was unchecked enter a VC ID in the VC ID field Usage notes e The AutoPick VC ID attribute appears during the creation of a FlexUNI EVC pseudowire service request e The VC ID value must be an integer value corresponding to a VC ID e When a VC ID is manually allocated ISC verifies the VC ID to see if it lies within ISC s VC ID pool If the VC ID is in the pool but not allocated the VC ID is allocated to the service request If the VC ID is in the pool and is already in use ISC prompts you to allocate a different VC ID If the VC ID lies outside of the ISC VC ID pool ISC does not perform any verification about whether or not the VC ID allocated The operator must ensure the VC ID is available e The VC ID can be entered only while creating a service If you are editing the service request the VC ID field is not editable Step6 Check the Configure Bridge Domain check box to determine bridge domain characteristics The behavior of the Configure Bridge Domain option works in tandem with the choice you selected in the MPLS Core Connectivity Type option in the FlexUNI EVC policy which in this case is pseudowire core connectivity There are two cases e With FlexUNI If Configure With Bridge Domain is checked the policy will configure pseudowires under SVIs associated to
40. Metro Ethernet e Feature FlexUNI EVC with local connect core connectivity with UNI port security e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GI2 0 0 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Port security is enabled Interface s FA1 14 FA3 23 Configlets U PE N PE vlan 788 Connect Customer_1 GigabitEthernet4 0 1 10 exit GigabitEthernet4 0 10 25 I interface FastEthernet3 23 interface GigabitEtherne4 0 1 no ip address no shut switchport trunk allowed vlan 783 787 788 service instance 10 ethernet encapsulation dotlq 500 interface FastEthernet1 14 rewrite ingress tag push dotiq 555 no cdp enable symmetric no keepalive no ip address interface GigabitEtherne4 0 10 switchport no shut switchport trunk encapsulation dotiq service instance 25 ethernet switchport mode trunk encapsulation dotlq 500 second dotiq 501 switchport trunk allowed vlan none rewrite ingress tag translate 2 to 1 dotliq switchport trunk allowed vlan 788 222 symmetric switchport port security switchport nonegotiate switchport port security maximum 45 switchport port security aging time 34 switchport port security violation shutdown switchport port security mac address 4111 4545 1211 spanning tree bpdufilter enable mac access group ISC FastEthernet3 23 in 1 mac access list extended Isc FastEthernet3 31 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd c
41. Note Required Field You can enter a description for the service request in the first Description field The description will show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters Click Select N PE PE AGG U PE in the N PE PE AGG U PE column The Select PE Device window appears See Figure 10 10 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 10 Managing a VPLS Service Request HI Creating a VPLS Service Request without a CE Step 8 Step 9 Step 10 Figure 10 10 Select PE Device ide pet region_1 N PE 138602 This window displays the list of currently defined PEs a The Show PEs with drop down list shows PEs by customer name by site or by device name b The Find button allows a search for a specific PE or a refresh of the window c The Rows per page drop down list allows the page to be set to 5 10 20 30 40 or All In the Select column choose the PE device name for the VPLS link Click Select The VPLS Link Editor window appears displaying the name of the selected N PE PE AGG U PE in the N PE PE AGG U PE column Choose the UNI interface from the drop down list See Figure 10 11 Figure 10 11 Select the UNI Interface VPLS Service Request Editor Select one circuit Circuit Details Note Required Field GigabitEthemet0 138463 Ci
42. Note Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 When creating a service request based on the Ethernet EMS EP LAN with CE policy the Encapsulation attribute is ignored Therefore setting this value has no effect Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this p
43. Vv Vv None he None gt Vv B Vv Vv B ys sy ys Ee Step2 Choose an Interface Type from the drop down list a q lt Ethernet ERMS EVP LAN without a CE Policy Attributes Editable 211701 You can choose a particular interface on a CE N PE U PE or PE AGG interface based on the service provider s POP design The interfaces are Ethernet FastEthernet GE WAN GigabitEthernet TenGigabitEthernet TenGigE ANY Any interface can be chosen Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 9 Creating a VPLS Policy Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Defining an Ethernet ERMS EVP LAN Policy withoutaCE W The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interface types Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Enter an Interface Format as the slot number
44. WTP threshold Enter the number of packets per second to be received before the interface is shut down f vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets g Tunnel STP Enable Layer 2 tunnelling on Spanning Tree Protocol STP h STP Threshold Enter the number of packets per second to be received before the interface is shut down i stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets j Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The
45. You must define customers and their sites before provisioning L2VPN A customer is a requestor of a VPN service from an ISP Each customer can own many customer sites Each customer site belongs to one and only one Customer and can own many CPEs For detailed steps to create customers see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining VPNs Step 1 Step 2 You must define VPNs before provisioning L2VPN or VPLS In L2VPN one VPN can be shared by different service types In VPLS one VPN is required for each VPLS instance To create a VPN perform the following steps Choose Service Inventory gt Inventory and Connection Manager Click VPNs in the left column The VPNs window appears For detailed steps to create VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Note The VPN in L2VPN is only a name used to group all the L2VPN links It has no intrinsic meaning as it does for MPLS VPN Creating Access Domains For L2VPN and VPLS you create an Access Domain if you provision an Ethernet based service and want ISC to automatically assign a VLAN for the link from the VLAN pool For each Layer 2 access domain you need a corresponding Access Domain object in ISC During creation you select all the N PE devices that are associated with this domain Later one VLAN pool can be created for an Access Domain This is how N PEs are automatically assigned a VLAN Before you begin be sure that
46. created in ISC e The Use PseudoWireClass attribute is only available if the MPLS core connectivity type was set as PSEUDOWIRE in the Service Options window see Setting the Service Options page 5 4 e Use PseudoWireClass is only applicable for IOS XR devices Step 33 Check the AutoPick Bridge Group Name check box to have ISC autopick the bridge group name during service request creation If this check box is unchecked you are prompted to specify a bridge group name during service request creation see the next step Usage notes e This attribute only displays for IOS XR devices e Ifthe AutoPick Bridge Group Name check box is unchecked enter an bridge group name in the Bridge Group Name text field Step 34 Check the AutoPick Bridge Domain VLAN ID check box to have ISC autopick the VLAN ID during service request creation If this check box is unchecked you are prompted to specify a VLAN ID during service request creation see the next step Usage notes e AutoPick Bridge Domain VLAN ID consumes a global VLAN ID on the device e The bridge domain VLAN ID is picked from the existing ISC VLAN pool e The AutoPick Bridge Domain VLAN ID attribute appears for both Cisco 7600 and ASR 9000 devices It will be displayed only for non FlexUNI links Step 35 Ifthe AutoPick Bridge Domain VLAN ID check box is unchecked enter an ID number in the Bridge Domain VLAN ID text field Usage notes e If AutoPick Bridge Domain VLAN ID is che
47. e Chapter 13 Generating L2 and VPLS Reports provides information on how to set up run and format L2 and VPLS reports e Appendix A Sample Configlets provides sample configlets for various network scenarios e Appendix B Working with Templates and Data Files provides information about using templates and data files in ISC policies and service requests e Appendix C Setting Up VLAN Translation provides information on how to set up VLAN translation for L2 VPN ERS services e Appendix D Terminating an Access Ring on Two N PEs describes how to terminate an access ring on two N PEs e Appendix E ISC Layer 2 VPN Concepts provides an overview of the major concepts that structure the ISC L2VPN or VPLS service e Index Related Documentation The entire documentation set for Cisco IP Solution Center can be accessed at http www cisco com en US products sw netmgtsw ps4748 tsd_products_support_series_home html or at http www cisco com go isc Tip To copy and paste a two line URL into the address field of your browser you must copy and paste each line separately to get the entire URL without a break The following documents comprise the ISC documentation set Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 About This Guide General documentation in suggested reading order Cisco IP Solution Center Getting Started and Documentation
48. fulfill the match criteria If this check box is unchecked the outer tag of the incoming traffic will not be popped b Check the Pop Inner Tag check box to pop the inner VLAN ID tag of the incoming frames that fulfill the match criteria If this check box is unchecked the inner tag will not be changed Note that if Pop Inner Tag is checked Pop Outer Tag is automatically checked If Push is the Rewrite Type two text boxes appear a In the text box Outer VLAN ID enter an outer VLAN ID tag that will be imposed on the incoming frames that fulfill the match criteria All service requests created with this setting push a dotlq outer tag on the incoming frames matching the match criteria If a value is not provided the push operation is ignored and not configured on the device b In the text box Inner VLAN ID enter an inner VLAN ID tag that will be imposed on the incoming frames that fulfill the match criteria All service requests created with this setting push a dotlq inner tag on the incoming frames matching the match criteria The Inner VLAN tag cannot be pushed without an Outer VLAN tag That is when pushing an Inner VLAN tag the Outer VLAN tag also must be defined If Translate is the Rewrite Type a Translation Type drop down list appears The choices available in this list vary depending on the setting of the Match Inner and Outer Tags attribute set in a previous step a If the Match Inner and Outer Tags check box is checked
49. gt Named Physical Circuits OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter2 Setting Up the ISC Services W Creating and Modifying Pseudowire Classes for 10S XR Devices Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Click Create The Create a Named Physical Circuit window appears Click Add Ring The Select NPC Ring window appears Choose a ring and click Select The ring appears Click the Select device link to select the beginning of the ring A window appears showing a list of devices Choose the device that is the beginning of the ring and click Select Click the Select device link to choose the end of the ring Choose the device that is the end of the ring and click Select amp Note The device that is the end of the ring in a ring only NPC must be an N PE The Create a Named Physical Circuit window appears showing the Ring Only NPC Click Save to save the NPC to the repository Terminating an Access Ring on Two N PEs ISC supports device level redundancy in the service topology to provide a failover in case one access link should drop This is accomplished through a special use of an NPC ring that allows an access link to terminate at two different N PE devices The N PEs in the ring are connected by a logical link using loopback interfaces on the N PEs The redundant link starts from a U PE device and may optionally inclu
50. policies without CE 9 7 regions 2 3 service providers 2 3 sites 2 4 VPLS policies 9 1 VPNs 2 4 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E W index deploying service requests 11 1 11 2 deploying service requests 11 1 devices configuring device settings 2 2 creating and modifying pseudowire classes for IOS XR devices 2 10 device roles with FlexUNI EVC 3 5 setting loopback addresses on N PE devices 2 2 setting up 1 2 setting up for IOS XR support 2 3 setting up target devices 2 1 direct connect links setting in FlexUNI EVC ATM Ethernet service requests 6 8 setting up in FlexUNI EVC service requests 4 10 documentation obtaining iii xiv enabling template association in FlexUNI EVC ATM Ethernet policies 5 19 ERS multipoint ERS EVP LAN for an Ethernet based provider core E 13 multipoint ERS EVP LAN for an MPLS based provider core E 11 ERS EVPL service requests with CE creating 8 2 without CE creating 8 11 Ethernet ERS EVPL policies with CE defining 7 3 without CE defining 7 9 Ethernet EWS EPL policies with CE defining 7 15 Ethernet EWS EPL policy without CE defining 7 22 Ethernet relay service ERS or EVPL E 5 Ethernet wire service EWS or EPL E 5 EWS multipoint EWS EP LAN for an Ethernet based provider core E 13 multipoint EWS EP LAN for an MPLS based provider core E 11 EWS EPL service requests with CE creating 8
51. request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Note Step 28 Step 29 The PW Tunnel Selection attribute will be unavailable within service requests based on this policy for devices running IOS XR Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 714 E OL 21636 01 _ Chapter 7 Creating an L2VPN Policy Defining an Ethernet EWS EPL Policy witha CE W Defining an Ethernet EWS EPL Policy with a CE Step 1 This section describes defining an Ethernet EWS EPL policy with CE present Figure 7 10 is an example of the first page of this policy Figure 7 10 Ethernet EWS EPL Policy with a CE L2VPN Point To Point Policy Editor Attribute Value Policy Hame L2vpnEwsCe Customer Policy Owner C Provi
52. see the next step e This attribute only appears if the MPLS core connectivity type is set as pseudowire in the FlexUNI EVC policy If you checked the PW Tunnel Selection check box enter the TE tunnel ID in the Interface Tunnel text field ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address During service request creation ISC does not check the validity of the tunnel ID number That is ISC does not verify the existence of the tunnel Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This attribute is unchecked by default Usage notes e The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Peis i OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Setting the Service Request Details W e If Use PseudoWireClass is checked an additional attribute Pseudo WireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously
53. that this N PE talks to e The U PEis a generic Metro Ethernet ME switch The customer BPDUs are blocked by the PACL The VPLS ERMS EVP LAN UNI is the same as the L2VPN point to point ERS EVPL UNI e The SVI interface 767 refers to the global VFI which contains multiple peering N PEs Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g a29 AppendixA Sample Configlets E vpLs Multipoint EMS EP LAN BPDU Tunneling VPLS Multipoint EMS EP LAN BPDU Tunneling Configuration e Service L2VPN Metro Ethernet e Feature VPLS multipoint EMS EP LAN with BPDU tunneling e Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF Sup720 3BXL Interface s FA2 18 The U PE is a Cisco 3750ME with IOS 12 2 25 EY1 No port security no tunneling Interface s FA1 0 12 FA1 0 23 VPLS Multipoint VPN with VLAN 767 Q in Q UNI Configlets U PE N PE system mtu 1522 12 vfi vpls_ews 89019 manual vpn id 89019 errdisable recovery interval 33 neighbor 99 99 8 99 encapsulation mpls 1 I vlan 776 vlan 776 exit exit I interface FastEthernet1 0 12 interface FastEthernet8 17 no cdp enable switchport trunk allowed vlan no keepalive 1 451 653 659 766 768 772 776 878 switchport switchport access vlan 776 interface Vlan776 switchport mode dot1iq tunnel no ip address switchport nonegotiate description VPLS EWS 12protocol tunnel cdp xconnect vfi vpls_ews 89019 12p
54. 1 Dl Note Required Field 204779 As shown in Figure 6 8 the Template Association window lists the devices comprising the link the device roles and the template s data file s associated with the devices In this case the template s data file s have not yet been set up For further instructions on how to associate templates and data files with a service request see Appendix B Working with Templates and Data Files especially the section Using Templates with Service Requests page B 10 Saving the FlexUNI EVC Service Request To save a FlexUNI EVC service request perform the following steps Step 1 When you have finished setting the attributes for the FlexUNI EVC service request click Save to create the service request Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 624 E OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step 2 Step 3 Saving the FlexUNI EVC Service Request W If the FlexUNI EVC service request is successfully created you will see the service request list window similar to what appears in Figure 6 9 Figure 6 9 FlexUNI EVC Service Request Created Service Requests Show Services with Job ID matching f of Type fall Showing 1 2 of 2 records Operation ID Files State Type Type Creator Kama Policy Name Last Modified Description 02 __ REQUESTED evc ADD admin Customer2 58 75108 1 40 PM at le _ RE
55. 1 1 Installing ISC and Configuring the Network 1 1 Configuring the Network to Support Layer 2 Services 1 2 Setting Up Basic ISC Services 1 2 Setting Up Providers Customers and Devices 1 2 Setting Up the N PE Loopback Address 1 3 Setting Up ISC Resources for L2VPN and VPLS Services 1 3 Setting Up NPCs 1 3 Setting Up VPNs 1 3 Working with L2VPN and VPLS Policies and Service Requests 1 4 A Note on Terminology Conventions 1 4 CHAPTER 2 Setting Up the ISC Services 2 1 Creating Target Devices and Assigning Roles N PE or U PE 2 1 Configuring Device Settings to Support ISC 2 2 Configuring Switches in VTP Transparent Mode 2 2 Setting the Loopback Addresses on N PE Devices 2 2 Setting Up Devices for IOS XR Support 2 3 Defining a Service Provider and Its Regions 2 3 Defining Customers and Their Sites 2 4 Defining VPNs 2 4 Creating Access Domains 2 4 Creating VLAN Pools 2 5 Creating a VC ID Pool 2 7 Creating Named Physical Circuits 2 8 Creating NPCs Through an NPC GUI Editor 2 8 Creating a Ring Only NPC 2 9 Terminating an Access Ring on Two N PEs 2 10 Creating NPC Links Through the Autodiscovery Process 2 10 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 ii E Contents Creating and Modifying Pseudowire Classes for IOS XR Devices 2 10 Creating a Pseudowire Class 2 11 Modifying a Pseudowire Class Object 2 12 Configuring the Transport Mode When Pseudowire Classes are Not Supported 2 13 Defining L2
56. 11 Note Several sample reports are provided in the L2 reports folder These reports begin with the title SAMPLE These reports are provided for informational purposes only They are untested and unsupported You might want to use them as a basis for creating your own custom reports For more information see Creating Custom L2 and VPLS Reports page 13 11 The following information is provided for each report e Description or purpose of the report e An illustration of the report window e List of filter values and descriptions e List of output values and descriptions Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P32 E OL 21636 01 Chapter 13 Generating L2 and VPLS Reports L2 and VPLS Reports W L2 End to End Wire Report An L2 end to end wire is a point to point connection containing two attachment circuits The L2 EndtoEndWire report displays the services that are running on L2 end to end connections You can use this report to view all the services and respective attachment circuit attributes for each connection Click the L2 EndtoEndWire Report icon to bring up the window for this report See Figure 13 2 Figure 13 2 L2 EndtoEndWire Report Title fl2 EndtoEndWire Report Chart Type Tabular z EndToEndvire ID F Customer Name F VC ID fo SR Job ID fo Service Type fo SR State SY ACID Ci is AC2 D OoOo O i yO S rting g Field EndToEndwire ID x Ascending z
57. 2 Decommission the service request The negate template will be picked up dynamically The service request remains in the Requested state but changed to an Operation Type of Delete 3 Deploy the service request This decommissions the service request and downloads the negate template which removes the original template commands Viewing Templates from the Service Requests Window In the Service Requests window a paper clip icon appears in the Data Files column if a service request has one or more templates associated with it as shown in Figure B 11 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 B 18 OL 21636 01 Appendix B Working with Templates and Data Files Using Templates with Service Requests i Figure B 11 Service Requests Window with Data Files Column Service Requests Show Services with Job ID matching f of Type all gt Showing 1 4 of 5 records lg oe State Type pe Creator peels Policy Name Last Modified Description clea Ge Oo DEPLOYED YRF MODIFY admin Customer1 None 1218 07 8 19 PM m OOo DEPLOYED MPLS ADD admin MPLS_PE_NO_CE 12 17 07 10 49 PM 3 0 19 cerLoven MPLS MODIFY admin MPLS_PE_NO_CE 1 4 08 2 49 PM 4 M 21 a E DEPLOYED MPLS MODIFY admin Customer MPLS_PE_CE 1708 4 23 PM Rows per page gt 1 q soto page f1 of1 DDI 211652 Note Step 1 Step 2 You can use the Show Services with field to search for service requests that have a specific data or
58. 4 Step 5 Step 6 Step 7 Step 8 Step 9 amp Setting the Service Request Details W Note The same VPN can be used by service requests with LOCAL and PSEUDOWIRE core types If a VPN for a service request is used with VPLS core type the same VPN cannot be used for service requests with LOCAL or PSEUDOWIRE core type Choose a VPN Name in the Select column Click Select The EVC Service Request Editor window appears with the VPN name displayed Check the Configure Bridge Domain check box to determine bridge domain characteristics Usage notes If Configure Bridge Domain is checked all links will have the same bridge domain ID allocated from the VLAN pool on the N PE All non FlexUNI links will have the Service Provider VLAN as the bridge domain ID On the other hand if no FlexUNI links are added the Service Provider VLAN will be allocated first and this will be used as the bridge domain ID when FlexUNI links are added If Configure Bridge Domain is unchecked a maximum of two links that terminate on the same N PE can be added This uses the connect command available in the EVC infrastructure This is only supported for ATM ATM local connect amp Note See the following comments for details on how ISC autogenerates the connect name Because the device only accepts a maximum of 15 characters for the connect name the connect name is generated using the following format CustomerNameTruncatedToMaxPossibl
59. 7 Creating an L2VPN Policy Based on the predefined L2 VPN policy an operator creates an L2 VPN service request with or without modifications to the L2VPN policy and deploys the service Service creation and deployment are normally performed by regular network technicians for daily operation of network provisioning Note Notall of the attributes defined in an L2VPN policy might be applicable to a service request For specific information see L2VPN policy attribute descriptions in Chapter 7 Creating an L2VPN Policy Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 sei Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request The following steps are involved in creating a service request for Layer 2 connectivity between customer sites e Choose a CE Topology for ERS EVPL Frame Relay ATM services e Choose the endpoints CE and PE that must be connected For each end to end Layer 2 connection ISC creates an end to end wire object in the repository for the service request e Choose a CE or PE interface e Choose a Named Physical Circuit NPC for the CE or PE e Edit the end to end connection e Edit the link attributes e Optional Associate templates and data files to devices in the service request Creating an L2VPN Service Request Step 1 Step 2 Step 3 Step 4 Step 5 To create an L2VPN service request perform the following
60. 8 without CE creating 8 16 F FlexUNI EVC device roles with FlexUNI EVC 3 5 features of 3 2 IOS platform support 3 3 IOS XR platform support 3 4 overview of support in ISC 3 1 platform support for FlexUNI EVC in ISC 6 0 3 3 topology overview for FlexUNI EVC 3 5 FlexUNI EVC ATM Ethernet policies creating 5 1 defining 5 2 enabling template association in 5 19 overview 5 1 setting ATM interface attributes in 5 6 setting FlexUNI attributes in 5 7 setting interface attributes in 5 12 setting service attributes in 5 8 setting service options in 5 4 setting VLAN matching criteria attributes in 5 10 setting VLAN rewrite criteria attributes in 5 10 FlexUNI EVC ATM Ethernet service requests creating 6 2 local core connectivity in 6 6 managing 6 1 modifying 6 23 overview 6 1 pseudowire core connectivity 6 3 saving 6 24 setting ATM link attributes 6 18 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 setting direct connect links in 6 8 setting links with L2 access nodes 6 22 setting service request details for 6 3 setting up links to N PEs within 6 8 using templates and data files with 6 24 FlexUNI EVC Ethernet policies defining 3 6 setting FlexUNI attributes in 3 10 setting interface attributes in 3 16 setting service attributes in 3 11 setting service options in 3 8 setting VLAN matching criteria attributes in 3 13 setting VLAN rewrite criteria attributes in 3
61. 9 31 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Figure 9 31 Enable Storm Control UHI Storm Control Unicast Traffic 0 0 100 0 4 Broadcast Traffic 0 0 100 0 m Multicast Traffic 0 0 100 0 G Enable Storm Control xI 138440 Check the Protocol Tunnelling check box see Figure 9 32 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 9 32 Protocol Tunnelling Tunnel CDP CDP Threshold in packets seconds cdp drop threshold Tunnel YTP VTP Threshold in packets seconds vtp drop threshold Tunnel STP STP Threshold in packets seconds stp drop threshold Recovery Interval in seconds Protocol Tunnelling Iv Iv 0 4096 0 4096 Iv 0 4096 0 4096 IV 0 4096 0 4096 30 86400 a lt l lt I a k m wkk m xl 138441 For each protocol that you check enter the shutdown threshold and drop threshold for that protocol b Tunnel CDP Enable Layer 2 tunnelling on Cisco Discover Protocol CDP CDP Thr
62. ANY ISC will not ask for an Encapsulation type in the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how
63. ATM virtual channel identifier VCT a value in the ATM VCI field The value can be from 32 to 65535 Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Use Existing PW Class check box to enable the selection of a pseudowire class This attribute is unchecked by default Usage notes e If Use Existing PW Class is checked an additional attribute Existing PW Class Name appears in the GUI Enter the name of a pseudowire class which already exists in the device e If Use Existing PW Class is checked the PW Tunnel Selection and Interface Tunnel attributes will disappear from the window This is to prevent ISC from generating the pseudowire class e The Use PseudoWireClass attribute is only available if the MPLS core connectivity type was set as PSEUDOWIRE in the Service Options window see Pseudowire Core Connectivity page 6 3 e Use PseudoWireClass is only applicable for IOS XR devices Check the N PE Pseudo wire on SVI check box to have ISC generate forwarding commands under SVIs switch virtual interfaces By default this check box is not checked In this case ISC generates forwarding commands under the service instance For a FlexUNI link the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute Configure with Bridge Domain th
64. C 5 Deleting a Service Request C 5 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 x E Contents Platform Specific Usage Notes C 6 VLAN Translation on the 3750 C 6 VLAN Translation on the 7600 C 6 Failed Service Requests When Hardware Does Not Support VLAN Translation C 6 appennix D Terminating an Access Ring on Two N PEs D 1 Overview D 1 Setting Up an NPC Access Ring with Two N PEs D 3 Using N PE Redundancy in FlexUNI EVC Service Requests D 3 Additional Network Configurations and Sample Configlets D 5 Example 1 Pseudowire Connectivity A D 5 Example 2 Pseudowire Connectivity B D 6 Example 3 Pseudowire Connectivity C D 8 Example 4 VPLS Connectivity D 9 APPENDIX E ISC Layer 2 VPN Concepts E 1 Layer 2 Terminology Conventions E 1 MEF Terminology Conventions E 1 Mapping MEF Terminologies to Network Technologies E 3 ISC Terminology and Supported Network Types E 4 L2VPN Service Provisioning E 5 Point to Point Ethernet EWS and ERS EPL and EVPL E 5 ATM over MPLS ATMoMPLS E 8 Frame Relay over MPLS FRoMPLS E 9 VPLS Service Provisioning E 10 Multipoint EWS EP LAN for an MPLS Based Provider Core E 11 Multipoint ERS EVP LAN for an MPLS Based Provider Core E 11 Topology for MPLS Based VPLS E 11 VPLS for an Ethernet Based L2 Provider Core E 13 Multipoint EWS EP LAN for an Ethernet Based Provider Core E 13 Multipoint ERS EVP LAN for an Ethernet Based Provider Core _E 13 T
65. Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter7 Creating an L2VPN Policy W Defining an ATM Policy without a CE Defining an ATM Policy without a CE This section describes how to define an ATM policy without a CE present Figure 7 26 is an example of the first page of this policy Figure 7 26 ATM Policy without a CE L2VPN Point To Point Policy Editor Attribute Value Policy Hame AtmNoCe Customer Policy Owner C Provider Global Policy C L2VPNERS C L2VPN EWS Service Type C Frame Relay ATM CE Present E Note Required Field Step 1 of 2 lt pack E il gt m 138483 Perform the following steps Step 1 Click Next The window in Figure 7 27 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation Figure 7 27 ATM without CE Policy Attributes L2VPN Point To Point Policy Editor Attribute Value Editable H PE U PE Information Transport Mode VP gy Interface Type ANY Intertace Format UNI Shutdown Ej Vv Use PseudoWireClass r Vv L2VPN Group Name E Line Name O i i OO PW Tunnel Selection 9 L Vv Note Required Field Step 2 of 3 ran 211695 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 7 Creating an L2
66. Circuit AC attributes A policy can be shared by one or more service requests that have similar service requirements The Editable check box gives the network operator the option of making a field editable If the value is set to editable the service request creator can change to other valid values for the particular policy item If the value is not set to editable the service request creator cannot change the policy item You can also associate Cisco IP Solution Center ISC templates and data files with a service request See Appendix B Working with Templates and Data Files for more about using templates and data files in service requests VPLS policies correspond to the one of the core types that VPLS provides e MPLS core type provider core network is MPLS enabled e Ethernet core type provider core network uses Ethernet switches and to one of the service types that VPLS provides e Ethernet Relay Multipoint Service ERMS The Metro Ethernet Forum name for ERMS is Ethernet Virtual Private LAN EVP LAN See Layer 2 Terminology Conventions page E 1 for more information about terms used to denote VPLS services in this guide e Ethernet Multipoint Service EMS The MEF name for EMS is Ethernet Private LAN EP LAN I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter9 Creating a VPLS Policy W Defining a VPLS Policy Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
67. Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter9 Creating a VPLS Policy HZ Defining an MPLS EMS EP LAN Policy with a CE Perform the following steps Step 1 Click Next The window in Figure 9 11 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Figure 9 11 MPLS EMS EP LAN with a CE Policy Attributes VPLS Policy Editor Attribute Value Editable CE Information Interface Type ANY x Interface Format UHI Information Standard UNI Port Vv E UNI Shutdown B Vv Keep Alive E Vv Interface Type for UNI Display ANY Vv UNI Vv UNI MAC Addresses Edit Vv Link Speed None z K Link Duplex None z M VLAH and Other Information PEAN Interface Description po 7 VLAN ID AutoPick Vv Vv VLAN Name Ey System MTU in bytes 1522 1500 9216 M Use Existing ACL Name Ej Port Based ACL Name C O Vv Disable CDP m Vv UHI Port Security r Vv Protocol Tunnelling r Vv Note Required Field Step 2 of 3 g me es e N Step2 Choose an Interface Type from the drop down list You can choose a particular interface on a CE N PE U PE or PE AGG interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of
68. Configlets U PE N PE None Template Content interface Loopback0 description Local LoopbackAddress L2VPNLocal Loopback LocalHostName L2VPNLocalHostName RemoteLoopbackAddress SL2VPNRemot eLoopback RemoteHostName L2VPNRemot eHostName Configlets interface Loopback0 description LocalLoopbackAddress 192 169 105 40 LocalHostName cl test 12 7600 2 RemoteLoopbackAddress 192 169 105 80 RemoteHostName cl test 12 7600 4 Comments e These four variables are supported only on the N PE e The values will be empty for all other device roles U PE PE AGG and CE Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g ais AppendixA Sample Configlets HE EWS EPL Point to Point EWS EPL Point to Point Configuration e Service L2VPN Metro Ethernet e Feature EWS EPL point to point e Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF Sup720 3BXL Interface s FA8 17 The U PE is a Cisco 3750ME with IOS 12 2 25 EY1 No port security no tunneling Interface s FA1 0 20 FA1 0 23 L2VPN point to point Q in Q UNI Configlets U PE N PE system mtu 1522 vlan 774 exit vlan 774 exit interface FastEthernet8 17 switchport trunk allowed vlan interface FastEthernet1 0 20 1 451 653 659 766 768 772 773 774 878 no cdp enable l no keepalive interface Vlan774 switchport no ip address switchport access vlan 774 descr
69. D Terminating an Access Ring on Two N PEs W Using N PE Redundancy in FlexUNI EVC Service Requests Figure D 4 FlexUNI EVC Service Request Editor Page with N PE Redundancy Option FlexUNI EVC Service Request Editor Service Request Details Job ID New SRID New Policy EVC pw VPN evc pw Select VPH z AutoPick VC ID VC ID a Pseudowire Redundancy Oo Backup PWVC ID Configure Bridge Domain Description Click here Direct Connect Links 0 Links O N PE UNI Link Attributes FlexUNI EVC Add Delete Jj Rows per page 10 v 14 q Go to page 1 of 1 DDI Links with L2 Access Nodes 2 Links U PEIPE AGG UNI Circuit Details Link Attributes FlexUNI EVC ce is 3750 GigabitEthemet1 1 1 Detail scind 7609 11 GigabitEthernet7 0 10 Edit v 2 GigabitEthernet1 1 2 v Detail stin GigabitEthernet7 0 1 Edit v add Delete Rows per page 10 v I lt Goto page 1 of GDDI amp Template Save Cancel 3 J N Usage notes e The service is configured on both N PEs of the access ring e Though there are two different N PEs only one access link is consumed e You can modify the configuration redundant N PEs before or after deploying the service request Modified configlets will be generated according to the changes made in service request e The destined N PE device on the NPC used in the service request is treated as the primary N PE The othe
70. E 13 e Multipoint ERS EVP LAN for an Ethernet Based Provider Core page E 13 e Topology for Ethernet Based VPLS page E 13 Multipoint EWS EP LAN for an Ethernet Based Provider Core Multipoint EWS also known as EP LAN in MEF terminology is a service that emulates a point to point Ethernet segment The EWS service encapsulates all frames that are received on a particular User to Network Interface UNI and transports these frames to a single egress UNI without reference to the contents contained within the frame This service operation means that EWS can be used for untagged or VLAN tagged frames and that the service is transparent to all frames offered Because the EWS service is unaware that VLAN tags might be present within the customer frames the service employs a concept of All to One bundling Multipoint ERS EVP LAN for an Ethernet Based Provider Core Multipoint ERS also known as EVP LAN in MEF terminology models the connectivity offered by existing Frame Relay networks by using VLAN indices to identify virtual circuits between sites ERS does however offer a far greater degree of QoS functionality depending upon the service provider s implementation and the customer s acceptance of VLAN indices that are administratively controlled by the service provider Additionally ERS service multiplexing capability offers lower cost of ownership for the enterprise as a single interface can support many virtual interfaces Topology for
71. EPL Q in Q port in case you decide to do 2 1 VLAN translation Even though you have all the ports to start with for VLAN translation you must choose specific types of ports based on the type of VLAN translation More specifically e Forno VLAN translation and 1 1 VLAN translation you must choose an empty port or a trunk port as the UNI e For2 1 VLAN translation you must choose an empty port or a Q in Q port as the UNI port To help determine the proper port to use you can click the Details button on the Attachment Tunnel Editor window to display the port type and associated service with that port The following sections show how the VLAN translation is defined on the Link Attribute window for the different types of VLAN translation No VLAN Translation When you choose no VLAN translation no additional information needs to be provided 1 1 VLAN Translation When you choose 1 1 VLAN translation the window dynamically changes as shown in Figure C 3 Figure C 3 CE VLAN to be Translated From VLAN Translation C No 14 24 i f 1 To 1 Translation CE VLAN 1 4096 B I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix Setting Up VLAN Translation HZ Setting Up VLAN Translation In the empty field you must enter which CE VLAN is to be translated from The VLAN number must be a number from 1 to 4096 The PE VLAN that the CE VLAN is to be translated to can be a
72. EVC For a list of supported template variables see the Devices chapter of the Cisco IP Solution Center Infrastructure Reference 6 0 DCPL Properties There are a few Dynamic Component Properties Library DCPL properties governing templates These DCPL properties affect when a template is applied whether negate templates are appended or prepended whether templates are applied in the case when an service has multiple lines only one of which have been edited etc For documentation on DPLC properties related to templates see the Properties chapter of the Cisco IP Solution Center Infrastructure Reference 6 0 Importing and Exporting Templates ISC provides a mechanism to import and export templates and data files See the Cisco IP Solution Center Infrastructure Reference 6 0 for more information Template and Data File Workflow This section summarizes the basic operations involved in setting up and using templates data files and negate templates in ISC Basic Template Manager Functions e Create templates and negate templates for different configurations e Specify device attributes for the templates e Associate subtemplates to templates if applicable e Create data files for the subtemplates e Create a negate template for each subtemplate e Create data files for the negate templates I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix B Working with Templates
73. Editor L2VPN Point To Point Service Request Editor EndToEndWire Editor SRID New Job ID New Policy Name L2vpnErsNoCe Core Type MPLS vPH Select VPN Description 5 Showing 1 1 of 1 records Ea mi Description Attachment Circuitt AC1 AC1 Attributes Circuit1 ID Attachment Circuit2 AC2 AC2 Attributes Circuit2 ID ile J sw2 pe1 Default pel Default Rows per page fio gt I lt q Goto page 1 of 1 amp 3 DDI Add Link Delete Link Save Cancel Note Required Field 3 Step 15 The VPN for this service request appears in the Select VPN field If there is more than one VPN click Select VPN to choose a VPN Step 16 Specify remaining items in the End to End Wire Editor window as necessary for your configuration e You can choose any of the blue highlighted values to edit the End to End Wire e You can edit the AC link attributes to change the default policy settings After you edit these fields the blue link changes from Default to Changed For more information see the section Modifying the L2VPN Service Request page 8 20 e You can also click Add Link to add an end to end wire e You can click Delete Link to delete an end to end wire amp Note If you are attempting to decommission a service request to which a template has been added see Monitoring Service Requests page 11 10 for information on the proper way to do this e You can enter a description for the service request in the first Description field The description will
74. Ethernet Based VPLS Ethernet based VPLS differs from the point to point L2VPN definitions of EWS EP LAN and ERS EVP LAN by providing a multipoint connectivity model The VPLS service does not map an interface or VLAN to a specific point to point pseudowire but instead it models the operation of a virtual Ethernet switch VPLS uses the customer s MAC address to forward frames to the correct egress UNI within the service provider s network for the EWS EP LAN The EWS EP LAN service emulates the service attributes of an Ethernet switch and learns source MAC to interface associations flooding unknown broadcast and multicast frames Figure E 11 illustrates an EWS EP LAN VPLS topology I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E AppendixE ISC Layer 2 VPN Concepts WE VPLS Service Provisioning Figure E 11 VPLS EWS Topology CH Go 192 168 11 25 24 S 192 168 11 11 24 ie 192 168 11 1 24 aa ie eee Ethernet Core 4 lt qa ae 192 168 11 2 24 io E A 192 168 11 12 24 104080 The Ethernet Relay Service ERS or EVP LAN offers the any to any connectivity characteristics of EWS and the service multiplexing This combination enables a single UNI to support a customer s intranet connection and one or more additional EVCs for connection to outside networks ISPs or content providers Figure E 12 illustrates an ERS EVP LAN VPLS multipoint topolog
75. Ethernet User Guide 6 0 m OL 21636 01 Appendix B Working with Templates and Data Files Using Templates with Service Requests W Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 There is no choice of options to selectively determine templates for U PE and PE AGG devices during the service request workflow Templates are automatically copied from the policy based on the presence of a UNI interface on the devices functioning in U PE and PE AGG roles See the section Selectively Determining Templates for U PE and PE AGG Device Roles page B 9 for more information on this feature Perform the following steps to choose the template s data file s for the device s Click the Add link in Template Datafile column for a device The Add Remove Templates window appears Click the Add button The Template Datafile Chooser window appears Navigate to a template in the folder tree and select it The template is listed in the right side of the GUI along with any data files that are associated with it At this point you can either select an existing data file or click the Create Data File button to create a data file dynamically in the workflow The rest of the steps in this section cover the case of selecting an existing template and data file For instructions on how to create a data file dynamically see the section Creating a Data File in the Service Request Workflow page B 16 Check the check b
76. FRoMPLS a type of AToM e Device configuration The N PE is a Cisco 7200 with IOS 12 0 28 S Interface s ATM2 0 NoCE NoU PE L2VPN point to point ATMoMPLS Configlets U PE N PE None interface Seriali 1 exit 1 connect C1_89001 Serial1 1 135 12transport xconnect 99 99 4 99 89001 encapsulation mpls Comments e The N PE is any MPLS enabled router e L2VPN provisioning is on the serial port for the Frame Relay connection Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g A27 AppendixA Sample Configlets WE Frame Relay DLCI Mode Frame Relay DLCI Mode Configuration e Service L2VPN over a L2TPv3 core e Feature FR in DLCI mode e Device configuration The N PE is a Cisco 7200 with IOS 12 0 28 S Interface s ATM2 0 NoCE NoU PE L2VPN point to point ATMoMPLS Configlets U PE N PE None pseudowire class ISC pw dynamic default encapsulation 12tpv3 ip local interface Loopback10 ip dfbit set 1 interface Serial3 2 encapsulation frame relay exit connect ISC_1054 Serial3 2 86 12transport xconnect 10 9 1 1 1054 encapsulation 12tpv3 pw class ISC pw dynamic default Comments e The N PE is any L2TPv3 enabled router e L2VPN provisioning is on the serial port for the Frame Relay connection Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets
77. FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with local core connectivity for multiple links that terminate on the same local N PE Link 1 terminates on an ATM interface and link 2 terminates on an Ethernet interface e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 0 99 TenGigabitEthernet6 0 0 TenGigabitEthernet6 0 1 N PE 1 ATM Ethernet N A 1 vlan 1001 exit l interface ATM1 0 0 99 point to point no atm enable ilmi trap pvc 99 99 encapsulation aal5snap bridge domain 1001 1 interface TenGigabitEthernet6 0 0 no ip address no mls qos trust service instance 104 ethernet 1 4 _60 encapsulation dotiq 11 rewrite ingress tag pop 1 symmetric bridge domain 1001 I interface TenGigabitEthernet6 0 1 no ip address no mls qos trust service instance 105 ethernet 1 4_60 encapsulation dotiq 12 rewrite ingress tag pop 1 symmetric bridge domain 1001 l e None I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 A AppendixA Sample Configlets WE FiexUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with local core connectivity Multiple links termina
78. FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain A 56 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit no Bridge Domain A 57 aprpennix B Working with Templates and Data Files B 1 Overview B 1 Summary of Template Manager Features B 1 Template and Data File Workflow B 3 Using Templates with ISC Policies B 4 Overview of Template Support in ISC Policies B 4 Associating Templates and Data Files to a Policy B 5 Selectively Determining Templates for U PE and PE AGG Device Roles B 9 Using Templates with Service Requests B 10 Overview of Template Use in Service Requests B 10 Associating Templates to a Service Request B 11 Associating Subtemplates During Service Provisioning B 11 Creating Data Files During Service Request Creation B 12 Using Negate Templates to Decommission Template Configurations B 13 Using Templates and Data Files with Service Requests B 14 Choosing a Template in the Service Request Workflow B 14 Creating a Data File in the Service Request Workflow B 16 Decommissioning Service Requests with Added Templates B 18 Viewing Templates from the Service Requests Window B 18 appPenpix C Setting Up VLAN Translation C 1 VLAN Translation Overview C 1 Setting Up VLAN Translation C 1 Creating a Policy 2 Creating a Service Request C 3 No VLAN Translation C 3 1 1 VLAN Translation 3 2 1 VLAN Translation C 4 Modifying a Service Request
79. ISC as an IOS XR device as follows a Create the Cisco device by choosing Service Inventory gt Inventory and Connection Manager gt Devices gt Create The Create Cisco Device window appears b Set the OS attribute located under Device and Configuration Access Information to IOS_XR amp Note For additional information on setting DCPL properties and creating Cisco devices see the Cisco IP Solution Center Infrastructure Reference 6 0 Create and deploy L2VPN service requests following the procedures in this guide Sample configlets for IOS XR devices are provided in Appendix A Sample Configlets Defining a Service Provider and Its Regions You must define the service provider administrative domain before provisioning L2VPN The provider administrative domain is the administrative domain of an ISP with one BGP autonomous system AS number The network owned by the provider administrative domain is called the backbone network If an ISP has two AS numbers you must define it as two provider administrative domains Each provider administrative domain can own many region objects I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter2 Setting Up the ISC Services HZ Defining Customers and Their Sites For detailed steps to define the provider administrative domain see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining Customers and Their Sites
80. ISC executes the negate template of the previously associated template as well as the newly associated template When a template or negate template is modified the service request does not roll back the configuration changes made earlier through the template When a service request is modified the template command is always deployed See the remaining bullet items for some additional clarifications When a service request is modified without changing template data file information the template commands are not redeployed The only a modification that triggers a change in template data file results is the negation of the old template and the addition of new template commands in the device configlet When the ForceTemplateDeploy DCPL property is turned ON then irrespective of templates being modified if a service request is modified templates are re deployed However negate templates are not necessarily re deployed Negate templates are deployed only when a link attachment circuit in the service request is deleted which implicitly means removing templates associated with the link being deleted as well When the ForceTemplateDeploy DCPL property is turned OFF negate templates are instantiated under the following conditions Deleting or decommissioning a link attachment circuit in a service request Modifying templates for example delete existing templates and adding new ones to a link or deleting only existing ones Rehomin
81. If the check box is unchecked zero or more links can use the FlexUNI EVC feature This ensures that existing platforms can still be used in one or more links while delivering the services This allows the possibility of a link with FlexUNI EVC support being added in the future amp Note Ifthe check box is unchecked in the service request creation process the user must indicate whether or not the created link is FlexUNI or non FlexUNI If no links are expected to use the FlexUNI EVC feature even in the future for example if the provider is not planning to upgrade to the EVC infrastructure for the service that is being created existing ISC policy types L2VPN or VPLS can be used instead of FlexUNI EVC Step3 Choose an MPLS Core Connectivity Type from the drop down list amp Note The core option supports MPLS only There is no L2TPv3 support for this service The choices are PSEUDOWIRE Choose this option to allow connectivity between two N PEs across the MPLS core This option does not limit the service to point to point E Line This is because even with the PSEUDOWIRE option selected there can still be multiple CEs connected to a bridge domain on one or both sides of the pseudowire LOCAL Choose this option for local connect cases in which there is no connectivity required across the MPLS core Local connect supports the following scenarios All interfaces on the N PE are FlexUNI capable and using the EVC inf
82. Iv Pop Inner i Iv Push Inner C Vv Translate Inner r Iv Note Required Field Step 4 of 6 204841 FlexUNI attributes are organized under the following categories e Service Attributes e VLAN Match Criteria e VLAN Rewrite Criteria The following sections describe how to set the options under each category Setting the Service Attributes To set the FlexUNI service attributes perform the following steps Step1 Check the AutoPick Service Instance ID check box to specify that the service instance ID will be autogenerated and allocated to the link during service request creation If the check box is unchecked while setting the ISC link attributes during service request creation ISC will prompt the operator to specify the service instance ID Usage notes e The service instance ID represents an Ethernet Flow Point EFP on an interface in the EVC infrastructure The service instance ID is locally significant to the interface This ID has to be unique only at the interface level The ID must be a value from 1 to 8000 e There are no resource pools available in ISC from which to allocate the service instance IDs e Itis the responsibility of the operator creating the service request to maintain the uniqueness of the ID at the interface level Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Step 2 Ste
83. N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 732 ff OL 21636 01 Chapter7 Creating an L2VPN Policy Defining an ATM Policy wit
84. N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address During service request creation ISC does not check the validity of the tunnel ID number That is ISC does not verify the existence of the tunnel Check the AutoPick Bridge Domain VLAN ID check box to have ISC autopick the VLAN ID during service request creation If this check box is unchecked you are prompted to specify a VLAN ID during service request creation see the next step Usage notes e AutoPick Bridge Domain VLAN ID consumes a global VLAN ID on the device e The bridge domain VLAN ID is picked from the existing ISC VLAN pool If the AutoPick Bridge Domain VLAN ID check box is unchecked enter an ID number in the Bridge Domain VLAN ID text field Usage notes e If AutoPick Bridge Domain VLAN ID is checked this field is non editable e When a VLAN ID is manually allocated ISC verifies the VLAN ID to see if it lies within ISC s VLAN ID pool If the VLAN ID is in the pool but not allocated the VLAN ID is allocated to the service request If the VLAN ID is in the pool and is already in use ISC prompts you to allocate a different VLAN ID If the VLAN ID lies outside of the ISC VLAN ID pool ISC does not perform any verification about whether the VLAN ID allocated The operator must ensure the VLAN ID is available Click OK to save the ATM Ethernet Attributes settings and retur
85. NPC from the Select column Step 11 Click OK Each time you choose a PE and its interface the NPC that was precreated from this PE and interface is automatically displayed under Circuit Selection See Figure 8 20 This means that you do not have to further specify the PE to complete the link Figure 8 20 NPC Created L2VPN Point To Point Service Request Editor Attachment Tunnel Editor SRID New Job ID New Policy Hame L2vpnErsNoCe Select Topology Fun Mesh ia Showing 1 1 of 1 records E N PEPE AGGAU PE UNI Interface Circuit Selection Circuit Details q m sw2 Fast themet0 1 Detail pet Ethernet4 2 Circuit Details Rows per page 10 I q coto page f1 of1 DDI Add Link Delete Link OK Cancel 138388 Note Required Field Step12 If you want to review the details of this NPC click Circuit Details in the Circuit Details column The NPC Details window appears and lists the circuit details for this NPC Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 rei OL 21636 01 Chapter8 Managing an L2VPN Service Request Creating an L2VPN Service Request W Step 13 After you specify all the PEs ISC creates the links between PEs based on the Topology that you chose Step 14 Click OK For ERS EVPL ATM and Frame Relay the End to End Wire Editor window appears See Figure 8 21 Figure 8 21 End to End Wire
86. Name to specify the point to point p2p E line name Usage notes e Tfno value is specified for the E Line Name ISC autogenerates a default name as follows For PSEUDOWIRE core connectivity type the format is DeviceName VC_ID For LOCAL core connectivity type the format is DeviceName VLAN_ID If the default name is more than 32 characters the device names are truncated e E Line Name is only applicable for IOS XR devices Click OK to save the Standard UNI settings and return to the EVC Service Request window The value in the Link Attributes column now displays as Changed signifying that the link settings have been updated You can edit the link attributes now or at a future time by clicking on the Changed link and modifying the settings in the Standard UNI Details window See Modifying the FlexUNI EVC Service Request page 6 23 for details on editing the link attributes To add another link click the Add button and set the attributes for the new link as in the previous steps in this section To delete a link check the check box in the first column of the row for that link and click the Delete button If you want to set up links with L2 access nodes for this service request see Setting Links with L2 Access Nodes page 6 22 When you have completed setting the attributes in the EVC Service Request Editor window click the Save button at the bottom of the window to save the settings and create the FlexUNI EVC service reques
87. No No VLAN translation is performed This is the default e 1 1 1 1 VLAN translation e 2 1 2 1 VLAN translation amp Note For detailed coverage of setting up VLAN translation see Appendix C Setting Up VLAN Translation Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Note Step 28 The PW Tunnel Selection attribute will be unavailable within service requests based on this policy for devices running IOS XR Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally as
88. PortSecurity Status of UNI port security for the second attachment circuit AC2 e AC2 UNI Duplex Duplex status none full half or auto of the UNI port for the second attachment circuit AC2 e AC2 Maximum MAC Address Maximum MAC addresses allowed on the UNI port for the second attachment circuit AC2 e AC2 UNI Aging Length of time in seconds that MAC addresses can stay in the UNI port security table for the second attachment circuit AC2 L2 PE Service Report The L2 PE Service report allows you to choose PEs and display their roles for example N PE U PE or PE AGG and L2 related services that are running on them Click the L2 PE Service Report icon to bring up the window for this report See Figure 13 3 Figure 13 3 L2 PE Service Report Layout Title L2 PE Service Repot iti OS Chart Type Tabular gt Filters Output Fields PE Role fo PE Name PE Name fo Sorting Field PE Role x Ascending gt 138550 Filter Values e PE Role PE device role N PE U PE or PE AGG e PE Name PE device name Output Values e PE Role PE device role N PE U PE or PE AGG e PE Name PE device name e SR ID Service request identification number e SR Job ID Service request job identification number e SR State Service request state amp Note The SR State output does not list service requests in the CLOSED state Service requests in other states are listed as determined by the filt
89. Private LAN EP LAN Ethernet Virtual Private LAN EVP LAN I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter1 Getting Started HZ A Note on Terminology Conventions Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 CHAPTER Setting Up the ISC Services To create L2VPN VPLS and FlexUNI EVC policies and service requests you must first define the service related elements such as target devices VPNs and network links Normally you create these elements once This chapter contains the basic steps to set up the Cisco IP Solution Center ISC services for an L2VPN services It contains the following sections e Creating Target Devices and Assigning Roles N PE or U PE page 2 1 e Configuring Device Settings to Support ISC page 2 2 e Defining a Service Provider and Its Regions page 2 3 e Defining Customers and Their Sites page 2 4 e Defining VPNs page 2 4 e Creating Access Domains page 2 4 e Creating VLAN Pools page 2 5 e Creating a VC ID Pool page 2 7 e Creating Named Physical Circuits page 2 8 e Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 e Defining L2VPN Group Names for IOS XR Devices page 2 14 amp Note This chapter presents high level information on ISC services that are relevant to L2VPN For more detailed information on setting up these and other basic ISC services see the Cis
90. Provider VLAN ID field during service activation Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name Enter the System MTU in bytes I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 BH Chapter9 Creating a VPLS Policy HI Defining an MPLS EMS EP LAN Policy without a CE Step 17 Step 18 Step 19 Step 20 The maximum transmission unit MTU size is configurable and optional ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is not accepted you must adjust the size until the service request is deployed ISC supports ranges for different platforms as specified below The range is 1500 to 9216 e For the 3750 and 3550 platforms the MTU range is 1500 1546 e For the 7600 ethernet port the MTU size is always 9216 Even with the same platform and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 9216 However ISC uses 9216 in both cases e For the 7600 SVI interface VLAN the MTU size is 1500 9216 Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this chec
91. Puts the interface into the error disabled state immediately and sends an SNMP trap notification d In the Secure MAC Addresses field enter one or more Ethernet MAC addresses Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter9 Creating a VPLS Policy Defining an MPLS EMS EP LAN Policy withoutaCE W Figure 9 17 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes o 1440 Violation Action PROTECT v Secure MAC Addresses Edit Step 21 Check the Enable Storm Control check box see Figure 9 18 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Figure 9 18 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 4 v Broadcast Tratfic 0 0 100 0 Mo vr Multicast Traffic 0 0 100 0 vV Step22 Check the Protocol Tunnelling check box see Figure 9 19 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 9 19 Protocol Tunnelling Protocol Tunn
92. R1 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE2 loopback gt lt PrimaryVcId gt encapsulation mpls backup peer lt PE3 loopback gt lt BackupVcId gt PE2 vlan lt S Vlan gt interface lt UNI to R4 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt I interface vlan lt S Vlan gt xconnect lt PE1 loopback gt lt PrimaryVcId gt encapsulation mpls PE3 vlan lt S Vlan gt interface lt UNI to R5 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE1 loopback gt lt BackupVcId gt encapsulation mpls Example 4 VPLS Connectivity Figure D 8 illustrates a network configuration using VPLS connectivity with dual homed N PEs on both sides of the network I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix D Terminating an Access Ring on Two N PEs W Additional Network Configurations and Sample Configlets Figure D 8 I a R1 a I 1 ED E nS PE2 gt Primary Edge gt Secondary Edge m Blocked Segment Data Pseudowire Control Pseudowire Ty 1 7 Y N N NI VPLS Connectivity Dual Homed N PEs on Both Sides of
93. Request is deployed In ISC 6 0 different platforms support different ranges e For the 3750 and 3550 platforms the MTU range is 1500 1546 e For the 7600 ethernet port the MTU size is always 9216 Even with the same platform and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 9216 However ISC 6 0 uses 9216 in both cases e For the 7600 SVI interface VLAN the MTU size is 1500 9216 Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Note Step 28 Step 29 The PW Tunnel Selection attribute will be unavailable
94. Showing 1 2 of 2 records cal VPH Hame Service Type Customer Hame 1 vpls_ews_vpn_1 BAS Customer3 2 C vpls_ews_vpn_2 BAS Customer4 Rows per page 10 I lt q Goto page 1 of 1 G3 DDI 138460 Note Step 3 Step 4 Step 5 Step 6 Step 7 The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this check box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Choose a VPN Name in the Select column Click Select The VPLS Link Editor window appears with the VPN name displayed Click Add Link You specify the U PE PE AGG U PE endpoints using the VPLS Link Editor You can add one or more links from a window like the one in Figure 10 9 Figure 10 9 Select N PE PE AGG U PE VPLS Service Request Editor VPLS Link Editor SRID New Job ID New Policy Hame VplsEwsNoCe i Description F Showing 1 1 of 1 records g N PE PE AGGIU PE UNI Interface Circuit Selection Circuit Details Circuit ID Link Attributes 41 7 Select N PEPE AGG J PE Detail Select one circuit Circuit Details Edit Rows per page 10 1 4 coto page f1 of 1 G3 DDI Add Link Delete Link Save Cancel 138461
95. Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E AppendixE ISC Layer 2 VPN Concepts E L2VPN Service Provisioning This VLAN VC ID mapping lets the service provider reuse VLAN IDs in Access Domains See Figure E 6 Figure E 6 VLAN VC ID Mapping A U PE Fal N_PE1 N_PE2 PE_AGG 101 1 1 a D oes ore MPLS Core VC ID Ge T 200 si Mapping Pe VLAN 200 VLAN 100 VLAN ID to VC ID VLAN ID to VC p S gt a ieee cee Site A SiteB g CE CE The VLAN IDs allocated and used at each access domain do not have to be the same ATM over MPLS ATMoMPLS AAL5 Cell Relay over MPLS With Cisco ATM over MPLS ATMoMPLS Cisco supports ATM Adaptation Layer 5 AALS transport and Cell Relay over MPLS AALS allows you to transport AAL5 PDUs from various customers over an MPLS backbone ATM AALS extends the usability of the MPLS backbone by enabling it to offer Layer 2 services in addition to already existing Layer 3 services You can enable the MPLS backbone network to accept AAL5 PDUs by configuring the provider edge PE routers at both ends of the MPLS backbone To transport AAL5 PDUs over MPLS a virtual circuit is set up from the ingress PE router to the egress PE router This virtual circuit transports the AALS PDUs from one PE router to the other Each AALS PDU is transported as a single packet Cell Relay over MPLS allows you to transport ATM cells from various customers over an MPLS ba
96. Step 7 A policy is a template of most of the parameters needed to define a VPLS service request After you define it a VPLS policy can be used by all the VPLS service requests that share a common set of characteristics You create a new VPLS policy whenever you create a new type of service or a service with different parameters VPLS policy creation is normally performed by experienced network engineers To define a VPLS policy in the Cisco IP Solution Center ISC perform the following steps Choose Service Design gt Policies The Policies window appears Click Create Choose VPLS Policy The VPLS Policy Editor window appears See Figure 9 1 Figure 9 1 Creating a VPLS Policy VPLS Policy Editor Attribute Value Policy Hame Customer Policy Owner Provider CO Global Policy Customer Select A MLS Core Ty i bed Ethernet Ethernet Relay Multipoint Service ERMS Service Type ae Ethernet Multipoint Service EMS CE Present M Note Required Field Step 1 of 3 m fs oy 204780 Enter a Policy Name for the VPLS policy Choose the Policy Owner for the VPLS policy There are three types of VPLS policy ownership e Customer ownership e Provider ownership e Global ownership Any service operator can make use of this VPLS policy This ownership has relevance when the ISC Role Based Access Control RBAC comes into play For example a VPLS policy that is cust
97. Step19 Click Save The service request is created and saved into ISC Creating a VPLS Service Request without a CE This section includes detailed steps for creating a VPLS service request without a CE present In this example the service request is for an VPLS policy over an MPLS core with an EMS EP LAN service type and no CE present Perform the following steps Step 1 Choose the appropriate VPLS policy The VPLS Service Request Editor window appears See Figure 10 7 Figure 10 7 VPLS Service Request Editor VPLS Service Request Editor VPLS Link Editor SRID New Job ID New Policy Name VplsEwsNoCe VPH Select YPN Description H Showing 0 of 0 records in N PE PE AGGIU PE UNI Interface Circuit Selection Circuit Details Circuit ID Link Attributes Rowsperpage 10 I q Goto page 1 of 0 DDI Add Link Delete Link Save Cancel Note Required Field 138459 Step2 Click Select VPN to choose a VPN for use with this PE The Select VPN window appears with the VPNs defined in the system Only VPNs with the same service type ERMS EVP LAN or EMS EP LAN as the policy you chose appear See Figure 10 8 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 ioe OL 21636 01 Chapter 10 Managing a VPLS Service Request amp Creating a VPLS Service Request without a CE Figure 10 8 Select a VPN Show VPNs with VPN Name matching Jvpls
98. TE tunnel I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E AppendixA Sample Configlets HZ ATM Port Mode Pseudowire Class E Line L2VPN Group Name IOS XR Device ATM Port Mode Pseudowire Class E Line L2VPN Group Name IOS XR Device Configuration e Service L2VPN Metro Ethernet e Feature ATM e Device configuration The N PE is a CRS 1 with IOS XR 3 7 or later for ATM service port mode only UNI onN PE Configlets U PE N PE None interface ATM0 1 0 0 description UNIDesc_AC1 l2transport I 12vpn pw class PWClass 1 encapsulation mpls preferred path interface tunnel te 500 fallback disable I xconnect group ISC p2p ELine_AC1 interface ATM0 1 0 0 neighbor 192 169 105 70 pw id 100 pw class PWClass 1 Comments e The N PE is a CRS 1 router e The pseudowire class feature is optional and not configured e The E Line name p2p command and L2VPN Group Name xconnect group command are user configured e Only PORT mode is supported in IOS XR e This PORT mode will not generate any specific command such as pvp or pve on IOS XR devices e The ATM interface is included under xconnect Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets Frame Relay over MPLS W Frame Relay over MPLS Configuration Service L2VPN e Feature Frame Relay over MPLS
99. Templates with ISC Policies W The Template Association window appears with the template s data file s listed as active link s If you have added more than one template data file they appear in a comma separated list of links You can click on any link to return to the Add Remove Templates window in order to edit update the template data file information Check the Edit check box to make the template data file attributes editable in service requests based on the policy To add additional templates data files for a given role to the policy you can click the Add button in the Template Association window and repeat the steps outlined above To delete templates data files that have been associated to the policy check a template data file to choose it Then click the Delete button to delete it from the Template Association window When you are finished associating the template s data file s to the policy click the Finish button in the Template Association window The attributes for the policy are saved and the policy creation or modification is complete Selectively Determining Templates for U PE and PE AGG Device Roles ISC provides the capability to selectively determine which U PE and PE AGG devices for example in a ring environment to apply templates data files During template association in the service policy workflow the U PE and PE AGG device roles have two options to associate templates data files These options are e
100. Tine Hour Min Am Service Requests Showing 1 1 of 1 record Job ID Creator Customer Name Description iE 7 admin Customer1 Rows per page 10 I lt q Goto page f1 of 1 Ga DDI Note Required Field 138606 Step 4 Choose a schedule for the activation of the service Step5 After you schedule the service request click Save After you schedule the service request you can monitor the service request that is being deployed See Verifying Service Requests page 11 3 and Monitoring Service Requests page 11 10 for more information Verifying Service Requests After you deploy a service request you should verify that there were no errors You can verify a service request through the following e Transition state The transition state of a service request is listed on the Service Requests window in the State column When the service request is successfully deployed its state changes to DEPLOYED For more information see Service Request States page 11 4 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 EEN Chapter11 Deploying Monitoring and Auditing Service Requests HI Deploying Service Requests e View service request details From the Service Requests Details window you can view the link endpoints and the configlets for this service request For more information See Viewing Service Request Details page 11 7 e Task Logs Access the task logs from
101. VP Mode page A 25 ATM Port Mode Pseudowire Class E Line L2VPN Group Name IOS XR Device page A 26 Frame Relay over MPLS page A 27 Frame Relay DLCI Mode page A 28 VPLS Multipoint ERMS EVP LAN page A 29 VPLS Multipoint EMS EP LAN BPDU Tunneling page A 30 FlexUNI EVC Pseudowire Core Connectivity UNI Port Security page A 31 FlexUNI EVC Pseudowire Core Connectivity UNI without Port Security with Bridge Domain page A 32 FlexUNI EVC Pseudowire Core Connectivity UNI and Pseudowire Tunneling page A 33 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E AppendixA Sample Configlets WE Overview Overview FlexUNI EVC Pseudowire Core Connectivity UNI and Pseudowire Tunneling page A 33 FlexUNI EVC VPLS Core Connectivity UNI Port Security page A 34 FlexUNI EVC VPLS Core Connectivity no UNI Port Security page A 35 FlexUNI EVC Local Connect Core Connectivity UNI Port Security page A 36 FlexUNI EVC Local Connect Core Connectivity UNI no Port Security Bridge Domain page A 38 FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVD page A 39 FlexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVD page A 40 FlexUNI EVC No AutoPick Service Instance Name No Service Instance Name page A 42 FlexUNI EVC User Provided Service Instance Name Pseudowire Core Connectivity page A 43 FlexUNI EVC Us
102. VPLS VPN Report The VPLS VPN report provides a way to track a VLAN ID and or VFI Name back to the VPN and customer without having to iterate through every link and every VPN service Given a VLAN ID or VFI name the respective customer and VPN details are displayed in the report Click the VPLS VPN Report icon to bring up the window for this report See Figure 13 7 Figure 13 7 VPLS VPN Report Layout Title MPLS YPN Report Chart Type Tabular gt Filters Output Fields VLAN ID Ez Customer Name E VFI Name Access Domain ia Sorting Field VLAN ID x Ascending gt 138554 Filter Values e VLAN ID VLAN identification number e Customer Name Name of the customer e VFI Name Virtual forwarding interface name e Access Domain Access domain name Output Values e VLAN ID VLAN identification number e SR Job ID Service request job identification number e VPN Name of the VPN e Customer Name Name of the customer e Service Type Type of service e VFI Name Virtual forwarding interface name e Access Domain Access domain name e Provider Name Name of the provider Creating Custom L2 and VPLS Reports The reports listed in the ISC GUI in the L2 folder are derived from an underlying configuration file The file is in XML format You can access the file in the following location ISC_HOME resources nbi reports ISC 12_report xml See the Monitoring chapter in Cisco IP Solution Center Infras
103. a 12 2 25 EY4with IOS UNI on N PE UNI on U PE Configlets U PE N PE l vlan 3201 vlan 3301 exit exit interface FastEthernet1 0 2 interface FastEthernet1 0 24 no cdp enable no cdp enable no ip address no ip address duplex auto duplex auto switchport switchport switchport access vlan 3201 switchport access vlan 3301 switchport mode dotigq tunnel switchport mode dotiq tunnel switchport nonegotiate switchport nonegotiate switchport port security aging type switchport port security aging type inactivity inactivity switchport port security maximum 100 switchport port security maximum 100 switchport port security aging time 1000 switchport port security aging time 1000 switchport port security violation protect switchport port security violation protect switchport port security switchport port security storm control unicast level 1 0 storm control unicast level 1 0 storm control broadcast level 50 0 storm control broadcast level 50 0 storm control multicast level 50 0 storm control multicast level 50 0 shutdown shutdown keepalive keepalive spanning tree bpdufilter enable spanning tree bpdufilter enable l interface GigabitEthernet1 0 1 interface Vlan3301 no ip address no ip address switchport xconnect 192 169 105 40 7502 encapsulation switchport trunk encapsulation dotlq mpls switchport mode trunk no shutdown switchport trunk allowed vlan 3201 I Comments None Cisco IP Solution Center L2VPN and Carrier Ethernet Use
104. addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d In the Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 7 17 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes 0 1440 Violation Action PROTECT pee Secure MAC Addresses Edit gt g Step23 Check the Enable Storm Control check box see Figure 7 18 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 726 E OL 21636 01 Chapter7 Creating an L2VPN Policy Defining an Ethernet EWS EPL Policy withoutaCE W Figure 7 18 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 G Iv Br
105. alphabetically Creating Data Files During Service Request Creation The operator can create data files on demand during service request creation If template s are attached to a service policy and no data file s exist for the template s a wizard prompts the operator to enter values for variables If data file s are created on demand during service request creation it is possible to modify any or all of the variables during modification or redeployment of the service request Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Appendix B Working with Templates and Data Files Using Templates with Service Requests i The service request workflow supports dynamic creation of data files as follows e Ifatemplate is marked as non editable in the policy on which the service request is based the operator cannot edit it during service request creation However the name of template and data files are still visible even though they cannot be modified e Ifatemplate is marked as editable in the policy then assuming appropriate RBAC permission the operator can change the template data files during service request creation The following points apply if the template is editable e Ifatemplate is associated with a service policy and at least one data file exists for the template the operator can select the appropriate data file during service request creation e If only one data file e
106. always go through a particular interface s slot port location on all or most of the network devices in the service Choose an Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Note Step 6 Step 7 Step 8 Step 9 If the Interface Type is ANY ISC will not ask for an Encapsulation type in the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is not checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is not checked by default Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 724 E OL 21
107. an L2VPN policy the L2VPN Service Request Editor window appears See Figure 8 1 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Chapter8 Managing an L2VPN Service Request Creating an L2VPN Service Request W Figure 8 1 L2VPN Service Request Editor L2VPN Point To Point Service Request Editor Attachment Tunnel Editor oO Note Required Field g Perform the following steps Step1 Choose a Topology from the drop down list If you choose Full Mesh each CE will have direct connections to every other CE If you choose Hub and Spoke then only the Hub CE has connection to each Spoke CE and the Spoke CEs do not have direct connection to each other amp Note The full mesh and the hub and spoke topologies make a difference only when you choose more than two endpoints For example with four endpoints ISC automatically creates six links with full mesh topology With hub and spoke topology however ISC creates only three links Step2 Click Add Link You specify the CE endpoints using the Attachment Tunnel Editor You can create one or more CEs from a window like the one in Figure 8 2 Figure 8 2 Select CE L2VPN Point To Point Service Request Editor Attachment Tunnel Editor Showing 1 1 of 1 records a Select CE z J Select one circuit Circuit Details fm Note Required Field 8 iu 4 Note All the services that dep
108. and Data Files HI Using Templates with ISC Policies amp e Create a super template and attach subtemplates to it These basic Template Manager functions are documented in the Cisco IP Solution Center Infrastructure Reference 6 0 See that guide for more information on these tasks Policy Level Template Functions e Create a policy and enable template support for the policy e Associate templates and optionally data files to the policy if desired For information on how to associate templates and data files at the policy level see the section Using Templates with ISC Policies page B 4 in this appendix Service Request Level Template Functions Note When a policy is only associated with a template and no data file then during creation of a service request using that policy automatic selection of a data file for that template takes place if the template has only one data file If the template does not have a data file then one must be created for that template and associated to the service request before saving is permitted e Create a service request and associate template s to a link e Deploy the service request on a device for example a 7600 e The subtemplate and corresponding data file for the 7600 are autoselected for deployment e A configlet is generated from the subtemplate e Decommission the service request e The negate template for the subtemplate is autoselected and deployed For informat
109. and FlexUNI EVC User Provided Service Instance Name Local Core Connectivity page A 44 e This attribute is not displayed for IOS XR devices If the AutoPick Service Instance Name check box is not checked enter an appropriate value for the service instance ID in the Service Instance Name field Usage notes e The text string representing the service instance name must be 40 characters or less and contain no spaces Other special characters are allowed e If AutoPick Service Instance Name is unchecked and no service instance name is entered in the text field then ISC does not generate the global ethernet evc evcname command in the device configuration generated by the service request Check the AutoPick Bridge Domain VLAN ID check box to have ISC autopick the VLAN ID for the service request during service request creation If this check box is unchecked the you must specify a bridge domain VLAN ID see the next step Usage notes e AutoPick Bridge Domain VLAN ID consumes a global VLAN ID on the device e The bridge domain VLAN ID is picked from the existing ISC VLAN pool If the AutoPick Bridge Domain VLAN ID check box is unchecked enter an appropriate value in the Bridge Domain VLAN ID field amp Note This configuration applies in conjunction with the Configure Bridge Domain option in the EVC Service Request Editor window If the option is not enabled in that window then AutoPick Bridge Domain VLAN ID check box is redund
110. and sends an SNMP trap notification d Inthe Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 9 8 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes 0 1440 Violation Action PROTECT Secure MAC Addresses K 204776 Check the Enable Storm Control check box see Figure 9 9 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a10 OL 21636 01 Chapter 9 Creating a VPLS Policy Defining an MPLS EMS EP LAN Policy witha CE W Figure 9 9 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 G Iv Broadcast Traffic 0 0 100 0 v Multicast Traffic 0 0 100 0 G Iv 138440 Step23 Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions abou
111. as an uplink with no security features and the window dynamically changes to eliminate items related to port security Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Enter a Link Speed opti
112. be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Choose a Port Type The choices are e Access Port e Trunk with Native VLAN Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B ERMS EVP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter9 Creating a VPLS Policy E Defining an MPLS ERMS EVP LAN Policy without a CE Step 17 Step 18 Step 19 Step 20 Step 21 Step 22 Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Na
113. before the interface is shut down i stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets j Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining an Ethernet ERMS EVP LAN Policy with a CE This section describes defining a VPLS policy with an Ethernet core type and an ERMS EVP LAN ser
114. below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d Inthe Secure MAC Addresses field enter one or more Ethernet MAC addresses Click the Edit button to enter the addresses Figure 9 4 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes j 0 1440 Violation Action PROTECT 7 a Secure MAC Addresses 5 A Check the Enable Storm Control check box see Figure 9 5 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Chapter9 Creating a VPLS Policy Defining an MPLS ERMS EVP LAN Policy withoutaCE W Figure 9 5 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 G Iv Broad
115. bpdufilter enable xconnect group L2VPN_Customer1 Gold_class p2p GoldPkg_AD3 AD7_Customer1 interface GigabitEthernet1 0 1 interface GigabitEthernet0 3 1 1 700 switchport trunk encapsulation dotlq neighbor 192 169 105 30 pw id 1000 switchport trunk allowed vlan 700 pw class PW_AD3 AD7_Customer1 switchport mode trunk keepalive 10 l 1 mac access list extended ISC FastEthernet1 0 2 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0o deny any host 0180 c200 0000 permit any any 1 Comments e The N PE is a CRS 1 with IOS XR 3 7 e The pseudowire class feature is configured with various associated attributes like encapsulation transport mode preferred path and fallback option e The disable fallback option is required for IOS XR 3 6 1 and optional for IOS XR 3 7 and later e The E Line name p2p command and L2VPN Group Name xconnect group command is user configured Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I oL 21636 01 AS AppendixA Sample Configlets E ERS EVPL NBI Enhancements for L2VPN 10S Device ERS EVPL NBI Enhancements for L2VPN IOS Device Configuration e e Feature ERS EVPL e Device configuration Service L2VPN Metro Ethernet The N PE is a 12 2 18 SXF with IOS The U PE is a 12 2 25 EY4with IOS UNI onN PE UNI on U PE Configlets U PE N PE l vlan 3200 vlan 3300 exit exit interface FastEthernet1 0 2 int
116. buttons Create Click to create new access domain Enabled only if you do not select an access domain Edit Click to edit the selected access domain select by checking the corresponding box Enabled only if you select a a single access domain Delete Click to delete the selected access domain select by checking the corresponding box Enabled only if you select one or more access domains Creating VLAN Pools amp For L2VPN and VPLS you create a VLAN pool so that ISC can assign a VLAN to the links VLAN ID pools are defined with a starting value and a size of the VLAN pool A VLAN pool can be attached to an access domain During the deployment of an Ethernet service VLAN IDs can be autoallocated from the access domain s pre existing VLAN pools When you deploy a new service ISC changes the status of the VLAN pool from Available to Allocated Autoallocation gives the service provider tighter control of VLAN ID allocation You can also allocate VLAN IDs manually Note When you are setting a manual VLAN ID on an ISC service ISC warns you if the VLAN ID is outside the valid range of the defined VLAN pool If so ISC does not include the manually defined VLAN ID in the VLAN pool We recommend that you preset the range of the VLAN pool to include the range of any VLAN IDs that you manually assign Create one VLAN pool per access domain Within that VLAN pool you can define multiple ranges Before you begin be s
117. circuit excluding BPDU to another attachment circuit or an emulated VC if the destination MAC address is found in the L2 forwarding table VFI If the destination MAC address is not found or if it is a broadcast multicast packet then it is sent on all other attachment circuits and emulated VCs belonging to the VPLS instance The demultiplexing VLAN tag used to identify a VPLS domain is removed prior to forwarding the packet to the outgoing Ethernet interfaces or emulated VCs because it only has local significance Topology for MPLS Based VPLS From a customer point of view there is no topology for VPLS All the CE devices are connected to a logical bridge emulated by the provider core Therefore the CE devices see a single emulated LAN See Figure E 9 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Bea AppendixE ISC Layer 2 VPN Concepts WE VPLS Service Provisioning Figure E 9 MPLS Based VPLS Topology CE CE Device Point of View Provider Core Emulated LAN i CE 5 CE eS CE 104081 The PE routers must create a full mesh of emulated virtual circuits VCs to simulate the emulated LAN seen by the CE devices Forming a full mesh of emulated VCs simplifies the task of emulating a LAN in the provider core One property of a LAN is to maintain a single broadcast domain That is if a broadcast multicast or unknown unicast packet is received on one of the attachment cir
118. configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 e L2VPN Group Name is only applicable for IOS XR devices Step 19 Enter an E Line Name to specify the point to point p2p E line name Usage notes e Ifno value is specified for the E Line Name in either the policy or the service request based on the policy ISC autogenerates a default name as follows For PSEUDOWIRE core connectivity type the format is DeviceName VC_ID For LOCAL core connectivity type the format is DeviceName VLAN_ID If the default name is more than 32 characters the device names are truncated e E Line Name is only applicable for IOS XR devices Step 20 If you want to enable template association for this policy click the Next button Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Step 21 Enabling Template Association Ml See the section Enabling Template Association page 5 19 for information about this feature To save the FlexUNI EVC policy click Finish To create a service request based on a FlexUNI EVC ATM Ethernet Interworking policy see Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Enabling Template Association Step 1 Step 2 Step 3 The ISC
119. connection on the switched virtual interface of the OSM card Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 720 OL 21636 01 _ Chapter 7 Creating an L2VPN Policy Defining an Ethernet EWS EPL Policy witha CE W This check box is checked by default If the check box is not checked the pseudowire will be provisioned on the subinterface of the PFC card if it is available This option is only available for C76xx devices Note Step 27 Step 28 amp The N PE Pseudo wire On SVI attribute will be unavailable within service requests based on this policy for devices running IOS XR Enter the MTU Size in bytes The maximum transmission unit MTU size is configurable and optional The default size is 9216 and the range is 1500 to 9216 ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is not accepted you must adjust the size until the Service Request is deployed In ISC 6 0 different platforms support different ranges e For the 3750 and 3550 platforms the MTU range is 1500 1546 e For the 7600 ethernet port the MTU size is always 9216 Even with the same platform and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 9216 However ISC 6 0 uses 9216 in both cases e For the 7600 SVI interface VLA
120. customer name VPN name and service request ID service request type VLAN translation type and VLAN ID information If only one NPC exists for the Chosen CE and CE interface that NPC is autopopulated in the Circuit Selection column and you need not choose it explicitly If more then one NPC is available click Select one circuit in the Circuit Selection column The NPC window appears enabling you to choose the appropriate NPC Click OK Each time you choose a CE and its interface the NPC that was precreated from this CE and interface is automatically displayed under Circuit Selection See Figure 8 5 This means that you do not have to further specify the PE to complete the link Figure 8 5 NPC Created L2VPN Point To Point Service Request Editor Attachment Tunnel Editor SRID New Job ID New Policy Hame L2vpnErsCe Select Topology Full Mesh bal Showing 1 1 of 1 records in CE CE Interface Circuit Selection Circuit Details L D ce3 Ethernet0 1 p Detail pet Ethernet4 3 Circuit Details Rows per page 10 v Iq q Goto page 1 of 1 G9 DDI Add Link Delete Link OK Cancel Note Required Field 138487 If you want to review the details of this NPC click Circuit Details in the Circuit Details column The NPC Details window appears and lists the circuit details for this NPC Continue to specify additional CEs as in previous steps ISC creates the links between CEs based on th
121. data files to be used by the service request can be specified in the policy During service request creation templates data files can be added to a device configuration if the operator has the appropriate RBAC permission to do so See the section Choosing a Template in the Service Request Workflow page B 14 for how to choose templates data files in the service request workflow Associating Subtemplates During Service Provisioning All templates can be used by other templates as building blocks The template using other templates is called a super template The template being used is called a subtemplate A new attribute in the Template Editor allows subtemplates to be associated with a super template The super template instantiates all required subtemplates by passing values for the variables in the subtemplate After instantiation the super template puts the configlets generated for the subtemplate into the super template ISC branches templates into subtemplates based on device type line card type port type role type and software versions These optional attributes are set while creating the subtemplates The subtemplates are selected based on the following matching criteria e Only exact matches are recognized for the card type and port type attributes No wild card match is allowed for these attributes e Only an exact match is recognized for the device type attribute e For the software version attribute the match is done for a softwar
122. e For any service instance only one type of rewrite option pop push or translate is allowed per instance For example if pop out is enabled push inner push outer translate inner and translate outer are not available To set the FlexUNI VLAN rewrite criteria attributes perform the following steps Check the Pop Outer check box to pop the outer VLAN ID tag of the incoming frames that fulfill the match criteria If this check box is unchecked the outer tag of the incoming traffic is not popped Check the Pop Inner check box to pop the inner VLAN ID tag of the incoming frames that fulfill the match criteria If this check box is unchecked the inner tag is not popped Note that if Pop Inner is checked Pop Outer is automatically checked Check the Push Outer check box to impose an outer VLAN ID tag onto the incoming frames that fulfill the match criteria If this check box is unchecked no outer tag is imposed on the incoming frames Usage notes e If Push Outer is checked all service requests created with the policy push a dotlq outer tag on the incoming frames matching the match criteria When creating the link during service creation the operator can specify an outer tag with a value from to 4096 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Em OL 21636 01 Chapter3 Creating a FlexUNI EVC Ethernet Policy Setting the FlexUNI Attributes W e This attribute is available regardless of th
123. ensures that none of the switches will operate as VLAN servers and will prevent VLAN information from automatically propagating through the network Setting Up Basic ISC Services After the basic network configuration tasks are completed to support ISC and L2 services you use ISC to define elements in the ISC repository such as providers and regions customers and sites devices VLAN and VC pools NPCs and other resources that are necessary to provision L2 services Detailed steps to perform general ISC tasks are covered in the Cisco IP Solution Center Infrastructure Reference 6 0 You can also find a summary of some important ISC set up tasks in this guide in Chapter 2 Setting Up the ISC Services The information below is a checklist of basic ISC services you must set up before provisioning L2 services Setting Up Providers Customers and Devices Perform the following steps to set up providers customers and devices in the ISC repository These are global resources that can be used by all ISC services 1 Set up service providers and regions The region is important because a single provider could have multiple networks The region is used as a further level of differentiation to allow for such circumstances To create a provider and a region see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Defining a Service Provider and Its Regions page 2 3 Set up customers and customer sites A customer is a reque
124. exit l interface FastEthernet3 23 interface FastEthernet2 18 no ip address switchport trunk allowed vlan switchport trunk allowed vlan 783 787 788 350 351 430 630 777 780 783 785 788 i interface FastEthernet3 31 interface Vlan788 no cdp enable no ip address no keepalive description L2VPN ERS with UNI port no ip address security switchport xconnect 99 99 5 99 89028 encapsulation switchport trunk encapsulation dotliq mpls switchport mode trunk no shutdown switchport trunk allowed vlan none switchport trunk allowed vlan 788 switchport port security switchport nonegotiate switchport port security maximum 45 switchport port security aging time 34 switchport port security violation shutdown switchport port security mac address 3456 3456 5678 spanning tree bpdufilter enable mac access group ISC FastEthernet3 31 in I mac access list extended ISC FastEthernet3 31 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 deny any host 1234 3234 3432 permit any any Comments e The N PE is a 7600 with an OSM or SIP 600 module e The U PE is a generic Metro Ethernet ME switch The customer BPDUs are blocked by the PACL Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 AS AppendixA Sample Configlets HZ ERS EVPL Point to Point UNI Port Security e Various UNI port security commands are provisioned e A user defined PACL entry is added to
125. feed and set content to be delivered directly to your desktop using a reader application The RSS feeds are a free service and Cisco currently supports RSS Version 2 0 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Pov OL 21636 01 Overview CHAPTER 1 Getting Started This chapter provides a road map to help you get started using the L2VPN component in ISC 6 0 It contains the following sections e Overview page 1 1 e Installing ISC and Configuring the Network page 1 1 e Configuring the Network to Support Layer 2 Services page 1 2 e Setting Up Basic ISC Services page 1 2 e Working with L2VPN and VPLS Policies and Service Requests page 1 4 e A Note on Terminology Conventions page 1 4 Before you can use the L2VPN component to provision Layer 2 services L2VPN or VPLS you must complete several installation and configuration steps as outlined in this chapter In addition you should be familiar with basic concepts for ISC and L2VPN or VPLS services The following sections provide a summary of the key tasks you must accomplish to be able to provision L2VPN or VPLS services using ISC You can use the information in this chapter as a checklist Where appropriate references to other sections in this guide or to other guides in the ISC documentation set are provided See the referenced documentation for more detailed information After the basic installation and configuration steps are completed for bot
126. following Cisco IOS command to verify that the VTP mode has changed to transparent Switch Show vtp status Setting the Loopback Addresses on N PE Devices The loopback address for the N PE has to be properly configured for an Any Transport over MPLS AToMPLS connection The IP address specified in the loopback interface must be reachable from the remote pairing PE The label distribution protocol LDP tunnels are established between the two loopback interfaces of the PE pair You set the PE loopback address in the Edit PE device window Access the Edit PE device window in ISC by doing the following steps Step1 Choose Service Inventory gt Inventory and Connection Manager Step2 Choose PE Devices in the Selection window Step3 Choose a specific device and click the Edit button To prevent a wrong loopback address being entered into the system the loopback IP address field on the GUI is read only You choose the loopback address with the help of a separate pop up window which you access by clicking the Select button This ensures that you choose only a valid loopback address defined on the device To further narrow the search you can check the LDPTermination Only check box and click the Select button This limits the list to the LDP terminating loopback interface s Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 22 E OL 21636 01 Chapter 2 Setting Up the ISC Services Defining a Service Provider and
127. gt Inventory and Connection Manager gt Service Requests The Service Requests window appears Choose the service request and click Details The Service Request Details window appears See Figure 11 4 Figure 11 4 Example Service Request Details Window Service Request Details Service Request Details for Job ID 4 Attribute Value Type L2VPN State REQUESTED Operation Type MODIFY Service Request ID 5 Last Modification Time Wed Nov 23 15 21 29 PST 2005 2 PH ServiceType OVPNLERS L2VPH Core Type MPLS EndToEndWire ID 5 Status Message State REQUESTED CID 100 Attachment Circuit ID 7 N PE Name pet N PE Interface Ethernet4 3 20 CE Name ce3 CE Interface Ethernet0 20 VLAN ID 20 Attachment Circuit IN R z Links History Audit v Configlets OK The service request attribute details include the type transition state operation type ID modification history customer and policy name OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 11 Deploying Monitoring and Auditing Service Requests HI Deploying Service Requests Links The service request link details include the link endpoints PE secured interface VLAN ID and whether a CE is present To see this information perform the following steps Step 1 Click Links on the Service Request Details window See Figure 11 4 The Service Request Links window app
128. gt Policies The Policies window appears Click Create Choose FlexUNI EVC Policy The EVC Policy Editor Service Type window appears as shown in Figure 5 1 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Step 4 Step 5 Step 6 Step 7 Defining the FlexUNI EVC ATM Ethernet Interworking Policy i Figure 5 1 EVC Policy Editor Service Type EVC Policy Editor Service Type Attribute Value Policy Name Customer Policy Owner C Provider Global Policy Customer Select ETHERNET Policy Type ATM Ethernet Interworking Note Required Field ext gt ance aT E S E _ Enter a Policy Name for the FlexUNI EVC ATM Ethernet Interworking policy Choose the Policy Owner for the FlexUNI EVC policy There are three types of FlexUNI EVC policy ownership e Customer ownership e Provider ownership e Global ownership Any service operator can make use of this policy This ownership has relevance when the ISC Role Based Access Control RBAC comes into play For example a FlexUNI EVC policy that is customer owned can only be seen by operators who are allowed to work on this customer owned policy Similarly operators who are allowed to work on a provider s network can view use and deploy a particular provider owned policy Click Select to choose the owner of the FlexUNI EVC policy
129. in creating a FlexUNI EVC ATM Ethernet Interworking service request e Choose an existing FlexUNI EVC ATM Ethernet Interworking policy I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request WE Creating a FlexUNI EVC ATM Ethernet Interworking Service Request e Choose a VPN amp Note When working with VPN objects in the context of FlexUNI EVC policies and service requests only the VPN name and customer attributes are relevant Other VPN attributes related to MPLS and VPLS are ignored e Specify a bridge domain configuration if applicable e Specify a service request description e Specify automatic or manual allocation of the VC ID or VPLS VPN ID e Add direct connect links if applicable e Add links with L2 access nodes if applicable e Choose the N PE and UNI interface for links e For links with L2 access nodes choose a Named Physical Circuit NPC if more than one NPC exists from the N PE or the UNI interface e Edit the link attributes e Modify the service request e Save the service request Creating a FlexUNI EVC ATM Ethernet Interworking Service Request Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 To create a FlexUNI EVC ATM Ethernet Interworking service request perform the following steps Choose Service Inventory gt Inventory and Connection Manager gt Service Reque
130. is created automatically based on the service For example for Ethernet it is based on the VLAN number for Frame Relay it is based on the DLCI for ATM it is based on the VPI VCI If the policy was set up for you to define a VC ID manually enter it into the empty VC ID field If policy was set to auto pick the VC ID ISC will supply a VC ID and this field will not be editable In the case where you supply the VC ID manually if the entered value is in the provider s range ISC validates if the entered value is available or allocated If the entered value has been already allocated ISC generates an error message saying that the entered value is not available and prompts you to re enter the value If the entered value is in the provider s range and if it is available then it is allocated and is removed from the VC ID pool If the entered value is outside the provider s range ISC displays a warning saying that no validation could be performed to verify if it is available or allocated You can also click Add Link to add an end to end wire You can click Delete Link to delete an end to end wire Step15 When you are finished editing the end to end wires click Save The service request is created and saved into ISC I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request Creating an EWS EPL L2VPN Servi
131. made when the Named Physical Circuit NPC is created The terminating device on the NPC acts as the primary N PE while the other N PE on the same ring acts as the secondary N PE For backward compatibility ISC continues to support provisioning services without redundant links as in previous releases Note amp N PE redundancy is only supported for FlexUNI EVC services Note MPLS service requests should not be deployed on access rings with two N PEs This might result in errors with the generated configlets Figure D 1 and Figure D 2 show two network topologies which illustrate redundancy starting from a U PE access node Both topologies provide open segments for each uplink starting from the U PE and terminating on the N PE devices The N PEs are logically connected via loopback interfaces Services are configured on both of these Ethernet access links starting from the U PE to two different N PEs I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix D Terminating an Access Ring on Two N PEs WE Overview Figure D 1 N PE Redundancy Starting at the U PE Z S m 6 MPLS Core c U PE m 204824 Figure D 2 N PE and PE AGG Redundancy Starting at the U PE PE AGG 1 N PE 1 6 MPLS Core k k U PE OF PE AGG 2 N PE 2 6 6 The first topology N PE redundancy starting at the U PE as shown in Figure D 1 provides the model of fault reco
132. more information on how to use templates and data files in service requests see Appendix B Working with Templates and Data Files Click Add The Template Data File Chooser window appears In the left pane navigate to and select a template The associated data files are listed in rows in the main window Check the data file that you want to add and click Accept The Add Remove Templates window appears with the template displayed Choose a Template name Under Action use the drop down list and choose APPEND or PREPEND Append tells ISC to append the template generated CLI to the regular ISC non template CLI Prepend is the reverse and does not append the template to the ISC CLI Choose Active to use this template for this service request If you do not choose Active the template is not used Click OK The Link Attributes with the template added appears Click OK The Service Request Editor window appears When you are finished editing the VPLS links click Save Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Ka OL 21636 01 Chapter 10 Managing a VPLS Service Request Using the Bridge Domain ID Attribute W Using the Bridge Domain ID Attribute The Bridge Domain ID attribute appears in the Link Attributes window of some VPLS service request scenarios as shown in Figure 10 15 Figure 10 15 Bridge Domain ID Attribute Link Attributes CAN Attribute Value N PEJ U PE Informat
133. net_mgmt ip_solution_center 6 0 mpls_diagnostics user guide mdeuser html Cisco IP Solution Center MPLS VPN User Guide 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 mpls_vpn user guide mpls60book html Cisco IP Solution Center Traffic Engineering Management User Guide 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 traffic_management user guide tem html Documentation Cisco IP Solution Center API Programmer Guide 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 developer guide api_gd html Cisco IP Solution Center API Programmer Reference 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 developer reference xmlapi zip I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E About This Guide amp Note All documentation might be upgraded over time All upgraded documentation will be available at the same URLs specified in this document Obtaining Documentation and Submitting a Service Request For information on obtaining documentation submitting a service request and gathering additional information see the monthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com en US docs general whatsnew whatsnew html Subscribe to the What s New in Cisco Product Documentation as a Really Simple Syndication RSS
134. on the N PE are involved and both are based on FlexUNI capable line cards In the first case the operator might choose not to configure the bridge domain option In this case the connect command that is used for the local connects are used and the global VLAN is conserved on the device If the operator chooses to configure with the bridge domain option both interfaces are associated to a bridge domain ID so that additional local links can be added to the service in future This consumes a VLAN ID bridge domain ID on the N PE Note Attributes available in subsequent windows of the policy workflow dynamically change based on the choice made for the MPLS Core Connectivity Type PSEUDOWIRE LOCAL or VPLS For completeness all attributes available for the different core types are documented in the following steps Attributes apply to all core types unless otherwise noted I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter3 Creating a FlexUNI EVC Ethernet Policy WE Setting the FlexUNI Attributes Note Also some attributes are supported only on IOS or IOS XR platforms Attributes apply to both platforms unless otherwise noted All platform specific attributes are visible in the policy workflow windows Later when a service request is created based on the policy and specific devices are associated with the service request platform specific attributes are filtered from service
135. one NPC exists for the chosen interface that NPC is autopopulated in the Circuit Details column and you need not choose it explicitly If more then one NPC is available click Select one circuit in the Circuit Selection column The NPC window appears enabling you to choose the appropriate NPC Click OK Each time you choose a PE and its interface the NPC that was set up from this PE and interface is automatically displayed under Circuit Selection This means that you do not have to further specify the PE to complete the link If you want to review the details of this NPC click Circuit Details in the Circuit Details column The NPC Details window appears and lists the circuit details for this NPC For details about editing link attributes adding or deleting links or using the FlexUNI check box see the corresponding steps in the section Setting Direct Connect Links page 4 10 When you have completed setting the attributes in the EVC Service Request Editor window click the Save button at the bottom of the window to save the settings and create the FlexUNI EVC service request If any attributes are missing or incorrectly set ISC displays a warning in the lower left of the window Make any corrections or updates needed based on the information provided by ISC and click the Save button For information on modifying a FlexUNI EVC service request see the section Modifying the FlexUNI EVC Service Request page 4 21 For additional info
136. options for the service request as well as configure directly connected links and links with L2 access nodes The options displayed in first section of the window change depending on the MPLS Core Connectivity Type that was specified in the policy pseudowire or local For clarity each of these scenarios is presented in a separate section below to highlight the different window configurations and behavior of the displayed options Proceed to the appropriate section as determined by the MPLS Core Connectivity Type for the policy e Pseudowire Core Connectivity page 6 3 e Local Core Connectivity page 6 6 Instructions for setting up direct connect links and links with L2 access nodes are presented in later sections Pseudowire Core Connectivity If the MPLS Core Connectivity Type for the FlexUNI EVC ATM Ethernet Interworking policy is PSEUDOWIRE the EVC Service Request Editor window shown Figure 6 1 appears Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 acs Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HI Setting the Service Request Details Figure 6 1 EVC Service Request Details Window for Pseudowire Core Connectivity FlexUNI EVC Service Request Editor Perform the following steps to set the attributes in the first section of the Service Request Details window Note The Job ID and SR ID fields are read only When the service request
137. or IOS XR These attributes are set through a drop down list when setting up the template in Template Manager ISC uses these attributes to automatically select the template data file that most closely matches the device defined within the service request See the section Using Templates with Service Requests page B 10 for additional information Associating Templates at the Policy Level ISC supports the association of templates and data files in policies Selective Determination of Templates for U PE and PE AGG Device Roles For added flexibility ISC allows you to selectively apply templates to U PE and PE AGG devices for example in a ring environment based on whether the devices have a UNI interface Enhanced Subtemplate Support A new attribute in the Template Editor allows subtemplates to be associated with a template ISC supports dynamic instantiation of subtemplates based on device attributes While creating the subtemplates values for these identifiers must be provided by the operator Dynamic Data File Creation The user can create a data file during service request creation and associate it to the template copied from the associated policy This functionality extends data file creation from the Template wizard to doing so directly from the service request wizard Template Association screen In addition you can modify any or all variables that are part of the template date file attached to a service request and apply the upda
138. or more subtemplates ISC displays a message confirming this For information about how templates data files are instantiated when the service is deployed see the information provided in the section Associating Templates to a Service Request page B 11 Creating a Data File in the Service Request Workflow During the final stage of setting the link attributes for a service request the Template Association window appears such as the one shown in Figure B 8 The Template Association window lists the devices comprising the link the device roles and the template s data file s associated with the devices You can choose the template s data file s to be associated with the devices as described in the section Choosing a Template in the Service Request Workflow page B 14 If one of the templates selected in the Template Datafile Chooser window does not have an associated data file or if you would like create a new data file for it you can do this dynamically in the workflow while setting up the service request Perform the following steps to dynamically set up a new data file for a template Step 1 In the Template Association window click the Add link in the Template Datafile column for a device If a template was previously selected for a device click the link for the template name The Add Remove Templates window appears Step2 Click the Add button The Template Datafile Chooser window appears Step3 Navigate to a template in the folde
139. particular interface on a U PE or N PE interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during L2VPN service request creation Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose an Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Note Step 6 Step 7 Step 8 Step 9 If the Interface Type is ANY ISC will not ask for an Encapsulation type in the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on th
140. port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a CE Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI M
141. request windows depending on the device type IOS or IOS XR Step4 Check the Configure With Bridge Domain check box to determine bridge domain characteristics The behavior of the Configure With Bridge Domain option works in tandem with the choice you selected in the MPLS Core Connectivity Type option as follows e PSEUDOWIRE as the MPLS Core Connectivity Type There are two cases A With FlexUNI If Configure With Bridge Domain is checked the policy configures pseudowires under SVIs associated to the bridge domain If Configure With Bridge Domain is unchecked the policy will configure pseudowires directly under the service instance This conserves the global VLAN B Without FlexUNI If Configure With Bridge Domain is checked the policy configures pseudowires as in LZ2VPN services with SVIs If Configure With Bridge Domain is unchecked the policy configures pseudowires directly under subinterfaces Only pseudowires can be either configured directly under service instance of the corresponding FlexUNI capable interface or under SVIs associated to the bridge domain e LOCAL as the MPLS Core Connectivity Type If Configure With Bridge Domain is checked the policy allows either point to point or multipoint local connect services If Configure With Bridge Domain is unchecked ISC allows only point to point local connects without bridge domain e VPLS Configure With Bridge Domain is checked by default
142. ride it e The DCPL property pseudoWireVlanMode acts in a dual way It sets a default value for PseudoWireClass TransportMode to Vlan Inthe absence of a pseudowire class it generates a deprecated command transport mode vlan The transport mode vlan command is a deprecated command in IOS XR 3 6 and later Thus when a pseudowire class is selected for an IOS XR device and the DCPL property is also set to true the transport mode vlan command is not generated Pseudowire class and the transport mode vlan command do not co exist If a pseudowire class is present it takes precedence over the deprecated transport mode vlan command e The value of the DCPL property pseudoWireVlanMode should not be changed during the life of a service request Defining L2VPN Group Names for IOS XR Devices Step 1 Step 2 Step 3 Step 4 Step 5 This section describes how to specify the available L2VPN group names for policies and service requests for IOS XR devices The choices appear in a drop down list of the L2VPN Group Name attribute in policies and service requests The name chosen is used for provisioning the L2VPN group name on IOS XR devices The choices are defined through setting a Dynamic Component Properties Library DCPL property Perform the following steps In ISC navigate to Administration gt Control Center gt Hosts Check a check box for a specific host and click the Config button Navigate to the DCPL property Services Common l
143. saving a FlexUNI EVC service request see Saving the FlexUNI EVC Service Request page 4 23 Using Templates and Data Files with a FlexUNI EVC Ethernet Service Request ISC does not support configuration of all the available CLI commands on a device being managed by the application In order to configure such commands on the devices you can use ISC Template Manager functionality Templates can be associated at the policy level on a per device role basis Templates can be overridden at service request level if the policy level setting permits the operator to do so To associate templates and data files in a service request select any link in the Service Request Editor window and click the Template button at the bottom of the window Note If the template feature has not been enabled in the associated policy then the Template button will not be available for selection The SR Template Association window appears as shown in Figure 4 8 In this window you can associate templates at a per device level Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a22 E OL 21636 01 Chapter4 Managing a FlexUNI EVC Ethernet Service Request Saving the FlexUNI EVC Service Request W Figure 4 8 Sample Templates Association Window Showing 1 2 of 2 records hal Device Name Role Type TemplateData File 1 pet N PE Add 2 sw2 U PE Add of 1 G3 DDI ary Rows per page 10 v I lt q coto page
144. service request you enter several parameters including the specific interfaces on the CE and PE routers and UNI parameters You can also integrate a Cisco IP Solution Center ISC template with a service request You can associate one or more templates to the CE PE or any U PE in the middle To create a service request a service policy must already be defined as described in Chapter 9 Creating a VPLS Policy Based on the predefined VPLS policy an operator creates a VPLS service request with or without modifications to the VPLS policy and deploys the service The service request must be the same service type ERMS EVP LAN or EMS EP LAN as the policy selected Service creation and deployment are normally performed by regular network technicians for daily operation of network provisioning The following steps are involved in creating a service request for Layer 2 connectivity between customer sites Choose a VPLS policy Choose a VPN For more information see Defining VPNs page 2 4 Add a link Choose a CE or UNI interface Choose a Named Physical Circuit NPC if more than one NPC exists from the CE or the UNI interface Edit the link attributes I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 10 Managing a VPLS Service Request HI Creating a VPLS Service Request Creating a VPLS Service Request To create a VPLS service request perform the following steps S
145. show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters e You can enter a description for each end to end wire in the Description field provided for each wire The description shows up only in this window The data in this field is not pushed to the device s The maximum length for this field is 256 characters e The ID number is system generated identification number for the circuit e The Circuit ID is created automatically based on the service For example for Ethernet it is based on the VLAN number for Frame Relay it is based on the DLCI for ATM it is based on the VPI VCI Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I oL 21636 01 a 315 Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request Step 17 When you are finished editing the end to end wires click Save The service request is created and saved into ISC Creating an EWS EPL L2VPN Service Request without a CE Step 1 Step 2 Step 3 Step 4 This section includes detailed steps for creating an L2 VPN service request without a CE present for EWS EPL If you are creating an L2VPN service request for an ERS EVPL ATM or Frame Relay policy see Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request without a CE page 8 11 Create the L2VPN service request for EWS EPL without a CE The L2VPN Service Request
146. template feature gives you a means to download free format CLIs to a device If you enable templates you can create templates and data files to download commands that are not currently supported by ISC To enable template association for the policy click the Next button in EVC Policy Editor Interface Attribute window before clicking Finish The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window To save the FlexUNI EVC ATM Ethernet Interworking policy click Finish To create a service request based on a FlexUNI EVCATM Ethernet Interworking policy see Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy W Enabling Template Association Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Overview CHAPTER Managing a FlexUNI EVC ATM Ethernet Interworking Service Request
147. the Monitoring tab to help you troubleshoot a failed service request or to view more details about a service request For more information see Monitoring Service Requests page 11 10 Service Request States A service request transition state describes the different stages a service request enters during the provisioning process For example when you deploy a service request ISC compares the device information in the Repository the ISC database with the current device configuration and generates a configlet When the configlet is generated and downloaded to the device the service request enters the Pending state When the device is audited the service request enters the Deployed state Figure 11 3 Service Requests States Transition Diagram shows a high level diagram of the relationships and movement among ISC service request states Figure 11 3 Service Requests States Transition Diagram WAIT DEPLOY Transient FAILED DEPLOY FAILED AUDIT BROKEN Automatic CA Add Modify Delete PENDING START Transient DEPLOYED Delete l CA Legend Normal states Error states gt Provisioning transitions PU gt Auditing transitions D Deploy DE Decommission UE User edit Note Service requests in the FAILED AUDIT CA Configuration audit DEPLOYED FUNCTIONAL BROKEN and A FA Functional audit END LOST states return to REQUESTED if they are
148. the Network aon PE3 y r G E EGED les R5 ia PE4 204867 Sample configlets for the devices are provided below PE1 vlan lt S Vlan gt 12 vfi lt VFI ID gt manual vpn id lt S Vlan gt neighbor lt PE2 gt encapsulation mpls neighbor lt PE3 gt encapsulation mpls neighbor lt PE4 gt encapsulation mpls interface vlan lt S Vlan gt xconnect vfi lt VFI ID gt interface lt NNI to R1 gt switchport trunk allowed vlan add lt S Vlan gt PE2 vlan lt S Vlan gt 12 vfi lt VFI ID gt manual vpn id lt S Vlan gt neighbor lt PE1 gt encapsulation mpls neighbor lt PE3 gt encapsulation mpls neighbor lt PE4 gt encapsulation mpls interface vlan lt S Vlan gt xconnect vfi lt VFI ID gt interface lt NNI to R3 gt switchport trunk allowed vlan add lt S Vlan gt Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixD Terminating an Access Ring on Two N PEs PE3 vlan lt S Vlan gt 12 vfi lt VFI ID gt manual vpn id lt S Vlan gt neighbor lt PE1 gt encapsulation mpls neighbor lt PE2 gt encapsulation mpls neighbor lt PE4 gt encapsulation mpls interface vlan lt S Vlan gt xconnect vfi lt VFI ID gt l interface lt NNI to R5 gt switchport trunk allowed vlan add lt S Vlan gt PE4 vlan lt S Vlan gt 12 vfi lt VFI ID gt manual vpn id lt S Vlan gt neighbor lt PE1 gt en
149. the default PACL Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt a OL 21636 01 AppendixA Sample Configlets ERS EVPL 1 1 VLAN Translation Configuration Configlets e Service L2VPN Metro Ethernet ERS EVPL 1 1 VLAN Translation e Feature ERS EVPL with 1 1 VLAN translation e Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF Sup720 3BXL Interface s FA8 34 The U PE is a Cisco 3750ME with IOS 12 2 25 EY1 VLAN translation on the NNI port uplink Interface s FA1 0 8 GI1 1 1 L2VPN point to point U PE N PE vlan 778 vlan 123 exit exit interface FastEthernet8 34 interface FastEthernet1 0 8 switchport no cdp enable switchport trunk encapsulation dotlq no keepalive switchport mode trunk no ip address switchport trunk allowed vlan 1 778 switchport trunk allowed vlan 123 switchport nonegotiate interface Vlan778 switchport port security maximum 34 no ip address switchport port security aging time 23 description L2VPN ERS 1 to 1 vlan switchport port security violation protect translation switchport port security xconnect 99 99 8 99 89032 encapsulation spanning tree bpdufilter enable mpls mac access group ISC FastEthernet1 0 8 in no shutdown I interface GigabitEthernet1 1 1 no ip address switchport mode trunk switchport trunk allowed vlan 1 123 switchport vlan mapping 123 778 Comments e VLAN translation is only
150. the drop down list The choices are e VP Virtual path mode This is the default e VC Virtual circuit mode e PORT Port mode Only supported for the IOS XR 3 7 platform amp Note If you choose PORT as the transport mode the attributes ATM VCD Sub interface and ATM VPI will be disabled in the Link Attributes window of the service request based on this policy Choose the CE Interface Type from the drop down list The choices are e ANY e ATM e Switch Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a CE Encapsulation The choices are e AALSSNAP e AALSMUX e AALS5NLPID e AAL2 Note Step 6 Step 7 Step 8 If the Interface Type is ANY ISC will not ask for an Encapsulation type in the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This attribute is only applicable for IOS XR devices If the check box is checked an additional at
151. the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Check the VC ID AutoPick check box if you want ISC to choose a VC ID If you do not check this check box you will be prompted to provide the VC ID in a VC ID field during service activation Check the Use PseudoWireClass check box to enable the selection of a pseudowire class
152. to associate with the policy Both scenarios are supported Navigate to a template in the folder tree and click it to select it The template is listed in the right side of the GUI along with any data files that are associated with it as shown in Figure B 5 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix B Working with Templates and Data Files HI Using Templates with ISC Policies Step 7 Figure B 5 Template Datafile Chooser Window with Template and Data File Listed Template DataFile Chooser HD Certificate Template AccessList JE D1A Channelization 3 Examples Show Data Files Name matching Show iE AccessList B Showing 1 1 of 1 records f EB AccessList1 ia 1 i TA aes zj E cEwancos mE T Config RES InSRUse In Policy Use f E Configure_PE_as_ASBR_VPN_S 1 M Aci2000 View No No i B Configure_PE_as_ASBR_non_V i E Remove_PE_as_ASBR_VPN_Sp 10 7 Goto page 1 of 1 Pages Go SE Remove_PE_as_ASBR_non_F Rows per page 0 14 q o bd dl J Firewall Psec ans Accept Cancel Imas JG interfaces Check the check box to the left of a data file name and click the Accept button Note Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 You can select only the template or both template and data file at this stage depending on your needs and whether or not a data file exists for the template The Template Datafile Chooser
153. total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Figure 9 36 Enable Storm Control UHI Storm Control Unicast Traffic 0 0 100 0 Broadcast Traffic 0 0 100 0 Multicast Traffic 0 0 100 0 Enable Storm Control Iv m m m 138440 Check the Protocol Tunnelling check box see Figure 9 37 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 9 37 For Protocol Tunnelling Tunnel CDP CDP Threshold in packets seconds cdp drop threshold Tunnel TP YTP Threshold in packets seconds vtp drop threshold Tunnel STP STP Threshold in packets seconds stp drop threshold Recovery Interval in seconds Protocol Tunnelling Iv Iv 0 4096 0 4096 Iv 0 4096 0 4096 Iv 0 4096 0 4096 30 86400 a lt I xI a lt 1 Sime ke 138441 each protocol that you check enter the shutdown threshold and drop threshold for that protocol Tunnel CDP Enable Layer 2 tunnelling on Cisco Discover Protocol CDP CDP Threshold Enter the number of packets per second to be received before the interface is shut down cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets
154. translation occurs on a ring that is made of 3750 PEs all the 3750s use the ES port as uplink ports the east and west ports to connect other ring nodes VLAN Translation on the 7600 Be aware of the following points when performing VLAN translation on the 7600 e 1 1 VLAN translation always occurs on the UNI port However not every Ethernet interface will support 1 1 VLAN translation Such support is dependent on the line card e 2 1 VLAN translation always occurs on the GE WAN port The port must be an NNI uplink port e 2 1 VLAN translation only occurs on a 7600 that is a U PE or a PE AGG not an N PE The reason is when the 2 1 VLAN translation is performed on the GE WAN interface this interface can no longer perform L3VPN and L2VPN service using the translated new VLAN The L3 L2VPN service has to be provisioned on another N PE box Failed Service Requests When Hardware Does Not Support VLAN Translation For the 1 1 VLAN translation feature a service request goes to the Fail Deployed state if the target hardware line card does not support the VLAN translation The reason the service request goes to the Fail Deployed state instead of Invalid is that ISC does not know beforehand whether a particular line card will accept or reject the VLAN translation CLI commands In this case ISC attempts to push down the commands and the deployment fails An Invalid status means ISC detects something wrong in advance and aborts the p
155. vlan 775 exit interface FastEthernet1 0 19 no cdp enable no keepalive switchport switchport switchport switchport switchport switchport switchport switchport access vlan 775 mode dotliq tunnel nonegotiate port security maximum 34 port security aging time 32 port security violation shutdown port security 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel 12protocol tunnel cdp stp vtp shutdown threshold shutdown threshold shutdown threshold drop threshold cdp drop threshold stp drop threshold vtp cdp 88 stp 99 vtp 56 56 64 34 storm control unicast level 34 0 storm control broadcast level 23 0 storm control multicast level 12 0 Comments spanning tree portfast spanning tree bpdufilter enable mac access group ISC FastEthernet1 0 19 in interface FastEthernet1 0 23 no ip address switchport trunk allowed vlan 774 775 787 788 I mac access list extended ISC FastEthernet1 0 19 no permit any any deny any host 3456 3456 1234 permit any any vlan 775 exit interface FastEthernet8 17 switchport trunk allowed vlan 1 451 653 659 766 768 772 773 775 878 interface Vlan775 no ip address description L2VPN EWS xconnect 99 99 8 99 89029 encapsulation mpls no shutdown e The N PE is a 7600 with an OSM or SIP 600 module Provisioning is the same as the ERS EVPL
156. window closes and the selected template data file appears listed in the Add Remove Templates window as show in Figure B 6 Figure B 6 Add Remove Templates Window with Template Listed Showing 1 1 of 1 record 1 7 xamples AccessList Acl2000 APPEND M Rows per page 10 gt Id q cote page f1 of1 Dbl ats Remove 211682 If you did not choose a data file then the Datafile column is blank Check the check box to the left of the template name to choose the template Under Action use the drop down list and choose APPEND or PREPEND Append tells ISC to append the template generated CLIs to the regular ISC non template CLIs configlet Prepend is the reverse adds the template to the beginning of the configlet Choose Active to use this template for service requests based on this policy If you do not choose Active the template is not used To associate additional templates data files with the policy click Add in the Add Remove Templates window and repeat the appropriate steps to add other templates data files To remove a template row from the window check a template and click the Remove button to remove the template from the list When you are satisfied with the selections in the Add Remove Templates window click OK Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Appendix B Working with Templates and Data Files Step 14 Step 15 Step 16 Step 17 Using
157. with Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Da g OL 21636 01 Appendix D Terminating an Access Ring on Two N PEs Additional Network Configurations and Sample Configlets W the N PE of the single homed ring and the secondary PW will connect the secondary N PE of the dual homed ring with the N PE of the single homed ring ISC will issue a warning message if you try to save the service request without enabling the Pseudowire Redundancy option Additional Network Configurations and Sample Configlets This section provides additional network scenarios for reference along with sample configlets for associated network devices Example 1 Pseudowire Connectivity A Figure D 5 illustrates a network configuration with pseudowire connectivity with dual homed N PEs on both sides of the network and with pseudowire redundancy Figure D 5 Pseudowire Connectivity Dual Homed N PEs on Both Sides of the Network with Pseudowire Redundancy amis a a aa i ee i T n i w Primary Edge y Secondary Edge m Blocked Segment Data Pseudowire Ei Control Pseudowire Primary VC ID Backup VC ID 204864 Sample configlets for the devices are provided below Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 g Ds Appendix D Terminating an Access Ring on Two N PEs HI Additional Network Configurations and Sa
158. with IOS 12 2 25 EY2 Interface s FastEthernet1 0 10 U PE N PE l vlan 452 vlan 3524 exit exit interface FastEthernet1 0 10 ethernet evc ServiceInst no ip address 4 switchport trunk allowed vlan add 452 interface GigabitEthernet7 0 0 service instance 3 ethernet ServiceInst interface FastEthernet1 0 13 encapsulation dotlq 452 no spanning tree bpdufilter enable rewrite ingress tag pop 1 symmetric switchport bridge domain 3524 split horizon no keepalive no ip address interface Vlan3524 switchport no ip address switchport trunk encapsulation dotlq description BD T SVI T Flex switchport mode trunk xconnect 22 22 22 22 52500 encapsulation switchport trunk allowed vlan 452 mpls switchport nonegotiate backup peer 22 22 22 22 52501 mac access group ISC FastEthernet1 0 13 in no shutdown Comments e The transport type is PPREUDOWIRE e The user manually provided ServiceInst as the Service Instance Name This is pushed onto the device where the Service Instance ID is 3 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I oL 21636 01 g aas AppendixA Sample Configlets HI FiexUNI EVC User Provided Service Instance Name Local Core Connectivity FlexUNI EVC User Provided Service Instance Name Local Core Connectivity Configuration Configlets Comments e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with local core connectivity and a user provided service instance name
159. within service requests based on this policy for devices running IOS XR Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish Defining a Frame Relay Policy with a CE This section describes how to define a Frame Relay policy with CE present Figure 7 20 is an example of the first page of this policy Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 7 28 OL 21636 01 Chapter7 Creating an L2VPN Policy Defining a Frame Relay Policy witha CE Ml S Note Frame Relay policies are not supported for devices running IOS XR Figure 7 20 Frame Relay Policy with a CE L2 VPN Point To Point Policy Editor Attribute Value Policy Hame FrameRelayCe Customer Policy Owner Provider ce e Global Policy L2VPN ERS L2VPN EWS oe e Service Mae Frame Relay ATM 4 CE Present xI Note Required Field Step 1 of 2 cnc 138484 Perfo
160. 01 _ Chapter 8 Managing an L2VPN Service Request Step 6 Step 7 Figure 8 32 Link Attributes Value Link Attributes Window Attribute PE Information pet Interface Name Ethernet43 Standard UNI Port Vv PE UNI Interface Description Encapsulation DOTIQ CE Information ce3 Interface Name Ethernet0 1 Encapsulation DOTIQ E IP Address with Mask X X X xdKX UNI Shutdown Bj Keep Alive m VLAN and Other Information VLAN ID AutoPick Vv VLAN Name Link Speed None gt Link Duplex None z Use Existing ACL Hame E Port Based ACL Name l UNI MAC Addresses Edit UHI Port Security im T H PE Pseudo wire on svi M VLAN Translation No C144 24 a PW Tunnel Selection M Interface Tunnel 0 2147483647 Device Hame Role Templates ces MANAGED Add pet N PE Add Note Required Field Edit any of the link attributes as desired To add a template and data file to an attachment circuit choose a Device Name and click Add under Templates The Add Remove Templates window appears See Figure 8 33 OK Cancel Modifying the L2VPN Service Request 138581 Note To add a template to an attachment circuit you must have already created the template For detailed steps to create templates see the Cisco IP Solution Center Infrastructure Reference 6 0 For more information on how to use templates and data files in service requests see Appendix B Working with Templates and Data F
161. 1 1 1 VLAN translation e 2 1 2 1 VLAN translation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 aie OL 21636 01 _ Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Step 28 Step 29 Setting the Service Request Details W amp Note For detailed coverage of setting up VLAN translation see Appendix C Setting Up VLAN Translation This attribute is not displayed for IOS XR devices Check the N PE Pseudo wire on SVI check box to have ISC generate forwarding commands under S VIs switch virtual interfaces By default this check box is not checked In this case ISC generates forwarding commands under the service instance For a FlexUNI link the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute Configure with Bridge Domain this is available in the service request workflow in the EVC Service Request Editor window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise the service request will not be created with xconnect under SVI even if N PE Pseudo wire on SVI is enabled Usage notes e Fora FlexUNI link the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute Configure with Bridge Domain in the EVC Service Request Editor window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise
162. 1 VLAN translation on the 3750 C 6 VLAN translation on the 7600 C 6 VPLS connectivity in FlexUNI EVC service requests 4 5 for an Ethernet based L2 provider core E 13 service provisioning E 10 topology for Ethernet based VPLS _ E 13 topology for MPLS based VPLS E 11 VPLS policies creating 9 1 defining 9 1 Ethernet EMS EP LAN policy with CE defining 9 32 9 37 Ethernet ERMS EVP LAN policy with CE defining 9 22 Ethernet ERMS EVP LAN policy without CE defining 9 27 MPLS EMS EP LAN policy with CE defining 9 11 MPLS EMS EP LAN policy without CE defining 9 16 MPLS ERMS EVP LAN policy with CE defining 9 3 MPLS ERMS EVP LAN policy without CE defining 9 7 VPLS service requests creating 10 2 creating VPLS service requests with CE 10 2 creating VPLS service requests without CE 10 6 introducing 10 1 managing 10 1 modifying 10 10 saving 10 14 using the Bridge Domain ID attribute in 10 13 VPNs defining 2 4 setting up 1 3 VTP transparent mode configuring switches in 2 2 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01
163. 1 4 ISC terminology and supported network types E 4 L2VPN E 1 MEF E 1 E 3 topology for ATMoMPLS E 8 for Ethernet based VPLS E 13 for FROMPLS_ E 9 for L2VPN Ethernet over MPLS ERS and EWS EPL and EVPL E 5 for MPLS based VPLS E 11 overview for FlexUNI EVC 3 5 transport mode configuring transport mode when pseudowire classes are not supported 2 13 U U PEs assigning roles for 2 1 selectively determining templates for B 9 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E W index V VC ID pools creating 2 7 verifying service requests 11 3 viewing configlets in service requests 11 9 links in service requests 11 8 service request details 11 7 service request details in service requests 11 7 templates from the service requests window B 18 VLAN matching criteria attributes setting in FlexUNI EVC ATM Ethernet policies 5 10 setting in FlexUNI EVC policies 3 13 VLAN pools creating 2 5 VLAN rewrite criteria attributes setting in FlexUNI EVC ATM Ethernet policies 5 10 setting in FlexUNI EVC policies 3 14 VLAN translation 1 tol VLAN translation C 3 2 tol VLAN translation C 4 creating a policy with C 2 creating a service request with C 3 deleting a service request C 5 failed service requests due to hardware that does not support VLAN translation C 6 modifying a service request C 5 no VLAN translation C 3 overview C 1 platform specific usage notes C 6 setting up C
164. 14 template association in 3 23 FlexUNI EVC Ethernet service requests creating 4 2 introduction 4 1 local core connectivity 4 7 managing 4 1 modifying 4 21 pseudowire core connectivity 4 3 saving 4 23 setting direct connect links 4 10 setting links with L2 Access nodes 4 20 setting service request details in 4 2 setting up links to the N PE 4 9 using templates and data files in 4 22 VPLS core connectivity 4 5 FlexUNI attributes setting in FlexUNI EVC ATM Ethernet policies 5 7 setting in FlexUNI EVC Ethernet policies 3 10 frame relay over MPLS FRoMPLS E 9 frame relay policies with CE defining 7 28 without CE defining 7 31 frame relay service requests with CE creating 8 2 without CE creating 8 11 FRoMPLS_ E 9 Index W G getting started overview 1 1 tasks 1 1 history viewing in service requests 11 9 installing ISC and configuring the network 1 1 interface attributes setting in FlexUNI EVC ATM Ethernet policies 5 12 setting in FlexUNI EVC policies 3 16 IOS platform support for FlexUNI EVC 3 3 IOS XR creating and modifying pseudowire classes for IOS XR devices 2 10 platform support for FlexUNI EVC 3 4 setting up devices to support 2 3 IOS XR devices defining L2VPN group names for 2 14 ISC services setting up 2 1 L L2VPN concepts E 1 ISC terminology and supported network types E 4 service provisioning E 5 terminology conventions E 1 L2VPN Ethernet over MPLS ERS and EWS EPL and EVP
165. 16 and the range is 1500 to 9216 ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is not accepted you must adjust the size until the Service Request is deployed In ISC 6 0 different platforms support different ranges e For the 3750 and 3550 platforms the MTU range is 1500 1546 e For the 7600 ethernet port the MTU size is always 9216 Even with the same platform and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 9216 However ISC 6 0 uses 9216 in both cases e For the 7600 SVI interface VLAN the MTU size is 1500 9216 Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the UNI Port Sec
166. 21636 01 Chapter 11 Deploying Monitoring and Auditing Service Requests Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Auditing Service Requests W Choose Service Inventory gt Inventory and Connection Manager gt Service Requests The Service Requests window appears Choose an service request for the configuration audit Click Details The Service Request Details window appears Click Audit Click Config The Service Request Audit window appears Figure 11 13 shows an example of a successful configuration audit Figure 11 13 Service Request Audit Report Successful Service Request Audit Report Contig uct Report for a Seven Reanetstg Stu sucess A Ee T a E C E E This window lists the device name and role and a message regarding the status of your configuration audit B j If the audit is unsuccessful the message field lists details on the failed audit Figure 11 14 shows an example of a failed audit message for an service request Figure 11 14 Service Request Audit Report Failed Service Request Audit Report mi em 2 a 138562 The audit failure message indicates missing commands and configuration issues Carefully review the information in the message field If the audit fails you must correct all errors and redeploy the service request Click OK to return to the Service Request Details window OL 21636 01 Cisco IP Solution Center L2VP
167. 2vpnGroupNameOptions Enter a comma separated list of L2VPN group names in the New Value field Click Set Property Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P24 OL 21636 01 CHAPTER Creating a FlexUNI EVC Ethernet Policy This chapter contains an overview of FlexUNI EVC support in ISC as well as the basic steps to create a FlexUNI EVC Ethernet policy It contains the following sections e Overview of FlexUNI EVC Support in ISC page 3 1 e Defining the FlexUNI EVC Ethernet Policy page 3 6 e Setting the Service Options page 3 8 e Setting the FlexUNI Attributes page 3 10 e Setting the Interface Attributes page 3 16 e Enabling Template Association page 3 23 For information on creating FlexUNI EVC Ethernet service requests see Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Note For Ethernet E Line and E LAN services use of the FlexUNI EVC policy and service request is recommended If you are provisioning services using the FlexUNI EVC syntax or plan to do so in the future use the FlexUNI EVC service Existing services that have been provisioned using the L2VPN and VPLS service policy types are still supported and can be maintained with those service types For ATM and FRoMPLS services use the L2VPN service policy as before Overview of FlexUNI EVC Support in ISC Flexible user network interface FlexUNI is a generic approach for creating Ethernet services in ISC
168. 3 interface ATM1 0 0 370 point to point 12transport no atm enable ilmi trap encapsulation dotiq 433 pve 0 370 12transport rewrite ingress tag push dotiq 43 encapsulation aal5snap second dotiq 53 symmetric xconnect 10 20 21 1 4531 pw class ISC pw tunnel 1 12vpn xconnect group ISC p2p CISCO interface GigabitEthernet0 0 0 12 433 neighbor 192 169 105 20 pw id 4531 1 1 I Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g AS7 AppendixA Sample Configlets HI FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit no Bridge Domain Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 APPENDIX B Working with Templates and Data Files This appendix describes how to use templates and data files with ISC policies and service requests It contains the following sections e Overview page B 1 e Using Templates with ISC Policies page B 4 e Using Templates with Service Requests page B 10 S Note For an overview of the Template Manager and how templates and data files are created in ISC see Chapter 6 Service Design and Appendix D Template Usage in the Cisco IP Solution Center Infrastructure Reference 6 0 Overview ISC s Template Manager allows you to create manage and store templates and associated data files The purpose of using templates is to provide a means to do
169. 636 01 _ Chapter 7 Creating an L2VPN Policy Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19 Defining an Ethernet EWS EPL Policy withoutaCE W Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Check the VC ID AutoPick check box if you want ISC to choose a VC ID If you do not check this check box you will be prompted to provide the VC ID in a VC ID field during service activation Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This attribute is only applicable for IOS XR devices If the check box is checked an additional attribute PseudoWireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices Choose an L2VPN Group Name from the drop down list The choices are e ISC e VPNSC This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a configurable DCPL property For informa
170. 7 0 0 interface FastEthernet1 0 10 service instance 2 ethernet Customer1_248 no ip address encapsulation dotiq 545 switchport trunk allowed vlan add 545 rewrite ingress tag pop 1 symmetric l xconnect 22 22 22 22 52498 encapsulation interface FastEthernet1 0 12 mpls no spanning tree bpdufilter enable backup peer 22 22 22 22 52499 switchport no keepalive no ip address switchport switchport trunk encapsulation dotiq switchport mode trunk switchport trunk allowed vlan 545 switchport nonegotiate mac access group ISC FastEthernet1 0 12 in Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 nao E OL 21636 01 AppendixA Sample Configlets FlexUNI EVC AutoPick Service Instance Name FlexUNI EVC AutoPick Service Instance Name Configuration Configlets e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with AutoPick Service Instance Name enabled and the Service Instance Name input field left blank e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet7 0 2 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FastEthernet1 0 14 U PE N PE l vlan 452 vlan 3524 exit exit interface FastEthernet1 0 10 ethernet evc C1_1 no ip address l switchport trunk allowed vlan add 452 interface GigabitEthernet7 0 0 service instance 3 ethernet C1_1 interface FastEthernet1 0 13 encapsulation d
171. 8 Filter Values e EndToEndWire ID End to end wire identification number e Customer Name Name of the customer e VC ID Virtual circuit identification number e SR Job ID Service request job identification number e Service Type Type of service Values can be ATM ATM_NO_CE FRAME_RELAY FRAME_RELAY_NO_CE L2VPN_ERS L2VPN_ERS_NO_CE L2VPN_EWS L2VPN_EWS_NO_CE e SR State Service request state Values can be BROKEN DEPLOYED FAILED_AUDIT FAILED_DEPLOY FUNCTIONAL I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 13 Generating L2 and VPLS Reports W 12 and VPLS Reports INVALID LOST PENDING REQUESTED WAIT_DEPLOY AC1 ID First attachment circuit AC1 identification number AC2 ID Second attachment circuit AC2 identification number Output Values EndToEndWire ID End to end wire identification number Customer Name Name of the customer VPN Name of the VPN VC ID Virtual circuit identification number SR ID Service request identification number SR Job ID Service request job identification number Service Type Type of service SR State Service request state Note The SR State output does not list service requests in the CLOSED state Service requests in other states are listed as determined by the filter values AC1 ID Identification number of the first attachment circuit AC1 AC1 UNI Device In
172. 9 0 Interface s GigabitEthernet0 0 0 20 712 Configlets N PE 1 ATM N PE 2 Ethernet interface GigabitEthernet0 0 0 20 712 interface ATM1 0 0 370 point to point 12transport no atm enable ilmi trap encapsulation dotiq 712 pvc 0 370 12transport encapsulation aal5snap 12vpn xconnect 10 20 21 1 4531 pw class bridge group tml ISC pw tunnel 1 bridge domain CISCO interface GigabitEthernet0 0 0 20 712 l neighbor 192 169 105 20 pw id 1005 Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 u OL 21636 01 AppendixA Sample Configlets FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit no Bridge Domain W FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit no Bridge Domain Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with pseudowire core connectivity for end to end circuit with multiple links Bridge domain is disabled One link is terminates on an ATM interface on N PE 1 and the other link terminates on an Ethernet interface on N PE 2 e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 0 370 The N PE 2 is a Cisco ASR 9000 with IOS XR 3 9 0 Interface s GigabitEthernet0 0 0 12 433 Configlets N PE 1 ATM N PE 2 Ethernet interface GigabitEthernet0 0 0 12 43
173. 9216 and the range is 1500 to 9216 ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is not accepted you must adjust the size until the Service Request is deployed In ISC 6 0 different platforms support different ranges e For the 3750 and 3550 platforms the MTU range is 1500 to 1546 e For the Cisco 7600 Ethernet port the MTU size is always 9216 Even with the same platform and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 to 9216 However ISC 6 0 uses 9216 in both cases e For the Cisco 7600 SVI interface VLAN the MTU size is 1500 to 9216 Step16 Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 nE Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy HZ Setting the Interface Attributes This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more t
174. 96 Iv vtp drop threshold 0 4096 v Enable stp Iv Iv stp shutdown threshold 0 4096 v stp drop threshold 0 4098 Vv m D Recovery Interval in seconds 30 86400 E S For each protocol that you choose enter the shutdown threshold and drop threshold for that protocol a Enable cdp Enable Layer 2 tunnelling on Cisco Discover Protocol CDP b cdp shutdown threshold Enter the number of packets per second to be received before the interface is shut down c cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets d Enable vtp Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP e vtp shutdown threshold Enter the number of packets per second to be received before the interface is shut down f vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets g Enable stp Enable Layer 2 tunnelling on Spanning Tree Protocol STP h stp shutdown threshold Enter the number of packets per second to be received before the interface is shut down i stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets j Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Step 26 Check the N PE Pseudo wire On SVI check box to configure the pseudowire
175. AC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Choose a Port Type The choices are e Access Port e Trunk with Native VLAN Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B ERMS EVP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter9 Creating a VPLS Policy HZ Defining an Ethernet ERMS EVP LAN Policy without a CE Step 16 Step 17 Step 18 Step 19 Step 20 Step 21 Step 22 Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name Check the Use Existing ACL Name check box if you want assign your own named access list to the port By d
176. ATM1 0 0 33 ATM1 0 1 222 Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a Asi AppendixA Sample Configlets WE FiexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with pseudowire core connectivity for end to end circuit with multiple links One link terminates on ATM interface on N PE 1 and other link terminates on an Ethernet interface on N PE 2 e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 0 370 The N PE 2 is a Cisco ASR 9000 with IOS XR 3 9 0 Interface s GigabitEthernet0 0 0 4 458 Configlets N PE 1 ATM N PE 2 Ethernet interface GigabitEthernet0 0 0 4 458 interface ATM1 0 0 370 point to point 12transport no atm enable ilmi trap encapsulation dotiq 458 pvc 0 370 12transport encapsulation aal5snap 12vpn xconnect 192 169 105 100 123 pw class xconnect group VPNSC inter ether p2p iscind crs 1 48856 interface GigabitEthernet0 0 0 4 458 neighbor 192 168 118 167 pw id 123 l Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC ATM Et
177. Before creating an L2VPN or VPLS service request you must predefine the physical links between CEs and PEs The Named Physical Circuit NPC represents a link going through a group of physical ports Thus more than one logical link can be provisioned on the same NPC therefore the NPC is defined once but used during several L2VPN or VPLS service request creations There are two ways to create the NPC links e Through an NPC GUI editor For details on how to do this see Creating NPCs Through an NPC GUI Editor page 2 8 e Through the autodiscovery process For details on how to do this see Creating NPC Links Through the Autodiscovery Process page 2 10 An NPC definition must observe the following creation rules e An NPC must begin with a CE or an up link of the device where UNI resides or a Ring e An NPC must end with an N PE or a ring that ends in an N PE If you are inserting NPC information for a link between a CE and UNI you enter the information as e Source Device is the CE device e Source Interface is the CE port connecting to UNI e Destination Device is the UNI box e Destination interface is the UNI port If you are inserting NPC information for a CE not present case you enter the information as e Source Device is the UNI box e Source Interface is the UP LINK port not the UNI port on the UNI box connecting to the N PE or another U PE or PE AGG e Destination Device is the U PE PE AGG or N PE e Destination Interface
178. CE N PE U PE or PE AGG interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interface types Step3 Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Step4 Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 BEEN Chapter9 Creating a VPLS Policy HZ Defining an Ethernet EMS EP LAN Policy without a CE Step 5 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a N PE U PE Encapsulation type The choices are e DOTIQ
179. Center L2VPN and Carrier Ethernet User Guide 6 0 E W index S saving FlexUNI EVC ATM Ethernet service requests 6 24 FlexUNI EVC service requests 4 23 L2VPN service requests 8 26 VPLS service requests 10 14 service attributes setting in FlexUNI EVC ATM Ethernet policies 5 8 setting in FlexUNI EVC policies 3 11 service options setting in FlexUNI EVC ATM Ethernet policies 5 4 setting in FlexUNI EVC Ethernet policies 3 8 service providers defining 2 3 service provisioning for L2VPN E 5 service request details setting for FlexUNI EVC ATM Ethernet service requests 6 3 setting in FlexUNI EVC Ethernet service requests 4 2 service requests associating templates and data files to B 11 auditing 11 1 11 12 choosing templates and data files in the service request workflow B 14 configlets viewing 11 9 creating a data file in the service request workflow B 16 creating data files in B 12 creating with VLAN translation C 3 decommissioning service requests with added templates B 18 deploying 11 1 11 2 history viewing 11 9 links viewing 11 8 monitoring 11 1 11 10 overview of L2VPN service requests 1 4 over view of VPLS service requests 1 4 pre deployment changes 11 1 service request details viewing 11 7 states of 11 4 using templates with B 10 B 14 verifying 11 3 service requests see also by type 1 4 setting ATM interface attributes in FlexUNI EVC ATM Ethernet policies 5 6 ATM link attributes i
180. Configure with Bridge Domain this is available in the policy workflow in the EVC Policy Editor Service Options window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise the service request will not be created with xconnect under SVI even if N PE Pseudo wire on SVI is enabled Usage notes ISC supports a hybrid configuration for FlexUNI EVC service requests In a hybrid configuration the forwarding commands such as xconnect for one side of an attachment circuit can be configured under a service instance and the xconnect configuration for the other side of the attachment circuit can be configured under a switch virtual interface SVI For examples of these cases see configlet examples Flex UNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVJ page A 39 and FlexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI page A 40 N PE Pseudo wire on SVI is applicable for all connectivity types but a hybrid SVI configuration is possible only for pseudowire connectivity When MPLS Core Connectivity Type is set as LOCAL connectivity type the N PE Pseudo wire on SVI attribute is always disabled in the policy and service request The N PE Pseudo wire on SVI attribute is not supported for IOS XR devices All the xconnect commands are configured on L2 subinterfaces service instance Table 5 2 shows various use cases for hybrid conf
181. D admin Customer2 L2tpv3AtmNoCe 8 15 06 1 53 PM rh ml REQUESTED VPLS ADD admin Customer YplsMplsErsCe 8 18 06 11 46 AM eriz REQUESTED VPLS ADD admin Customer VplsMplsEwsNoCe 8 18 06 2 37 PM Rows per page 10 x 1d q co to page fi ot1 Ga DDI Auto Refresh V Create Details Status Edit Deploy f Decommission Purge 138604 Step 2 If however the VPLS service request creation failed for some reason for example a value chosen is out of bounds you are warned with an error message In such a case you should correct the error and save the service request again Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P1014 E OL 21636 01 ee Deploying Monitoring and Auditing Service Requests This chapter describes how to deploy monitor and audit L2VPN VPLS or FlexUNI EVC service requests and how to access task logs It contains the following sections e Deploying Service Requests page 11 1 e Monitoring Service Requests page 11 10 e Auditing Service Requests page 11 12 Deploying Service Requests To apply L2VPN VPLS or FlexUNI policies to network devices you must deploy the service request When you deploy a service request ISC compares the device information in the Repository the ISC database with the current device configuration and generates a configlet Pre Deployment Changes Step 1 Step 2 Step 3 Step 4 You can change the Dynamic Component Properties L
182. Devices with UNI This option causes templates data files to be configured on devices of the specified role with a UNI interface e All other devices This option causes templates data files to be configured on all devices of the specified role including those with a UNI interface Figure B 7 shows these options in the Template Data File column of the Template Association window Figure B 7 Options for Selectively Determining Templates for U PE and PE AGG Device Roles emplate Association Attribute Value Template Enable Iv Associate Template Datafile s E Role Type TemplateData File Editable O N PE _y Add v Devices with UNI Add T PE AGG x All other Devices Add a Devices with UI 0 U PE Te All other Devices Add M Add Delete 204823 Usage notes e The templates data files are selected by clicking on the Add link next to the desired option The subsequent steps are the same as provided in Associating Templates and Data Files to a Policy page B 5 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix B Working with Templates and Data Files HI Using Templates with Service Requests This features is not applicable for device roles other than U PE and PE AGG In Figure B 7 the N PE role only displays a single Add link in the Template Data File column For backward compatibility when editing or viewing old and existing policies for U PE and PE AGG devic
183. E non GSR platform should be used in the same circuit which is terminating on a GSR device N PE In other words an NPC circuit should be used to provision VPLS EMS on GSR devices Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 10 13 Chapter 10 Managing a VPLS Service Request W Saving the VPLS Service Request Saving the VPLS Service Request To save a VPLS service request perform the following steps Step 1 When you are finished with Link Attributes for all the Attachment Circuits click Save to finish the VPLS service request creation If the VPLS service request is successfully created you will see the service request list window See Figure 10 16 The newly created VPLS service request is added with the state of REQUESTED as shown in the figure Figure 10 16 VPLS Service Request Created Service Requests Show Services with Job ID matching fr of Type All Showing 1 8 of 8 records Job Operation Customer 1D State Type Type Creator Hame Policy Name Last Modified Description kf Mm fe L REQUESTED L2YPN MODIFY admin Customer L2vpnErsCe 8M 4 06 3 49 PM 2 r10 L REQUESTED L2VPN ADD admin Customer L2vpnEwsCe 8 14 06 11 41 AM 3 O 12 REQUESTED L2VPN ADD admin Customer1 L2vpnErsNoCe 8M 406 2 33 PM ar ___ REquesTeD L2VPN ADD admin Customer L2vpnEwsNoCe 8 14 06 3 31 PM s D 18 L REQUESTED L2VPN ADD admin Customer L2tpv3AtmCe 81506 12 03 PM 6r 20 __ RequesteD L2VPN AD
184. E UNI Interface Circuit Selection Circuit Details Jf m sw3 Select One S Detail Select one circuit Circuit Details Rows per page 10 x I lt q Goto page 1 of 1 G3 DDI Add Link Delete Link l OK Cancel Note Required Field Choose a PE interface from the drop down list 138394 Note ISC only displays the available interfaces for the service based on the configuration of the underlying interfaces existing service requests that might be using the interface and the customer associated with the service request You can click the Details button to display a pop up window with information on the available interfaces such as interface name customer name VPN name and service request ID service request type VLAN translation type and VLAN ID information Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 8 18 8 OL 21636 01 Chapter8 Managing an L2VPN Service Request Creating an L2VPN Service Request W Step 10 Ifthe PE role type is N PE the columns Circuit Selection and Circuit Details are disabled In this case skip to Step 13 Step11 If the PE role type is U PE click Select one circuit in the Circuit Selection column The Select NPC window appears See Figure 8 27 Figure 8 27 Select NPC Showing 1 3 of 3 records _ _ Select Hame le C 1 sw3 GigabitEthernet0 2 lt pe1 FastEthernet0 0 2 C 7 sw3 lt gt pe Ethernet41 3 ce 8 sw3 lt p
185. E wal N_PE1 vN_PE2 PE_AGG ge a vi es MPLS Cote ee __ i es 3 U m b K scenario eae Site A cE CE 138356 Distributed PE scenario The end customer is connected through an Access Domain to the N PE in Figure E 3 That is there is a Layer 2 switching environment in the middle of CE and N PE Figure E 3 Distributed PE Scenario 2 777 gt s Ethernet Services ip N_PE1 N_PE2 af X PE_AGG 10 1 1 1 aae LT I By Ea MPLS Core E3 1 l CE scenario ite B eS Distributed PE she Site A O m 138357 In both cases a VLAN is assigned in one of the following ways Automatically assigned by ISC from the VLAN pool that is predefined by the user e Manually assigned by the user through the GUI or the North Bound Interface NBI In EoMPLS ISC creates a point to point tunnel and then targets the EoMPLS tunnel to the peer N PE router through which the remote site can be reached The remote N PE is identified by its loopback address In Figure E 4 N PE1 and N PE2 have 10 1 1 1 and 10 2 2 2 as loopback addresses In Figure E 4 Site A has been allocated a VLAN 100 and Site B a VLAN 200 You can have different VLAN IDs at either end of the circuit because the VLANs have local significance only that is within the Ethernet access domain which is delimited by the N PE Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01
186. Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining an MPLS EMS EP LAN Policy without a CE This section describes defining a VPLS policy with an MPLS core type and an EMS EP LAN service type without a CE present Figure 9 15 is an example of the first page of this policy Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Poe E OL 21636 01 Chapter9 Creating a VPLS Policy Defining an MPLS EMS EP LAN Policy withoutaCE W Figure 9 15 MPLS EMS EP LAN Policy without a CE VPLS Policy Editor Attribute Value Policy Name VplsMplsEmsNoCe Customer Policy Owner Provider Global Policy 7 MPLS Core Type O Ethernet i O Ethernet Relay Multipoint Service ERMS Service Type Ethernet Multipoint Service EMS CE Present a Note Required Field Step 1 of 3 204784 Perform the following steps Step 1 Click Next The window in Figure 9 16 appears The Editable check box gives you the option of making a field editable If you check Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g o7 Ch
187. Editor window appears See Figure 8 22 Figure 8 22 EWS EPL Service Request Editor L2 PN Point To Point Service Request Editor EndToEndWire Editor SRID New Job ID New Policy Name L2vpnEwsNoCe Core Type MPLS VPH Select VPH Description Showing 0 of 0 records J ID Description Attachment Circuitt AC1 ACI Attributes Circuit1 ID Attachment Circuit2 AC2 AC2 Attributes Circuit2 ID Rows per page 10 x I lt q Goto page 1 of 0 Ga DI Add Link Delete Link Save Cancel Note Required Field 138390 Click Select VPN to choose a VPN for use with this PE The Select a VPN window appears with the VPNs defined in the system Choose a VPN Name in the Select column Click Select The End To End Wire Editor window appears with the VPN name displayed See Figure 8 23 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Peis E OL 21636 01 Chapter8 Managing an L2VPN Service Request Creating an L2VPN Service Request W Figure 8 23 End To End Wire Editor L2VPN Point To Point Service Request Editor Ee ae ara a ee ee C mi E Add AC Default Add AC Default Note Required Field 138391 Step5 Click Add AC in the Attachment Circuit AC1 column The Attachment Tunnel Editor window appears See Figure 8 24 Figure 8 24 Select the PE for the Attachment Circuit L2 PN Point To Point Service Request E
188. FlexUNI EVC Ethernet Policy Setting the Interface Attributes W Table 3 2 Use Cases for Hybrid Configuration for FlexUNI EVC Service Requests N PE Use Bridge Pseudowire Domain FlexUNI on SVI CLIs Generated True True True e xconnect under VLAN interface e Service instance under main interface True True False e xconnect under service instance e Service instance under main interface False True N A e xconnect under service instance e Service instance under main interface True False True xconnect under VLAN interface True False False xconnect under subinterface False False False xconnect under subinterface Step14 Specify the type of VLAN Translation for this policy by clicking the appropriate radio button The choices are e No No VLAN translation is performed This is the default e 1 1 1 1 VLAN translation e 2 1 2 1 VLAN translation amp Note For detailed coverage of setting up VLAN translation see Appendix C Setting Up VLAN Translation amp Note VLAN translation is only supported on links that are specified as non FlexUNI at the service request level Step15 Enter the MTU Size in bytes The maximum transmission unit MTU size is configurable and optional The default size is 9216 and the range is 1500 to 9216 ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is n
189. Guide 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 roadmap docguide html Release Notes for Cisco IP Solution Center 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 release notes relnotes html Cisco IP Solution Center Installation Guide 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 installation guide installation html Cisco IP Solution Center Infrastructure Reference 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 infrastructure reference guide infrastructure html Cisco IP Solution Center System Error Messages 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 system messages messages html Cisco IP Solution Center Third Party and Open Source Copyrights 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 third_party open_source ISC_Third_Party_and_Open_Source_Copyrights60 html Application and technology documentation listed alphabetically AP Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 12vpn user guide 12vpn60book html Cisco IP Solution Center MPLS Diagnostics Expert Failure Scenarios Guide 6 0 http www cisco com en US docs net_mgmt ip_solution_center 6 0 mpls_failure_scenarios user guide mdefs html Cisco IP Solution Center MPLS Diagnostics Expert User Guide 6 0 http www cisco com en US docs
190. ID is created automatically based on the service For example for Ethernet it is based on the VLAN number for Frame Relay it is based on the DLCI for ATM it is based on the VPI VCI Step 18 Click Save The EWS EPL service request is created and saved in ISC Modifying the L2VPN Service Request This section describes how to edit the L2VPN service request attributes This is also where you can associate templates and data files to devices that are part of the ACs Perform the following steps Step1 Choose Service Inventory gt Inventory and Connection Manager gt Service Requests See Figure 8 30 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 8 Managing an L2VPN Service Request Step 2 Step 3 Step 4 Modifying the L2VPN Service Request Ml Figure 8 30 L2VPN Service Activation Service Requests Showing 1 4 of 4 records 1 07 7 __ Requestep Laven admin Customer L2vpnErsCe 81 06 2 54 PM 2 7 10 _ REQUESTEDL2veN ADD admin Customer L2vpnEwsCe 8 1406 11 41 AM 3 17 12 __ REQUESTEDL2vPN ADD admin Customeri L2vpnErsNoCe 8 14 06 2 33 PM 4 17 i4 __ REQUESTEDL2vPN ADD admin Customer L2vpnEwsNoCe 8 1 4106 3 31 PM ee 138580 Check a check box for a service request Click Edit The End to End Wire Editor window appears See Figure 8 31 Figure 8 31 End to End Wire Editor L2VPN Point To Point Service Request Editor
191. Interface Type for UNI Display ANY UNI Vv UNIMAC Addresses Edit Vv Link Speed None z m Link Duplex None gt IV VLAN and Other Information PEUN Interface Description o o i yO Vv VLAN ID AutoPick Vv Vv VLAN Name siz Use Existing ACL Name a Port Based ACL Name ai rd Disable CDP Vv Vv Filter BPDU Vv Vv UNI Port Security im IV Note Required Field Step 2 of 3 Choose an Interface Type from the drop down list 211700 You can choose a particular interface on a CE N PE U PE or PE AGG interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interface types Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service E Cisco IP Sol
192. It can if supported by the hardware be used for all Ethernet provisioning For information on what platforms support FlexUNI EVC see Platform Support for FlexUNI EVC in ISC 6 0 page 3 3 The FlexUNI EVC policy is flexible and generic and allows for service designers to provide greater service offerings than available through traditional ISC L2VPN and VPLS services Certain line cards have interfaces that support the Cisco IOS Ethernet Virtual Circuit EVC syntax These interfaces can be configured with either EVC infrastructure features or with switch port command line interface commands Class FlexUNI optionally supports the EVC CLI syntax infrastructure For this reason the FlexUNI policies and service requests are referred to by the umbrella term FlexUNI EVC However it is important to note that FlexUNI EVC policies and service request are not tied to the new EVC syntax Service endpoints can use non EVC syntax also I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter3 Creating a FlexUNI EVC Ethernet Policy WE Overview of FlexUNI EVC Support in ISC Services leveraging the FlexUNI EVC infrastructure are varied in nature and there is not always a clear delineation between different services This is because FlexUNI EVC provides great flexibility in the way these services can be delivered This can make it challenging to define the services For example a traditional ERS could be d
193. Its Regions W Setting Up Devices for IOS XR Support Step 1 Step 2 Step 3 L2VPN in ISC 6 0 supports devices running Cisco s IOS XR software IOS XR a new member of the Cisco IOS family is a unique self healing and self defending operating system designed for always on operation while scaling system capacity up to 92Tbps In L2VPN IOS XR is only supported on Cisco XR12000 and CRS 1 series routers functioning as network provider edge N PE devices In L2VPN the following e line services are supported for IOS XR e Point to point ERS with or without a CE e Point to point EWS with or without a CE The following L2VPN features are not supported for IOS XR e Standard UNI port on an N PE running IOS XR The attribute Standard UNI Port in the Link Attributes window is disabled when the UNI is on an N PE device running IOS XR e SVlI interfaces on N PEs running IOS XR The attribute N PE Pseudo wire On SVI in the Link Attributes window is disabled for IOS XR devices e Pseudowire tunnel selection The attribute PW Tunnel Selection in the Link Attributes window is disabled for IOS XR devices e EWS UNI dotlq tunnel or Q in Q on an N PE running IOS XR e Frame Relay ATM and VPLS services To enable IOS XR support in L2VPN perform the following steps Set the DCPL property Provisioning Service l2vpn platform CISCO_ROUTER IosXRConfigType to XML Possible values are CLI CLI_XML and XML the default Create the device in
194. JANY z Interface Format Oo o o UNI Shutdown E Vv PW Tunnel Selection 2 r v Note Required Field Step 2 of 3 g ran z G Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 731 Chapter7 Creating an L2VPN Policy W Defining a Frame Relay Policy without a CE Step 2 Step 3 Step 4 Choose the N PE U PE Interface Type for the CE from the drop down list The choices are e ANY e Serial MFR e POS e Hssi e BRI Enter an Interface Format as the slot number port number for the PE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose the N PE U PE Encapsulation type The choices are e FRAME RELAY e FRAME RELAY IETF Note Step 5 Step 6 Step 7 Step 8 If the Interface Type is ANY ISC will not ask for an Encapsulation type in the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point
195. L E 5 L2VPN policies creating 7 1 defining 7 1 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E W index defining an Ethernet ERS EVPL policy with CE 7 3 defining an Ethernet ERS EVPL policy without CE 7 9 defining an Ethernet EWS EPL policy with CE 7 15 defining an Ethernet EWS EPL policy without CE 7 22 L2VPN service requests creating 8 2 creating an ERS EVPL ATM or frame relay L2VPN service request with CE 8 2 creating an ERS EVPL ATM or frame relay L2VPN service request without CE 8 11 creating an EWS EPL L2VPN service request with CE 8 8 creating an EWS EPL L2VPN service request without CE 8 16 introducing 8 1 managing 8 1 modifying 8 20 saving 8 26 links creating NPC links through autodiscovery 2 10 setting up links with L2 Access nodes in FlexUNI EVC service requests 4 20 viewing in service requests 11 8 local core connectivity in FlexUNI EVC ATM Ethernet service requests 6 6 in FlexUNI EVC service requests 4 7 loopback addresses setting on N PE devices 2 2 setting up for an N PE 1 3 managing FlexUNI EVC ATM Ethernet service requests 6 1 FlexUNI EVC Ethernet service requests 4 1 L2VPN service requests 8 1 VPLS service requests 10 1 MEF mapping MEF terminologies to network technologies E 3 terminology conventions E 1 Metro Ethernet Forum see MEF E 1 modifying FlexUNI EVC ATM Ethernet service requests 6 23 FlexUNI E
196. LAN ID information Note Step 6 When the UNI is configured on an N PE device running IOS XR the Standard UNI Port attribute is not supported All the CLIs related to Standard UNI Port and UNI Port Security are ignored in this case Check the FlexUNI check box to mark the link for configuring service instance for the links Note The FlexUNI check box is mentioned at this stage because the setting of the check box alters the behavior of the link editing function available in the Link Attributes column This is covered in the next steps Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 ao OL 21636 01 Chapter4 Managing a FlexUNI EVC Ethernet Service Request Step 7 Step 8 Setting the Service Request Details W Editing the Link Attributes The next steps document the use of the Edit link in the Link Attributes column In the case where the link attributes have already been set this link changes from Edit to Change The link editing workflow changes depending on the status of the FlexUNI check box for the link If the FlexUNI check box is checked the editing workflow involves setting attributes in two windows for two sets of link attributes e The FlexUNI Details e Standard UNI Details If the FlexUNI check box for the link is not checked only the Standard UNI Details window is presented In the steps that follow both scenarios covered Click Edit in the Link Attribute
197. N the MTU size is 1500 9216 Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Note Step 29 Step 30 The PW Tunnel Selection attribute will be unavailable within service requests based on this policy for devices running IOS XR Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files
198. N Translation This appendix describes how to set up VLAN translation for L2VPN ERS EVPL services It contains the following sections e VLAN Translation Overview page C 1 e Setting Up VLAN Translation page C 1 e Platform Specific Usage Notes page C 6 Note For helpful information to be aware of before you create policies and services using VLAN translation review Platform Specific Usage Notes page C 6 VLAN Translation Overview VLAN translation provides flexibility in managing VLANs and Metro Ethernet related services There are two types of VLAN translation one is 1 to 1 translation 1 1 and the other one is 2 to 1 translation 2 1 This feature is available for L2VPN ERS EVPL with and without a CE The behavior of L2VPN ERS EVPL service remains the same even though it is true that it is possible now for one Q in Q port to be shared by both EWS EPL and ERS EVPL service VLAN translation is only for an Ethernet interface not for other types of interfaces such as ATM and Frame Relay With 1 1 VLAN translation the VLAN of the incoming traffic CE VLAN is replaced by another VLAN PE VLAN It means the service provider is now able to handle the situation where incoming traffic from two different customers share the same CE VLAN The SP can map these two CE VLANs to two different PE VLANs and customer traffic will not be mixed With 2 1 VLAN translation the double tagged Q in Q traffic at the U PE UNI port c
199. N and Carrier Ethernet User Guide 6 0 E Chapter11 Deploying Monitoring and Auditing Service Requests W Auditing Service Requests Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Pia OL 21636 01 CHAPTER 1 Using Autodiscovery for L2 Services All discovery steps are integrated in a discovery workflow controlled from the ISC GUI This is accessed in ISC through Service Inventory gt Discovery The following discovery features are supported File based device discovery is supported Rules based device role assignment is supported Discovery progress messages and logs are viewable in the GUI to keep track of various discovery stages Bulk creation of Provider Customer Site and Region objects is available through an XML data file For detailed steps on using the autodiscovery feature in ISC see the Cisco IP Solution Center Infrastructure Reference 6 0 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter12 Using Autodiscovery for L2 Services Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P22 E OL 21636 01 Overview Accessing Step 1 CHAPTER 1 Generating L2 and VPLS Reports This chapter provides information on generating L2 and VPLS reports It contains the following sections e Overview page 13 1 e Accessing L2 and VPLS Reports page 13 1 e L2 and VPLS Reports page 13 2 e Creating Custom L2
200. NI EVC Pseudowire Core Connectivity UNI without Port Security with Bridge Domain A 32 FlexUNI EVC Pseudowire Core Connectivity UNI Port Security A 31 Flex UNI EVC User Provided Service Instance Name Local Core Connectivity A 44 Flex UNI EVC User Provided Service Instance Name Pseudowire Core Connectivity A 43 Flex UNI EVC User Provided Service Instance Name VPLS Core Connectivity A 45 FlexUNI EVC VPLS Core Connectivity no UNI Port Security A 35 FlexUNI EVC VPLS Core Connectivity UNI Port Security A 34 Frame Relay DLCI Mode A 28 Frame Relay over MPLS A 27 overview A 2 VPLS Multipoint EMS EP LAN BPDU Tunneling A 30 VPLS Multipoint ERMS EVP LAN A 29 configlets see also configlet examples A 1 viewing in service requests 11 9 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Index W configuring D basic ISC services 1 2 device settings to support ISC 2 2 data files switches in VTP transparent mode 2 2 creating in service requests B 12 the network 1 1 see also templates and data files B 1 the network to support Layer 2 services 1 2 using in FlexUNI EVC ATM Ethernet service requests 6 24 transport mode when pseudowire classes are not supported 2 13 using in FlexUNI EVC service requests 4 22 conventions working with templates and data files B 1 for terminology 1 4 defining creating access domains 2 4 custom L2 and VPL
201. OL 21636 01 AppendixA Sample Configlets ERS EVPL or EWS EPL IOS XR Device Hl ERS EVPL or EWS EPL IOS XR Device Configuration e Service L2VPN Metro Ethernet e Feature ERS EVPL or EWS EPL e Device configuration s The N PE is a CRS 1 with IOS XR 3 4 2 UNI on N PE ERS EVPL only U PE EWS EPL or ERS EVPL Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 BA Appendix A Sample Configlets HERS EVPL or EWS EPL IOS XR Device Configlets N PE lt xml version 1 0 encoding UTF 8 gt lt Request MajorVersion 1 MinorVersion 0 gt lt Set gt lt Configuration Source CurrentConfig gt lt InterfaceConfigurationTable gt lt InterfaceConfiguration gt lt Naming gt lt Name gt GigabitEthernet0 0 0 1 302 lt Name gt lt Active gt act lt Active gt lt Naming gt lt InterfaceModeNonPhysical gt L2Transport lt InterfaceModeNonPhysical gt lt InterfaceConfiguration gt lt InterfaceConfigurationTable gt lt L2VPN gt lt Enabled gt true lt Enabled gt lt XConnectGroupTable gt lt XConnectGroup gt lt Naming gt lt Name gt VPNSC lt Name gt lt Naming gt lt Enabled gt true lt Enabled gt lt P2PXConnectTable gt lt P2PXConnect gt lt Naming gt lt Name gt GigabitEthernet0_0_0_1 302 lt Name gt lt Naming gt lt Enabled gt true lt Enabled gt lt AttachmentCircuitTable gt lt AttachmentCircuit gt lt Na
202. Optional Variables At this point you are in the standard workflow for creating a data file in ISC In the Date File Editor window you can specify a name and description for the data file set variable values view the configlet and so on For details on how to perform these steps see the chapter Service Design in the Cisco IP Solution Center Infrastructure Reference 6 0 When you have completed setting the attributes for the new data file click Save and then Close to save this information and close the file click Configure to show the configuration file or click Close and then be sure to click OK if you want to save the information you have created If you do not want to save this information click Close and then click Cancel I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E 211687 Appendix B Working with Templates and Data Files HI Using Templates with Service Requests When the data file is saved the Template Datafile Chooser window appears with the newly created data file listed Decommissioning Service Requests with Added Templates This section describes how to decommission ISC service requests that have added templates AS Note For general information on how templates are used in ISC see Chapter 6 Service Design and Appendix D Template Usage in the Cisco IP Solution Center Infrastructure Reference 6 0 As mentioned in the Cisco IP
203. P Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 EN Chapter 7 Creating an L2VPN Policy HZ Defining an Ethernet ERS EVPL Policy without a CE Step 2 Step 3 Figure 7 7 L2VPN Point To Point Policy Editor Attribute N PEJU PE Information Interface Type Standard UNI Port Interface Format UNI Shutdown Keep Alive Interface Type for UNI Display ANY UNI VLAN and Other Information VLAN ID AutoPick VC ID AutoPick VLAN Name Use PseudoWireClass L2VPN Group Name E Line Name Link Media Link Speed Link Duplex Use Existing ACL Name Port Based ACL Name UNI MAC Addresses UNI Port Security N PE Pseudo wire On svi VLAN Translation PW Tunnel Selection 9 Note Required Field Step 20f3 Choose a N PE U PE Interface Type from the drop down list ANY v Iv Iv r IV Vv F Iv F ISC y None X 1000 bd Auto v r abcd 5566 7788 permit r Vv No f 14 24 r Value Ethernet ERS EVPL without CE Policy Attributes Edit ad lt I IQ A AAI 9 4 204854 You can choose a particular interface as a CE N PE or U PE interface based on the service provider s POP design The interfaces are ANY Any interface can be chosen Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection Ethernet FastEthernet GE WAN GigabitEt
204. PLS service requests 10 13 Cc cell relay over MPLS E 8 CEs creating an EWS EPL L2VPN service request with CE 8 8 creating VPLS service requests with CE 10 2 defining an Ethernet EWS EPL policies with CE 7 15 defining ATM policies with CE 7 33 defining Ethernet EMS EP LAN policies with CE 9 32 defining Ethernet ERMS EVP LAN policies with CE 9 22 defining Ethernet ERS EVPL policies with CE 7 3 defining frame relay policies with CE 7 28 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Index defining MPLS EMS EP LAN policies with CE 9 11 defining MPLS ERMS EVP LAN policies with CE 9 3 configlet examples ATM Port Mode Pseudowire Class E Line L2VPN Group Name IOS XR Device A 26 ATM over MPLS VC Mode A 24 ATM over MPLS VP Mode A 25 ERS EVPL 1 to 1 VLAN Translation A 7 ERS EVPL 2 to 1 VLAN Translation A 8 ERS EVPL NBI Enhancements for L2VPN IOS Device A 10 ERS EVPL Point to Point A 4 ERS EVPL Point to Point UNI Port Security A 5 ERS EVPL EWS EPL ATM or Frame Relay Additional Template Variables for L2VPN IOS and IOS XR Device A 15 ERS EVPL and EWS EPL Local Connect on E Line A 14 ERS EVPL or EWS EPL IOS XR Device A 11 ERS Pseudowire Class E Line L2 VPN Group Name IOS XR Device A 9 EWS EPL Hybrid A 19 EWS EPL NBI Enhancements for L2VPN IOS Device A 23 EWS EPL Point to
205. PN attributes related to MPLS and VPLS are ignored e Specify a bridge domain configuration if applicable e Specify a service request description e Specify automatic or manual allocation of the VC ID or VPLS VPN ID I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter4 Managing a FlexUNI EVC Ethernet Service Request HI Creating a FlexUNI EVC Service Request e Add direct connect links if applicable e Add links with L2 access nodes if applicable e Choose the N PE and UNI interface for links e For links with L2 access nodes choose a Named Physical Circuit NPC if more than one NPC exists from the N PE or the UNI interface e Edit the link attributes e Modify the service request e Save the service request For sample configlets for ATM Ethernet Interworking scenarios see Appendix A Sample Configlets Creating a FlexUNI EVC Service Request Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 To create a FlexUNI EVC Ethernet service request perform the following steps Choose Service Inventory gt Inventory and Connection Manager gt Service Requests The Service Requests window appears Click Create Choose FlexUNI EVC from the drop down list The Select EVC Policy window appears If more than one FlexUNI EVC policy exists a list of FlexUNI EVC policies appears FlexUNI EVC service requests must be associated with a FlexUNI EVC policy You ch
206. Point A 16 EWS EPL Point to Point UNI Port Security BPDU Tunneling A 17 EWS EPL Pseudowire Class E Line L2VPN Group Name IOS XR Device A 22 FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit A 49 A 50 FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit A 48 A 51 A 54 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit A 52 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit no Bridge Domain A 57 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain A 55 A 56 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit A 47 A 53 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Point to Point Circuit A 46 FlexUNI EVC AutoPick Service Instance Name A 41 FlexUNI EVC Local Connect Core Connectivity UNI no Port Security Bridge Domain A 38 FlexUNI EVC Local Connect Core Connectivity UNI Port Security A 36 FlexUNI EVC No AutoPick Service Instance Name No Service Instance Name A 42 FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI A 39 FlexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI A 40 FlexUNI EVC Pseudowire Core Connectivity UNI and Pseudowire Tunneling A 33 FlexU
207. Policy HZ Defining an Ethernet ERMS EVP LAN Policy with a CE Step 17 Step 18 Step 19 Step 20 Step 21 Step 22 Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the Filter BPDU check box to specify that the UNI port should not process Layer 2 Bridge Protocol Data Units BPDUs Check the UNI Port Security check box see Figure 9 22 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is d
208. Policy HZ Setting the Interface Attributes Step 8 The EVC Policy Editor Interface Attribute window appears as shown in Figure 3 3 Continue with the steps contained in the next section Setting the Interface Attributes page 3 16 Setting the Interface Attributes amp This step of creating the FlexUNI EVC Ethernet policy involves setting the interface attributes as shown in the EVC Policy Editor Interface Attribute window in Figure 3 4 The attributes you can configure in this window are grouped under the following categories e N PE U PE information e Speed and duplex information e ACL name and MAC addresses e UNI port security e Storm control e L2 protocol tunneling In some cases checking an attribute causes additional attributes to appear in the GUI This is covered in the steps that follow Note If the CE is directly connected to an N PE only speed duplex UNI shutdown and other generic options are presented In this case port security storm control L2 protocol tunneling and other advanced features are not supported due to the current platform limitations If these features are needed for a service the service provider must deploy Layer 2 Ethernet access nodes beyond the FlexUNI to support these requirements Note Attributes available in the Interface Attributes window dynamically change based on the choice made for the MPLS Core Connectivity Type PSEUDOWIRE LOCAL or VPLS in the Servi
209. Previous Highest 5 Exact Match Exact Match No Values No Values Exact Match 6 Exact Match Exact Match No Values No Values Previous Highest 7 Exact Match Exact Match No Values No Values No Values 8 Exact Match No Values Exact Match Exact Match Exact Match 9 Exact Match No Values Exact Match Exact Match Previous Highest 10 Exact Match No Values Exact Match No Values Exact Match 11 Exact Match No Values Exact Match No Values Previous Highest 12 Exact Match No Values No Values No Values Exact Match 13 Exact Match No Values No Values No Values Previous Highest 14 Exact Match Default No Values No Values No Values 15 Exact Match No Values No Values No Values Default 16 Exact Match No Values No Values No Values No Values Additional usage notes for subtemplates e ISC does not perform checks for the depth of subtemplates Only one level of subtemplates is supported e No validations are done to check if the super template and subtemplate structures are cyclic e When the operator attempts to delete a subtemplate that is referenced by a super template a warning message is generated e Subtemplates can be modified e Subtemplates can be attached to multiple super templates e Inthe current release multiple data files are not supported for subtemplates If multiple data files are found the service request automatically chooses the first data file from a list of available data files sorted
210. QUESTED Eve ADD admin Customer2 FlexUNI_pseudo 7 25 08 4 38 PM Rows per page 10 14 lt co to page f1 of 1 G3 D DI 211676 The newly created FlexUNI EVC service request is added with the state of REQUESTED as shown in the figure If however the FlexUNI service request creation failed for some reason for example a value chosen is out of bounds you are warned with an error message In such a case you should correct the error and save the service request again If you are ready to deploy the FlexUNI EVC service request see Deploying Service Requests page 11 1 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HI Saving the FlexUNI EVC Service Request Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 626 E OL 21636 01 CHAPTER Creating an L2VPN Policy This chapter covers the basic steps to create an L2VPN policy It contains the following sections e Defining an L2VPN Policy page 7 1 e Defining an Ethernet ERS EVPL Policy with a CE page 7 3 e Defining an Ethernet ERS EVPL Policy without a CE page 7 9 e Defining an Ethernet EWS EPL Policy with a CE page 7 15 e Defining an Ethernet EWS EPL Policy without a CE page 7 22 e Defining a Frame Relay Policy with a CE page 7 28 e Defining a Frame Relay Policy without a CE page 7 31 e Defining an ATM Policy wi
211. Reports W sL2 and VPLS Reports VPLS Attachment Circuit Report The VPLS Attachment circuit report displays details of attachment circuits for a given customer VPN Click the VPLS Attachment Circuit Report icon to bring up the window for this report See Figure 13 5 Figure 13 5 VPLS Attachment Circuit Report CH Title VPLS Attachment CircuitRepot Chart Type Tabular gt Fiters 0 output iets SR ID as SR Job ID Fo SR State re Customer Name fF Service Type fF O O o yO VLAN ID FO O o y O AccessDomain F Field VPLS Link ID 7 Ascending z 138552 Filter Values e SR ID Service request identification number e SR Job ID Service request job identification number e SR State Service request state Values can be BROKEN DEPLOYED FAILED_AUDIT FAILED_DEPLOY FUNCTIONAL INVALID LOST PENDING REQUESTED WAIT_DEPLOY e Customer Name Name of the customer VPN Name of the VPN Service Type Type of service Values can be VPLS_ERS VPLS_ERS_NO_CE VPLS_EWS Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 13 Generating L2 and VPLS Reports L2 and VPLS Reports W VPLS_EWS_NO_CE VLAN ID VLAN identification number AccessDomain Access domain name Output Values VPLS Link ID VPLS link identification number SR ID Service request identification number SR Job ID Service request job identification nu
212. S instance all N PE routers use the same VC ID for establishing emulated Virtual Circuits VCs The VC ID is also called the VPN ID in the context of the VPLS VPN Multiple attachment circuits must be joined by the provider core in a VPLS instance The provider core must simulate a virtual bridge that connects the multiple attachment circuits To simulate this virtual bridge all N PE routers participating in a VPLS instance form emulated VCs among them Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 VC ID is a 32 bit unique identifier that identifies a circuit port Before you begin be sure that you have the following information for each VC ID pool you must create e The VC Pool start number e The VC Pool size Perform the following steps for all L2VPN and VPLS services Choose Service Inventory Choose Inventory and Connection Manager Choose Resource Pools The Resource Pools window appears Choose VC ID from the drop down Pool Type list Because this pool is a global pool it is not associated with any other object Click Create The Create VC ID Pool window appears Enter a VC pool start number Enter a VC pool size number Click Save The updated VC ID Resource Pools window appears I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter2 Setting Up the ISC Services W Creating Named Physical Circuits Creating Named Physical Circuits
213. S reports 13 11 FlexUNI EVC ATM Ethernet interworking policies 5 1 FlexUNI EVC ATM Ethernet service requests 6 2 FlexUNI EVC Ethernet policies 3 1 FlexUNI EVC Ethernet service requests 4 2 L2 and VPLS reports 13 1 L2VPN policies 7 1 L2VPN service requests 8 2 NPC links through the autodiscovery process 2 10 NPCs 2 8 NPCs through an NPC GUI editor 2 8 pseudowire classes 2 11 pseudowire classes for IOS XR devices 2 10 ring only NPCs 2 9 target devices 2 1 VC ID pools 2 7 VLAN pools 2 5 VPLS policies 9 1 VPLS service requests 10 2 VPLS service requests with CE 10 2 VPLS service requests without CE 10 6 customers defining 2 4 setting up 1 2 ATM policies with CE 7 33 ATM policies without CE 7 36 customers 2 4 Ethernet EMS EP LAN policies with CE 9 32 9 37 Ethernet ERMS EVP LAN policies with CE 9 22 Ethernet ERMS EVP LAN policies without CE 9 27 Ethernet ERS EVPL policies with CE 7 3 Ethernet ERS EVPL policies without CE 7 9 Ethernet EWS EPL policy with CE 7 15 Ethernet EWS EPL policy without CE 7 22 FlexUNI EVC ATM Ethernet policies 5 2 FlexUNI EVC Ethernet policies 3 6 frame relay policies with CE 7 28 frame relay policies without CE 7 31 L2VPN group names for IOS XR devices group names defining for IOS XR devices 2 14 L2VPN policies 7 1 MPLS EMS EP LAN policies with CE 9 11 MPLS EMS EP LAN policies without CE 9 16 MPLS ERMS EVP LAN policies with CE 9 3 MPLS ERMS EVP LAN
214. Solution Center Infrastructure Reference 6 0 Template commands are treated independently from those associated with a service creation Consequently template commands must be removed separately from the device s during a service decommission To remove prior template commands a separate template is needed during a decommission process Decommissioning a service request does not automatically remove the original template commands A separate negate template needs to be added to the decommission process and the original templates must be removed The negate template must contain the necessary NO commands to successfully remove any unwanted IOS commands added by the original template The standard way to create a service request with a template added is as follows 1 Define the service policy 2 Build a template with a data file and also a negate template and data file 3 Create the service request with the template added The steps to do this are covered in relevant chapters of this guide 4 Deploy the service request to which the template was added To decommission a deployed service request including associated templates you must perform the following steps 1 Create a negate template with data file if one does not exist This is used to remove the commands imposed by the original template For an explanation of negate templates see Chapter 4 Using Templates in the Cisco IP Solution Center API Programmer Guide 6 0
215. T 9 xconnect 1 1 1 1 6 pw class ISC pw tunnel 400 no shutdown Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I oL 21636 01 g aay AppendixA Sample Configlets WE FiexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with local core connectivity with a point to point circuit The circuit terminates on different ATM interfaces on the same local N PE e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 1 ATM4 1 0 ATM1 0 1 99 ATM4 1 0 98 Contighets N PE 1 ATM N A l interface ATM1 0 1 no shutdown interface ATM4 1 0 no shutdown interface ATM1 0 1 99 point to point pvc 99 99 12transport encapsulation aal0 l interface ATM4 1 0 98 point to point pvc 98 98 12transport encapsulation aal0 l connect ATM to ATM ATM1 0 1 99 99 ATM4 1 0 98 98 Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit Configuration Configlets Comments e
216. THOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Cisco and the Cisco Logo are trademarks of Cisco Systems Inc and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R Any Internet Protocol IP addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers Any examples command display output network topology diagrams and other figures included in the document are shown for illustrative purposes only Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Copyright 2010 Cisco Systems Inc All rights reserved CONTENTS About This Guide xi cuapTeER 1 Getting Started 1 1 Overview
217. The name has to be unique Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Enter a Link Media type optional of None auto select rj45 or sfp Usage notes e The default is None e When this attribute is used a new CLI will be generated in the UNI interface to define the media type e The Link Media attribute is supported only for ME3400 platforms Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 718 ff OL 21636 01 _ Chapter 7 Creating an L2VPN Policy Step 20 Step 21 Step 22 Step 23 Step 24 Defining an Ethernet EWS EPL Policy witha CE W Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deploy
218. This attribute is only applicable for IOS XR devices If the check box is checked an additional attribute PseudoWireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter7 Creating an L2VPN Policy HZ Defining an Ethernet ERS EVPL Policy without a CE Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19 Step 20 Step 21 Step 22 Choose an L2VPN Group Name from the drop down list The choices are e ISC e VPNSC This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 Enter an E Line Name to specify the point to point p2p E line name This attribute is only applicable for IOS XR devices If no value is specified for the p2p name ISC generates a default name consisting of the names of the two PEs forming the pseudowire se
219. This check box is checked by default If the check box is not checked the pseudowire will be provisioned on the subinterface of the PFC card if it is available This option is only available for C76xx devices Note Step 26 Step 27 amp The N PE Pseudo wire On SVI attribute will be unavailable within service requests based on this policy for devices running IOS XR Specify the type of VLAN Translation for this policy by clicking the appropriate radio button The choices are e No No VLAN translation is performed This is the default e 1 1 1 1 VLAN translation e 2 1 2 1 VLAN translation amp Note For detailed coverage of setting up VLAN translation see Appendix C Setting Up VLAN Translation Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service
220. UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Figure 5 7 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 Vv Broadcast Traffic 0 0 100 0 Vv Multicast Traffic 0 0 100 0 Vv 211669 Step12 Check the Protocol Tunnelling check box see Figure 5 8 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 5 8 Protocol Tunnelling Protocol Tunnelling Iv Iv Enable cdp IV v cdp shutdown threshold 0 4096 Iv cdp drop threshold 0 4096 v Enable vtp Iv Iv vtp shutdown threshold 0 4096 v vip drop threshold 0 4096 v Enable stp Iv Iv stp shutdown threshold 0 4096 Iv stp drop threshold o 4096 4 M o Recovery Interval in seconds 30 86400 Iv 5 For each protocol that you choose enter the shutdown threshold and drop threshold for that protocol a Enable cdp Enable Layer 2 tunnelling on Cisco Discover Protocol CDP Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 515
221. Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Choose a UNI Port Type Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 712 E OL 21636 01 _ Chapter 7 Creating an L2VPN Policy Step 23 Step 24 Defining an Ethernet ERS EVPL Policy withoutaCE W The choices are e Access Port e Trunk with Native VLAN amp Note Enter a UNI Port Type only if the encapsulation type is DEFAULT Check the UNI Port Security check box see Figure 7 8 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violati
222. VC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI e For additional information on the N PE Pseudo wire on SVI attribute see the corresponding coverage in the FlexUNI EVC policy chapter in the section Setting the Interface Attributes page 3 16 e The N PE Pseudo wire on SVI attribute is not supported for IOS XR devices All the xconnect commands are configured on L2 subinterfaces service instance Check the Use Existing PW Class check box to enable the selection of a pseudowire class This attribute is unchecked by default Usage notes e If Use Existing PW Class is checked an additional attribute Existing PW Class Name appears in the GUI Enter the name of a pseudowire class which already exists in the device e If Use Existing PW Class is checked the PW Tunnel Selection and Interface Tunnel attributes will disappear from the window This is to prevent ISC from generating the pseudowire class e The Use PseudoWireClass attribute is only available if the MPLS core connectivity type was set as PSEUDOWIRE in the Service Options window see Pseudowire Core Connectivity page 6 3 e Use PseudoWireClass is only applicable for IOS XR devices Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs Usage notes e Checking the PW Tunnel Selection check box activates the Interface Tunnel attribute field
223. VC service requests 4 21 L2VPN service requests 8 20 pseudowire classes for IOS XR devices 2 10 pseudowire class objects 2 12 VPLS service requests 10 10 monitoring service requests 11 1 11 10 multipoint ERS EVP LAN for an Ethernet based provider core E 13 ERS EVP LAN for an MPLS based provider core E 11 EWS EP LAN for an Ethernet based provider core E 13 EWS EP LAN for an MPLS based provider core E 11 N Named Physical Circuits see NPCs 2 8 negate templates using to decommission template configurations B 13 NPCs creating 2 8 creating NPC links through autodiscovery 2 10 creating ring only NPCs 2 9 creating through an NPC GUI editor 2 8 setting up 1 3 N PEs assigning roles for 2 1 setting loopback address on 2 2 setting up a loopback address for 1 3 setting up links to N PEs in FlexUNI EVC ATM Ethernet service requests 6 8 terminating an access ring on two N PEs D 1 D 3 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 using N PE redundancy in FlexUNI EVC service requests D 3 O objective iii xi organization iii xi overview of FlexUNI EVC ATM Ethernet policies 5 1 of FlexUNI EVC ATM Ethernet service requests 6 1 of FlexUNI EVC support in ISC 3 1 P PE AGGS selectively determining templates for B 9 platform support for FlexUNI EVC 3 3 point to point Ethernet EWS and ERS EPL and EVPL E 5 policies associating templates and data files t
224. VPN Group Names for IOS XR Devices 2 14 CHAPTER 3 Creating a FlexUNI EVC Ethernet Policy 3 1 Overview of FlexUNI EVC Support in ISC 3 1 FlexUNI EVC Features 3 2 Platform Support for FlexUNI EVC in ISC 6 0 3 3 IOS Platform Support 3 3 IOS XR Platform Support 3 4 Device Roles with FlexUNI EVC 3 5 Topology Overview for FlexUNI EVC 3 5 CE Directly Connected and FlexUNI 3 5 CE Directly Connected and No FlexUNI 3 5 CE Not Directly Connected and FlexUNI 3 5 CE Not Directly Connected and No FlexUNI 3 6 A Note on Checking of Configurations 3 6 Defining the FlexUNI EVC Ethernet Policy 3 6 Setting the Service Options 3 8 Setting the FlexUNI Attributes 3 10 Setting the Service Attributes 3 11 Setting the VLAN Matching Criteria Attributes 3 13 Setting the VLAN Rewrite Criteria Attributes 3 14 Setting the Interface Attributes 3 16 Enabling Template Association 3 23 CHAPTER 4 Managing a FlexUNI EVC Ethernet Service Request 4 1 Introducing FlexUNI EVC Service Requests 4 1 Creating a FlexUNI EVC Service Request 4 2 Setting the Service Request Details 4 2 Pseudowire Core Connectivity 4 3 VPLS Core Connectivity 4 5 Local Core Connectivity 4 7 Setting up Links tothe N PE 4 9 Setting Direct Connect Links 4 10 Setting Links with L2 Access Nodes 4 20 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 CHAPTER 5 CHAPTER 6 CHAPTER 7 Modifying the FlexUNI EVC Service Request 4 21 Using Templat
225. VPN Policy Step 2 Step 3 Step 4 Step 5 amp Defining an ATM Policy withoutaCE W Choose the Transport Mode from the drop down list The choices are e VP Virtual path mode This is the default e VC Virtual circuit mode e PORT Port mode Only supported for the IOS XR 3 7 platform amp Note If you choose PORT as the transport mode the attributes ATM VCD Sub interface and ATM VPI will be disabled in the Link Attributes window of the service request based on this policy Choose the N PE U PE Interface Type from the drop down list The choices are e ANY e ATM e Switch Enter an Interface Format as the slot number port number for the PE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a PE Encapsulation The choices are e AALS e AALO Note Step 6 Step 7 Step 8 If the Interface Type is ANY ISC will not ask for an Encapsulation type in the policy Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Use PseudoWireClass check box to enable the selection of a pseudowir
226. VPN and Carrier Ethernet User Guide 6 0 Ba E OL 21636 01 Appendix B Working with Templates and Data Files Using Templates with ISC Policies W request creation templates are only available if the device type matches the role type specified for the template within the policy or role type along with or without the presence of UNI interface in the policy Associating Templates and Data Files to a Policy This section describes how to associate templates and data files to an ISC policy These features also apply in the case of editing a policy After the policy attributes are set for a policy the Template Association window appears in the workflow as shown in Figure B 1 Figure B 1 Template Association Window Template Association Attribute Value Template Enable i Step 5 of 5 so 211678 This window is where you associate the templates data files as a final step before clicking the Finish button and saving the policy settings Perform the following steps to associate template s data file s with the policy Step 1 Check the Template Enable check box to enable template use in service requests based on this policy This check box is unchecked by default The GUI updates with fields allowing you to associate templates data files to the policy as shown in Figure B 2 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 a Bs Appendix B Working with Templates and D
227. WireClass L2VPN Group Name E Line Name Link Media 2 Link Speed Link Duplex Use Existing ACL Name Port Based ACL Name UNI MAC Addresses UNI Port Security N PE Pseudo wire On SVI 9 VLAN Translation PW Tunnel Selection Note Required Field Step20f3 ANY X Vv r Vv Vv E Vv B ISC X None X 100 E Full z r abcd 5566 7788 permit E Vv No f 14 24 r Ethernet ERS EVPL with CE Policy Attributes Value Editable xI Edit lt I lt I xI q lt I 204853 m oS m a oe Step2 Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Note The Standard UNI Port attribute will be unavailable within service requests based on this policy if the UNI is on an N PE device running IOS XR Step3 Choose an Interface Type from the drop down list You can choose a particular interface on a U PE or N PE interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection E Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 7
228. ace Type from the drop down list 211697 You can choose a particular interface on a N PE U PE or PE AGG interface based on the service provider s POP design The interfaces are ANY Any interface can be chosen Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection Ethernet FastEthernet GE WAN GigabitEthernet TenGigabitEthernet TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interface types Step3 Check the Standard UNI Port check box to enable port security E Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 9 Creating a VPLS Policy Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Defining an MPLS ERMS EVP LAN Policy withoutaCE W This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that
229. address on the N PE device s For details about this procedure see Setting the Loopback Addresses on N PE Devices page 2 2 Setting Up ISC Resources for L2VPN and VPLS Services Some ISC resources such as access domains VLAN pools and VC pools are set up to support ISC L2VPN and VPLS services only Perform the following steps to set up these resources Setting Up NPCs Setting Up VPNs 1 Create access domain s For L2VPN and VPLS you create an access domain if you provision an Ethernet based service and want ISC to automatically assign a VLAN for the link from the VLAN pool For each Layer 2 access domain you need a corresponding access domain object in ISC During creation you select all the N PE devices that are associated with this domain Later one VLAN pool can be created for an access domain For detailed steps to create access domains see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Creating Access Domains page 2 4 Create VLAN pool s A VLAN pool is created for each access domain For L2VPN and VPLS you create a VLAN pool so that ISC can assign a VLAN to the links VLAN ID pools are defined with a starting value and a size For detailed steps to create VLAN pools see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Creating VLAN Pools page 2 5 Create VC pool s VC ID pools are defined with a starting value and a size of the VC ID pool A given VC ID pool is not attached to
230. ain 200 split horizon no cdp enable no keepalive interface GigabitEtherne2 0 10 no ip address no shut switchport trunk allowed vlan 500 772 service instance 15 ethernet spanning tree bpdufilter enable encapsulation dotlq 24 mac access group ISC FastEthernet3 23 in rewrite ingress tag pop 1 symmetric bridge domain 200 split horizon mac access list extended Isc FastEthernet1 14 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any Comments e UNI on U PE e The rewrite operation maps translates the incoming two tags into two different tags e The service instances here are connected through bridge domain Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI Configuration e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with pseudowire core connectivity with bridge domain and with Pseudowire on SVI enabled on the N PE e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet7 0 0 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FastEthernet1 0 10 Configlets U PE N PE vlan 452 vlan 3524 exit exit interface FastEthernet1 0 10 no ip address
231. alue is set to editable the service request creator can change the value s of the particular policy attribute If the value is not set to editable the service request creator cannot change the attribute You can also associate Cisco IP Solution Center ISC templates and data files with a service request See Appendix B Working with Templates and Data Files for more about using templates and data files in service requests To define a FlexUNI EVC Ethernet policy you start by setting the service type attributes To do this perform the following steps Choose Service Design gt Policies The Policies window appears Click Create Choose FlexUNI EVC Policy The EVC Policy Editor Service Type window appears as shown in Figure 3 1 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 EN OL 21636 01 Chapter3 Creating a FlexUNI EVC Ethernet Policy Step 4 Step 5 Step 6 Step 7 Defining the FlexUNI EVC Ethernet Policy Hi Figure 3 1 EVC Policy Editor Service Type EVC Policy Editor Service Type Attribute Value Policy Name Customer Policy Owner C Provider Global Policy Customer Select ETHERNET Policy Type s C ATM Ethernet Interworking Note Required Field Siep tof S 204836 Enter a Policy Name for the FlexUNI EVC policy Choose the Policy Owner for the FlexUNI EVC policy There are three types of FlexUNI EVC policy ownership e Customer
232. amp PU Purge modified or decommissioned x Table 11 1 Summary of Cisco IP Solution Center Service Request States describes the functions of each ISC service request state They are listed in alphabetic order Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 EE OL 21636 01 Deploying Monitoring and Auditing Service Requests Table 11 1 Service Request Type Deploying Service Requests Summary of Cisco IP Solution Center Service Request States Description Broken valid only for MPLS services The router is correctly configured but the service is unavailable due to a broken cable or Layer 2 problem for example An MPLS service request moves to Broken if the auditor finds the routing and forwarding tables for this service but they do not match the service intent Closed A service request moves to Closed if the service request should no longer be used during the provisioning or auditing process A service request moves to the Closed state only upon successful audit of a decommission service request ISC does not remove a service request from the database to allow for extended auditing Only a specific administrator purge action results in service requests being removed Deployed A service request moves to Deployed if the intention of the service request is found in the router configuration file Deployed indicates that the configuration file has been downloaded to the rou
233. an be mapped to different flows to achieve service multiplexing The translation is based on the combination of the CE VLAN inner tag and the PE VLAN outer tag Without this translation all the traffic from a Q in Q port can only go to one place because it is switched only by the outer tag Setting Up VLAN Translation The following sections described how to create and manage policies and service requests to support VLAN translation e Creating a Policy page C 2 e Creating a Service Request page C 3 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix Setting Up VLAN Translation HZ Setting Up VLAN Translation e Modifying a Service Request page C 5 e Deleting a Service Request page C 5 Creating a Policy VLAN translation is specified during policy creation for L2VPN for ERS EVPL with and without a CE The L2 VPN Point to Point Editor window contains a new option called VLAN Translation See Figure C 1 Figure C 1 VLAN Translation Option in the L2VPN Point to Point Editor Window VLAN Translation Oi wm a IV There are three options for VLAN translation e No tThis is the default choice No VLAN translation is performed s Note If you choose No and you do not want to deal with any behavior related to VLAN translation during service request creation then uncheck the Editable check box This is the recommendation when you choose no VLAN translation
234. and VPLS Reports page 13 11 The ISC reporting GUI is used across multiple ISC modules including L2 and VPLS For a general coverage of using the reports GUI running reports using the output from reports and creating customized reports see Monitoring chapter in the Cisco IP Solution Center Infrastructure Reference 6 0 The rest of this chapter provides information about the L2 and VPLS reports available in ISC L2 and VPLS Reports Perform the following steps to access the L2 and VPLS reports To access the reports framework in the ISC GUI choose Monitoring gt Reports The Reports window appears See Figure 13 1 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 13 Generating L2 and VPLS Reports W sL2 and VPLS Reports Figure 13 1 Reports Window You Are Here Monitoring Reports Reports BE inventory L2 ams 138548 Step2 Click the L2 folder to display the available L2 and VPLS reports Step3 Click the icon of a report to bring up the window associated with that report Details on each of the reports are provided in L2 and VPLS Reports page 13 2 L2 and VPLS Reports This section provides details on the following L2 and VPLS reports e L2 End to End Wire Report page 13 3 e L2 PE Service Report page 13 6 e L2 VPN Report page 13 7 e VPLS Attachment Circuit Report page 13 8 e VPLS PE Service Report page 13 10 e VPLS VPN Report page 13
235. and non editable Step5 Click Next The EVC Policy Editor FlexUNI Attribute window appears as shown in Figure 3 3 Step6 Continue with the steps contained in the next section Setting the FlexUNI Attributes page 3 10 Setting the FlexUNI Attributes This section describes how to set the FlexUNI attributes for the FlexUNI EVC Ethernet policy as shown in Figure 3 3 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 EuN OL 21636 01 Chapter3 Creating a FlexUNI EVC Ethernet Policy Setting the FlexUNI Attributes W Figure 3 3 EVC Policy Editor FlexUNI Attribute Window EVC Policy Editor FlexUNI Attributes Attribute Value Editable Service Attribute AutoPick Service Instance ID E Iv AutoPick Service Instance Name E Iv Enable Pseudowire Redundancy E Iv AutoPick VC ID Iv AutoPick Bridge Domain VLAN ID E Iv AutoPick Bridge Group Name gl Iv AutoPick Bridge Domain Name f Iv Match Criteria Both Tags B IV Rewrite Criteria Pop Outer E Iv Push Outer gl Iv Translate Outer r Iv Pop Inner B Iv Push Inner gl Vv Translate Inner m Iv Note Required Field Step 3 of 5 7 204837 FlexUNI attributes are organized under the following categories e Service Attributes e VLAN Match Criteria e VLAN Rewrite Criteria The following sections describe how to set the options under each category Setting the Service Attributes To set the FlexUNI service attributes perform the follow
236. ant and not required When a VLAN ID is manually allocated ISC verifies the VLAN ID to see if it lies within ISC s VLAN ID pool If the VLAN ID is in the pool but not allocated the VLAN ID is allocated to the service request If the VLAN ID is in the pool and is already in use ISC prompts you to allocate a different VLAN ID If the VLAN ID lies outside of the ISC VLAN ID pool ISC does not perform any verification about whether the VLAN ID allocated The operator must ensure the VLAN ID is available Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a12 i OL 21636 01 _ Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Step 14 Step 15 Step 16 Setting the Service Request Details W Check the Match Inner and Outer Tags check box to enable service requests created with the policy to match both the inner and outer VLAN tags of the incoming frames If you do not check this check box service requests created with the policy will match only the outer VLAN tag of the incoming frames Checking the Match Inner and Outer Tags attribute causes the Inner VLAN ID and Outer VLAN ID fields covered in the next steps to appear If the Match Inner and Outer Tags check box is checked enter the inner and outer VLAN tags in the Inner VLAN ID and Outer VLAN ID fields Usage notes e You can specify single values single ranges multiples values multiple ranges or combinations of these Examples
237. any inventory object a provider or customer Create one VC ID pool per network For detailed steps to create VC pools see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Creating a VC ID Pool page 2 7 Before creating an L2VPN or VPLS service request you must predefine the physical links between CEs and PEs or between U PEs and N PEs The Named Physical Circuit NPC represents a link going through a group of physical ports Thus more than one logical link can be provisioned on the same NPC Therefore the NPC is defined once but used by several L2VPN or VPLS service requests For detailed steps to create NPCs see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Creating Named Physical Circuits page 2 8 You must define VPNs before provisioning L2VPN or VPLS services In L2VPN one VPN can be shared by different service types In VPLS one VPN is required for each VPLS instance To define VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Defining VPNs page 2 4 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter1 Getting Started W Working with L2VPN and VPLS Policies and Service Requests Working with L2VPN and VPLS Policies and Service Requests After you have set up providers customers devices and resources in ISC you are ready to create L2VPN or VPLS policies provision service requests SRs and deploy the ser
238. apter9 Creating a VPLS Policy HI Defining an MPLS EMS EP LAN Policy without a CE Figure 9 16 MPLS EMS EP LAN without a CE Policy Attributes VPLS Policy Editor Attribute Value Editable H PEJU PE Information Interface Type ANY he Standard UNI Port Vv Vv Interface Format f UNI Shutdown r Vv Keep Alive E Vv Interface Type for UNI Display ANY Vv UNI Vv UNI MAC Addresses Vv Link Speed None Iv Link Duplex None z Vv VLAN and Other Information PE UN Interface Description i o yO Vv VLAN ID AutoPick Vv Vv VLAN Name Loo y System MTU in bytes as 1500 9216 M Use Existing ACL Hame B Port Based ACL Name Vv Disable CDP Vv Vv UNI Port Security r Vv Protocol Tunnelling a Vv Note Required Field Step 2 of 3 o m es es 211699 Step2 Choose an Interface Type from the drop down list You can choose a particular interface on a N PE U PE or PE AGG interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interfac
239. arious topologies supported with FlexUNI EVC As mentioned in the note at the end of section Device Roles with FlexUNI EVC page 3 5 ISC does not support customer edge devices CEs with FlexUNI EVC References to the term CE in the following topology variations such as CE directly connected and so on is only to indicate how the customer or third party devices connect to the N PE For all the cases involving FlexUNI EVC the CE is not supported in ISC Also any provider device that is not supported by ISC and which is used in the access circuit marks the boundary for the scope of ISC beyond which no devices that is towards the CE and including the unsupported node is managed by ISC CE Directly Connected and FlexUNI With this combination the UNI is the interface on a supported line card with EVC capability configured ISC does not configure ISC s standard UNI functionality for example port security storm control and Layer 2 Protocol Tunneling This is because of lack of command support on the FlexUNI EVC capable hardware Operators can use templates to configure relevant platform supported parameters to realize any of these features not provided by ISC ISC configures only the service instance with VLAN manipulations and pseudowire VPLS or local connect on the UNI NPCs are not needed while creating such links because NPCs are only required when there are access nodes between the N PE and CE Other intermediate Ethernet ac
240. associate with the policy Note If the device role is specified as U PE or PE AGG templates can be selectively added based on whether the device has a UNI interface For details on this feature see Selectively Determining Templates for U PE and PE AGG Device Roles page B 9 The actual steps for adding templates data files are the same as in the following steps The Template Datafile Chooser window appears as shown in Figure B 4 Figure B 4 Template Datafile Chooser Window Template DataFile Chooser oA Certificate Folder DI4 Channelization Examples Show Templates Name X matching Show F F Firewall lPsec 5 Showing 0 0 of 0 records Gps HD aos E Description AG intertaces No records avc E 14 q Goto page 1 of 1 Pages DDI 211681 This is a standard Template Manager window used to navigate to and choose templates and optionally data files in ISC Note Step 6 The following steps involving the Template Datafile Chooser window assume a familiarity with the functionality of the window For additional information about Template Manager and how templates and data files are created and managed in ISC see the Cisco IP Solution Center Infrastructure Reference 6 0 The steps shown here are for example purposes You must modify the steps as required for your environment For example you might want to choose only a template file or both a template file and a data file
241. ata Files HI Using Templates with ISC Policies Figure B 2 Template Association Window with Template Enable Checked Template Association Attribute Value Template Enable IV Associate Template Datafile s in Role Type Template Data File Editable Step 5 of 5 g z 3 B 211679 Step2 Click the Add button to add a row in which to specify associated templates data files A new row appears in the GUI providing fields to set the role type specify templates data files and specify if the template data file is editable within service requests based on the policy Step3 In the Role Type column choose a device role from the drop down list The role selections might include e N PE e PE AGG e U PE e CE MULTI_VRF e CE MANAGED e MVRF amp Note The available device roles in the drop down list are determined by the policy type Step4 To add a template data file click the Add link in the Template Data File column The Add Remove Templates window appears as shown in Figure B 3 Figure B 3 Add Remove Template Pop Up Showing 0 of 0 records a Template Data File Action Active aa Rows per page jio I lt q Goto page fi of 1 G3 DDI 211680 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Appendix B Working with Templates and Data Files Step 5 Using Templates with ISC Policies W Click the Add button to select a template data file to
242. ates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Step 24 Click Finish amp Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining an Ethernet EMS EP LAN Policy without a CE This section describes defining a VPLS policy with an Ethernet core type and an EMS EP LAN service type without a CE present Figure 9 33 is an example of the first page of this policy OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter9 Creating a VPLS Policy HZ Defining an Ethernet EMS EP LAN Policy without a CE Figure 9 33 Ethernet EMS EP LAN Policy without a CE VPLS Policy Editor Attribute Value Policy Name VplsEtherEmsNoCe Customer Policy Owner Provider Global Policy S O MPLs Core Type Ethernet O Ethernet Relay Multipoint Service ERMS
243. ation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d In the Secure MAC Addresses field enter one or more Ethernet MAC addresses Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E OL 21636 01 Chapter3 Creating a FlexUNI EVC Ethernet Policy Setting the Interface Attributes W Figure 3 5 UNI Port Security UNI Port Security Iv Iv Maximum MAC Address 1 8448 Iv Aging in minutes 0 1440 IV Violation Action PROTECT Vv S Secure MAC Addresses Edit Iv N Step 11 Check the Enable Storm Control check box see Figure 3 6 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incomin
244. attribute is only applicable for IOS XR devices If the check box is checked an additional attribute PseudoWireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices Choose an L2VPN Group Name from the drop down list The choices are e ISC e VPNSC This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 Enter an E Line Name to specify the point to point p2p E line name This attribute is only applicable for IOS XR devices If no value is specified for the p2p name ISC generates a default name consisting of the names of the two PEs forming the pseudowire separated by hyphens for example 6503 A 6503 B If the default name is more than 32 characters the device names are truncated Enter a Link Media type optional of None auto select rj45 or sfp Usage notes e The default is None e When this attribute is used a new CLI will be generate
245. ay implement only a subset of this very scalable architecture Figure E 1 IP NGN Carrier Ethernet Design Carrier Ethernet Intelligent IP MPLS Subscriber Edge o Access Aggregation Services Edge Core S es E a BS BNG Aggregation ED Core ANY Mobile WiM DSL PON L amp MSPP xe 7 Cable E Sy IPODWDM C 204778 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E AppendixE ISC Layer 2 VPN Concepts W Layer 2 Terminology Conventions ISC Terminology and Supported Network Types This section discusses the ISC terminology for Layer 2 services and supported network types ISC can provision the following service types e E Line EPL EWS and EVPL ERS e E LAN EP LAN and EVP LAN ERMS e FRoMPLS e ATMoMPLS ISC also supports provisioning Ethernet services on a network that consists only of Ethernet switches no MPLS and this is referred to in ISC terminology as VPLS with L2 core amp Note For E Line and E LAN services we recommend using the FlexUNI EVC service policy type see the appropriate chapters in this guide for how to create FlexUNI EVC policies and service requests You might have existing services that have been provisioned using the L2VPN and VPLS service policy types These are still supported and can be maintained with those service types but new services should use the FlexUNI EVC servi
246. ble DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 e The L2VPN Group Name attribute is not available if the MPLS core connectivity type was set as VPLS in the Service Options window see Setting the Service Options page 3 8 e L2VPN Group Name is only applicable for IOS XR devices e The L2VPN Group Name attribute only appears if Configure Bridge Domain was not enabled in the EVC Service Request Editor window earlier in the service request workflow Enter an E Line Name to specify the point to point p2p E line name OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter4 Managing a FlexUNI EVC Ethernet Service Request HZ Setting the Service Request Details Step 39 Step 40 Step 41 Step 42 Step 43 Usage notes e If no value is specified for the E Line Name ISC autogenerates a default name as follows For PSEUDOWIRE core connectivity type the format is DeviceName VC_ID For LOCAL core connectivity type the format is DeviceName VLAN_ID If the default name is more than 32 characters the device names are truncated e The E Line Name attribute is not available if the MPLS core connectivity type was set as VPLS in the Service Options window see Setting the Service Options page 3 8 e E Line Name is only applicable for IOS XR devices
247. box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish OL 21636 01 Cisco IP Solution
248. can enter a description To set up direct connect links see the section Setting Direct Connect Links page 4 10 To set up links with L2 access nodes see the section Setting Links with L2 Access Nodes page 4 20 VPLS Core Connectivity If the MPLS Core Connectivity Type for the FlexUNI EVC Ethernet policy is VPLS the EVC Service Request Editor window shown Figure 4 2 appears I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter4 Managing a FlexUNI EVC Ethernet Service Request HI Setting the Service Request Details Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Figure 4 2 EVC Service Request Details Window for VPLS Core Connectivity FlexUNI EVC Service Request Editor 204859 Perform the following steps to set the attributes in the first section of the Service Request Details window The Job ID and SR ID fields are read only When the service request is being created for the first time the fields display a value of NEW When an existing service request is being modified the values of the fields indicate the respective IDs that the ISC database holds within the editing flow of the service request The Policy field is read only It displays the name of the policy on which the service request is based Click Select VPN to choose a VPN for use with this service request The Select VPN window appears with the VPNs defined in the system amp Note The
249. capsulation mpls neighbor lt PE2 gt encapsulation mpls neighbor lt PE3 gt encapsulation mpls interface vlan lt S Vlan gt xconnect vfi lt VFI ID gt l interface lt NNI to R4 gt switchport trunk allowed vlan add lt S Vlan gt Additional Network Configurations and Sample Configlets I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix D Terminating an Access Ring on Two N PEs HZ Additional Network Configurations and Sample Configlets Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 APPENDIX E ISC Layer 2 VPN Concepts This appendix provides an overview of ISC Layer 2 VPN concepts It contains the following sections e Layer 2 Terminology Conventions page E 1 e L2VPN Service Provisioning page E 5 e VPLS Service Provisioning page E 10 Layer 2 Terminology Conventions Layer 2 service provisioning for the IP Solution Center ISC consists of the Layer 2 Virtual Private Network L2VPN Service and the Virtual Private LAN Service VPLS The purpose of this section is to clarify the terminologies used in ISC as well in the industry at large for these services There are three sets of terminologies in use e The current Metro Ethernet Forum MEF terminology e The former MEF terminology e ISC terminology which is close to the former MEF terminology MEF Terminology Conventions In general for L2VPN services the MEF sup
250. cast Traffic 0 0 100 0 v Multicast Traffic 0 0 100 0 G Iv 138440 Step23 Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Step 24 Click Finish Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining an MPLS ERMS EVP LAN Policy without a CE This section describes defining a VPLS policy with an MPLS core type and an ERMS EVP LAN service type without a CE present Figure 9 6 is an example of the first page of this policy Figure 9 6 MPLS ERMS EVP LAN Policy without a CE VPLS Policy Editor Attribute Va
251. ccess nodes see the section Setting Links with L2 Access Nodes page 4 20 Setting up Links to the N PE The lower two sections of the EVC Service Request Editor window allow you to set up links to the N PE For direct connect links the CE is directly connected to the N PE with no intermediate L2 access nodes For links with L2 access nodes there are intermediate devices present between the CE and NPE requiring NPCs to be created in ISC The Direct Connect Link section of the window is where you set up links that directly connect to the N PE No NPC are involved The Links with L2 Access Nodes section is where you set up links with L2 Ethernet access nodes NPCs are involved I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter4 Managing a FlexUNI EVC Ethernet Service Request HZ Setting the Service Request Details AS See the appropriate section depending on which type of link you are setting up e Setting Direct Connect Links page 4 10 e Setting Links with L2 Access Nodes page 4 20 Note Many of steps for setting up the two link types are the same The basic workflow for setting up links as well as the attributes to be set are presented in the section Setting Direct Connect Links page 4 10 Even if you are setting up links with L2 access nodes it will be helpful to refer to the information presented in that section as the section on L2 access nodes only covers the unique s
252. ce Options window see Setting the Service Options page 3 8 For completeness all attributes available for the different core types are documented in the following steps Attributes apply to all core types unless otherwise noted Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Em OL 21636 01 _ Chapter 3 Creating a FlexUNI EVC Ethernet Policy Setting the Interface Attributes W Figure 3 4 EVC Policy Editor Interface Attributes Window EVC Policy Editor Interface Attributes Attribute Value Editable N PE U PE Information Encapsulation DOTIQTRUNK v Vv Standard UNI Port Iv Iv UNI Shutdown E Vv Keep Alive B IV Speed and Duplex Information Link Speed None E 2 Link Duplex None al d Use Existing ACL Name r Port Based ACL Name _ r r xI UNI MAC Addresses xI Filter BPDU M UNI Port Security IV Protocol Tunnelling Iv N PE Pseudo wire On svi Vv VLAN Translation f No C 11 C 24 Iv MTU size 1500 9216 fn Vv PW Tunnel Selection 2 E Iv Use PseudoWireClass E Vv L2VPN Group Name Isc A E Line Name Note Required Field Step 4 of S m Em 204838 To set the FlexUNI EVC interface attributes perform the following steps Step1 Choose an Encapsulation type The choices are e DOTIQTRUNK Configures the UNI as a trunk with 802 1q encapsulation If the UNI belongs to a directly connected and FlexUNI link this setting signifies that the incomin
253. ce Request with a CE This section includes detailed steps for creating an L2VPN service request with a CE present for EWS EPL If you are creating an L2VPN service request for an ERS EVPL ATM or Frame Relay policy go to Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request with a CE page 8 2 Perform the following steps Step 1 Create the L2VPN service request for EWS EPL with CE The L2VPN Service Request Editor window appears See Figure 8 9 Figure 8 9 EWS EPL Service Request Editor L2VPN Point To Point Service Request Editor EndToEndWire Editor SRID New Job ID New Policy Hame L2vpnEwsCe Core Type MPLS VPH Select VPH Description z Showing 0 of 0 records I ID Description Attachment Circuit AC1 AC1 Attributes Circuitt ID Attachment Circuit2 4C2 AC2 Attributes Circuit2 ID Rows per page 10 v I lt q Goto page 1 of 0 Ga DDI Add Link Delete Link Save Cancel 138371 Note Required Field Step2 Click Select VPN to choose a VPN for use with this CE The Select VPN window appears with the VPNs defined in the system Step3 Choose a VPN Name in the Select column Step4 Click Select The L2VPN Service Request Editor window appears with the VPN name displayed Step5 Click Add Link See Figure 8 10 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 8 8 OL 21636 01 Chapter8 Managing an L2VPN Service Request
254. ce policy type For ATM and FRoMPLS services use the L2VPN service policy as before In the ISC GUI and throughout this user guide the naming conventions for these Ethernet services appear These align closely with the earlier MEF conventions This is expected to be updated in future releases of ISC The equivalent terms used by the MEF forum are summarized in Table E 3 for reference Table E 3 Ethernet Service Term Mappings Term Used in ISC 5 2 GUI and This User Guide Current MEF Equivalent Term L2VPN over MPLS Core Ethernet Wire Service EWS Ethernet Private Line EPL Ethernet Relay Service ERS Ethernet Virtual Private Line EVPL ATM over MPLS ATMoMPLS Frame Relay over MPLS FRoMPLS VPLS Over MPLS Core Ethernet Wire Service EWS or Ethernet Private LAN EP LAN Ethernet Multipoint Service EMS Ethernet Relay Service ERS or Ethernet Virtual Private LAN EVP LAN Ethernet Relay Multipoint Service ERMS VPLS over Ethernet Core Ethernet Wire Service EWS Ethernet Private LAN EP LAN Ethernet Relay Service ERS Ethernet Virtual Private LAN EVP LAN Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Ea OL 21636 01 Appendix E ISC Layer 2 VPN Concepts L2VPN Service Provisioning W L2VPN Service Provisioning This section provides and overview of ISC provisioning for L2VPN services that provide Layer 2 point to point connectivity ove
255. cess nodes are not involved in this topology CE Directly Connected and No FlexUNI This is similar to the UNI on N PE case in ISC The FlexUNI EVC service request can be used to create such links with older Cisco 7600 platforms that is N PE interfaces without FlexUNI EVC capability but with plans of adding one or more future links with EVC support If not one could use the existing ERS EWS ERMS EMS functionality in ISC NPCs are not needed while creating such links because NPCs are only required when there are access nodes between the N PE and CE Other intermediate Ethernet access nodes are not involved in this topology CE Not Directly Connected and FlexUNI This topology involves the following configurations e UNI ona U PE or PE AGG to which the CE is connected I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter3 Creating a FlexUNI EVC Ethernet Policy HZ Defining the FlexUNI EVC Ethernet Policy e Ethernet U PE and or PE AGGs e N PE with FlexUNI capable interface on the CE facing side All service specific parameters such as port security L2 Protocol Tunneling storm control and so on are applicable to the UNI Standard UNI in such links The U PE and or PE AGG configurations will also have no change in CLIs However the EVC commands are applicable only on the N PE on the CE facing interface NPCs are used while creating such links CE Not Directly Connected and No Fl
256. check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable in order to support modification on a per service request basis Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto Check the Use Existing ACL Name check box if you want to assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Check the UNI Port Security check box see Figure 5 6 if you to want to
257. chment Circuit Selected L2VPN Point To Point Service Request Editor EndToEndWire Editor SR ID New Job ID New Policy Hame L2vpnEwsNoCe Core Type MPLS PH 2vpn_ews_ypn Select VPN Description p Showing 1 1 of 1 records 7 Description Attachment Circuit 4C1 AC1 Attributes Circuiti ID Attachment Circuit2 AC2 AC2 Attributes Circuit2 ID ml a sw3 pel Default z Add AC Default Rows per page 10 v I lt q Goto page 1 of1 DDI Add Link Delete Link Save Cancel 138397 Note Required Field Step15 Click AC1 Link Attributes and edit the attributes if desired For more information see the section Modifying the L2VPN Service Request page 8 20 Step16 Repeat Steps 5 through 14 for AC2 Step17 Specify remaining items in the End to End Wire Editor window as necessary for your configuration e You can enter a description for the service request in the first Description field The description will show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters e You can enter a description for each end to end wire in the Description field provided for each wire The description shows up only in this window The data in this field is not pushed to the device s The maximum length for this field is 256 characters e The ID number is system generated identification number for the circuit e The Circuit
258. ckbone ATM Cell Relay extends the usability of the MPLS backbone by enabling it to offer Layer 2 services in addition to already existing Layer 3 services You can enable the MPLS backbone network to accept ATM cells by configuring the provider edge PE routers at both ends of the MPLS backbone To transport ATM cells over MPLS a virtual circuit is set up from the ingress PE router to the egress PE router This virtual circuit transports the ATM cells from one PE router to the other Each MPLS packet can contain one or more ATM cells The encapsulation type is AALO Topology for ATMoMPLS Only the single PE scenario is supported See Figure E 7 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixE ISC Layer 2 VPN Concepts L2VPN Service Provisioning W Figure E 7 Configuring AAL5 and Cell Relay over MPLS ATM virtual circuits 7 7 e Ch Frame Relay over MPLS FRoMPLS With Cisco AToM for Frame Relay customer Frame Relay traffic can be encapsulated in MPLS packets and forwarded to destinations required by the customer Cisco AToM allows service providers to quickly add new sites with less effort than typical Frame Relay provisioning Frame Relay over MPLS enables a service provider to transport Frame Relay frames across an MPLS backbone This extends the reachability of Frame Relay and allows service providers to aggregate frame transport across a common packet backbone T
259. cked this field is non editable e When a VLAN ID is manually allocated ISC verifies the VLAN ID to see if it lies within ISC s VLAN ID pool If the VLAN ID is in the pool but not allocated the VLAN ID is allocated to the service request If the VLAN ID is in the pool and is already in use ISC prompts you to allocate a different VLAN ID If the VLAN ID lies outside of the ISC VLAN ID pool ISC does not perform any verification about whether the VLAN ID allocated The operator must ensure the VLAN ID is available e The Bridge Domain VLAN ID text field appears for both Cisco 7600 and ASR 9000 devices It will be displayed only for non FlexUNI links Step 36 For L2VPN Group Name choose one of the following from the drop down list e ISC e VPNSC Usage notes e This attribute is used for provisioning the L2VPN group name on IOS XR devices OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Step 37 Step 38 Step 39 Step 40 Step 41 Step 42 amp Note The choices in the drop down list are derived from a configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 e L2VPN Group Name is only applicable for IOS XR devices Enter an E Line
260. co IP Solution Center Infrastructure Reference 6 0 Creating Target Devices and Assigning Roles N PE or U PE Every network element that ISC manages must be defined as a device in the system An element is any device from which ISC can collect information In most cases devices are Cisco IOS routers that function as N PE U PE or P For detailed steps to create devices see the Cisco IP Solution Center Infrastructure Reference 6 0 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 LEN Chapter2 Setting Up the ISC Services W Configuring Device Settings to Support ISC Configuring Device Settings to Support ISC Two device settings must be configured to support the use of ISC in the network e Switches in the network must be operating in VTP transparent mode e Loopback addresses must be set on N PE devices amp Note These are the two minimum device settings required for ISC to function properly in the network You must of course perform other device configuration steps for the proper functioning of the devices in the network Configuring Switches in VTP Transparent Mode For security reasons ISC requires VTPs to be configured in transparent mode on all the switches involved in ERS or EWS services before provisioning L2VPN service requests To set the VTP mode enter the following Cisco IOS commands Switch configure terminal Switch config vtp mode transparent Enter the
261. cuits it has to be sent to all other CE devices participating in that VPLS instance The PE device handles this case by sending such a packet on all other attachment circuits and all the emulated circuits originating from that PE With a full mesh of emulated VCs such a packet will reach all other PE devices in that VPLS instance See Figure E 10 Figure E 10 Full Mesh of Emulated VCs MPLS enabled core forms Tunnel LSPs Common VC ID between PEs creates a Virtual Switching Instance Full Mesh of directed Attachment VCs are LDP sessions exchange VC Labels Port Mode or VLAN ID 104082 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Appendix E ISC Layer 2 VPN Concepts VPLS Service Provisioning W VPLS for an Ethernet Based L2 Provider Core With an Ethernet based provider core customer traffic forwarding is trivial in the core VPLS for an Ethernet based provider core is a multipoint Layer 2 VPN that connects two or more customer devices using 802 1Q in Q tag stacking technology A VPLS essentially emulates an Ethernet switch from a users perspective All connections are peers within the VPLS and have direct communications The architecture is actually that of a distributed switch For more information on VPLS for an Ethernet based provided core see the following sections e Multipoint EWS EP LAN for an Ethernet Based Provider Core page
262. d the VLAN ID is allocated to the service request If the VLAN ID is in the pool and is already in use ISC prompts you to allocate a different VLAN ID If the VLAN ID lies outside of the ISC VLAN ID pool ISC does not perform any verification about whether the VLAN ID allocated The operator must ensure the VLAN ID is available e The Bridge Domain VLAN ID text field appears for both Cisco 7600 and ASR 9000 devices It will be displayed only for non FlexUNI links Step34 Check the AutoPick Bridge Domain Name check box to have ISC autopick the bridge domain name during service request creation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Pais i OL 21636 01 _ Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Step 35 Step 36 Step 37 Step 38 Setting the Service Request Details W If this check box is unchecked you are prompted to specify a bridge domain name during service request creation see the next step Usage notes e The AutoPick Bridge Domain Name attribute appears only for Cisco ASR 9000 devices e The AutoPick Bridge Domain Name attribute only appears if Configure Bridge Domain was enabled in the EVC Service Request Editor window earlier in the service request workflow If the AutoPick Bridge Domain Name check box is unchecked enter a bridge domain name in the Bridge Domain Name text field Usage notes e Bridge Domain Name field appears only for Cisco ASR 9000 devices
263. d click Select This populates the TE Tunnel field with the ID of the selected TE tunnel amp Note After a TE tunnel is associated to a pseudowire class or provisioned in a service request you will receive an error message if you try to delete the TE tunnel using the Traffic Engineering Management TEM application TE tunnels associated with a pseudowire class or service request cannot be deleted Check the Disable Fallback check box to disable the fallback option for the pseudowire tunnel Choose this option based on your version of IOS XR It is required for IOS XR 3 6 1 and optional for IOS XR 3 7 and above Modifying a Pseudowire Class Object Step 1 This section describes how to modify edit an existing pseudowire class and how the editing operation might impact L2VPN service requests To modify a pseudowire class perform the following steps Navigate to Service Inventory gt Inventory and Connection Manager gt PseudoWireClass The PseudoWire Classes window appears Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 212 E OL 21636 01 Chapter2 Setting Up the ISC Services Creating and Modifying Pseudowire Classes for 10S XR Devices Hi Step2 Select the pseudowire class object you want to modify and click Edit The Edit PseudoWire Class window appears Step3 Make the desired changes and click Save amp Note The Name field is not editable if the pseudowire class is associated
264. d in the UNI interface to define the media type e The Link Media attribute is supported only for ME3400 platforms Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this box is unchecked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 7 Creating an L2VPN Policy Step 21 Step 22 Step 23 Step 24 Defining an Ethernet ERS EVPL Policy witha CE W Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Choose a UNI Po
265. dWire Editor SRID New Job ID New Policy Hame L2vpnErsCe Core Type MPLS vPH 2vpn_ers_vpn Select VPH Description E Showing 1 1 of 1 records Attachment Circuit1 AC1 Circuit Attachment Circuit2 AC2 Circuit2 a PSS Lea ACI Attributes D ysl AC2 Attributes 1D Note Required Field Rows per page 10 gt I lt q Goto page 1 oft DDI Add Link Delete Link Save Cancel 138492 Step 14 Specify remaining items in the End to End Wire Editor window as necessary for your configuration You can choose any of the blue highlighted values to edit the End to End Wire You can edit the AC link attributes to change the default policy settings After you edit these fields the blue link changes from Default to Changed For more information see the section Modifying the L2VPN Service Request page 8 20 You can enter a description for the service request in the first Description field The description will show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters You can enter a description for each end to end wire in the Description field provided for each wire The description shows up only in this window The data in this field is not pushed to the device s The maximum length for this field is 256 characters The ID number is system generated identification number for the circuit The Circuit ID
266. dd0 deny any host 0180 c200 0000 deny any host 1234 3234 3432 permit any any Comments e UNI on U PE e Two tag matching operations are carried out Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC Local Connect Core Connectivity UNI Port Security W e The rewrite operation translates two tags to a single tag e Two service instances are connected through the connect command Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 A387 AppendixA Sample Configlets HI FlexUNI EVC Local Connect Core Connectivity UNI no Port Security Bridge Domain FlexUNI EVC Local Connect Core Connectivity UNI no Port Security Bridge Domain Configuration e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with local connect core connectivity with UNI without port security and with bridge domain e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GI2 0 0 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FA1 14 FA3 23 Configlets U PE N PE vlan 772 interface GigabitEtherne2 0 0 exit no shut service instance 10 ethernet interface FastEthernet3 23 encapsulation dotlq 500 second dotiq 501 switchport trunk allowed vlan 500 772 rewrite ingress tag translate 2 to 2 dotlq 222 second dotigq 41 symmetric interface FastEthernet1 14 bridge dom
267. de PE AGG devices For details on how to implement this in ISC see Appendix D Terminating an Access Ring on Two N PEs Creating NPC Links Through the Autodiscovery Process With autodiscovery the existing connectivity of network devices can be automatically retrieved and stored in the ISC database NPCs are further abstracted from the discovered connectivity For detailed steps to create NPCs using autodiscovery see the Cisco IP Solution Center Infrastructure Reference 6 0 Creating and Modifying Pseudowire Classes for IOS XR Devices The pseudowire class feature provides you with the capability to configure various attributes associated with a pseudowire that is deployed as part of an L2VPN service request on IOS XR capable devices Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P2410 i OL 21636 01 Chapter2 Setting Up the ISC Services Creating and Modifying Pseudowire Classes for 10S XR Devices Hi Note The pseudowire class feature is supported for IOS XR 3 6 1 and higher The pseudowire class feature supports configuration of the encapsulation transport mode fallback options and selection of a traffic engineering tunnel down which the pseudowire can be directed For tunnel selection you can select the tunnel using the ISC Traffic Engineering Management TEM application if it is being used Otherwise you can specify the identifier of a tunnel that is already provisioned within the n
268. default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Choose a Port Type The choices are e Access Port e Trunk with Native VLAN Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B ERMS EVP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter9 Creating a VPLS
269. der Global Policy L2VPN ERS L2VPN EWS Service Type C Frame Relay C ATM CE Present Vv Note Required Field Step 1 of 2 Em e ee D 138473 Perform the following steps Click Next The window in Figure 7 11 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter Creating an L2VPN Policy HZ Defining an Ethernet EWS EPL Policy with a CE Figure 7 11 Ethernet EWS EPL with CE Policy Attributes L2VPN Point To Point Policy Editor Attribute Value Editable PE Information Standard UNI Port Vv Vv Encapsulation Dora z IV CE Information Interface Type ANY EA Interface Format fn UNI Shutdown B IV Keep Alive f Iv Interface Type for UNI Display ANY M UNI Vv VLAN and Other Information VLAN ID AutoPick M Vv VC ID AutoPick M VLAN Name OoOo y O Use PseudoWireClass E Vv L2VPN Group Name ISC X E Line Name FS Link Media None v Vv Link Speed None Vv Link Duplex None z IV Use Existing ACL Name E Port Based ACL Name are Vv UNIMAC Addresses abed 5566 7788 permit Edit Vv UNI Port Security a Vv Protocol Tunnelling a Vv N PE Pseudo wire On svi D Vv MTU size
270. dit 138392 Note Required Field Step6 Click Select N PE PE AGG U PE The Select PE Device window appears See Figure 8 25 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 a 817 Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request Step 7 Step 8 Step 9 Figure 8 25 PE for Attachment Circuit Show PEs with Provider Name matching F Showing 1 5 of 5 records Device Name pi said PE Region Name Role Type es 1 C amp pet Provider region_1 N_PE 2 C J pes Provider1 region_1 N_PE 3 C amp sw2 Provider region_1 U_PE 4 C E sw3 Provider1 region_1 U_PE 5 C BB sw4 Provider4 region_1 U_PE Rows per page fio gt I lt q Gato page 1 of 1 G3 DDI 138393 This window displays the list of currently defined PEs a From the Show PEs with drop down list you can display PEs by Customer Name by Site or by Device Name b You can use the Find button to either search for a specific PE or to refresh the display c You can set the Rows per page to 5 10 20 30 40 or All In the Select column choose a PE for the L2VPN link Click Select The Attachment Tunnel Editor window appears See Figure 8 26 Figure 8 26 PE Interface L2VPN Point To Point Service Request Editor Attachment Tunnel Editor SRID New Job ID New Policy Name L2vpnEwsNoCe Showing 1 1 of 1 records O E N_PEPE_AGG U_P
271. dit Deploy Decommission Purge 138604 Step2 Check a check box for a service request Step3 Click Edit The VPLS Link Editor window appears See Figure 10 14 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P1010 E OL 21636 01 Chapter 10 Managing a VPLS Service Request Step 4 Step 5 Step 6 Step 7 Modifying the VPLS Service Request W Figure 10 14 VPLS Link Editor VPLS Service Request Editor VPLS Link Editor SRID 26 Job ID 26 Policy Hame VplsMplsErsCe YPH vpls_ers_vpn_4 Description E Showing 1 2 of 2 records S DESE CE Interface Circuit Selection Circuit Details Circuit ID Link Attributes 1 I ce3 Ethernet0 1 Detail pet Ethernet4 3 Circuit Details YLAN 26 Edit A ces FastEthernet0 1 v Detail pe3 Ethernet1 1 Circuit Details VYLAN 25 Edit Rows per page All v I lt q Goto page 1 of 1 G3 D Dl Add Link Delete Link Save Cancel 138469 Note Required Field Specify remaining items in the End to End Wire Editor window as necessary for your configuration e Choose any of the blue highlighted values to edit the VPLS links e Click Add Link to add a VPLS link e Click Delete Link to delete a VPLS link amp Note If you are attempting to decommission a service request to which a template has been added see Monitoring Service Requests page 11 10 for information on th
272. dixA Sample Configlets FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with pseudowire core connectivity with a multipoint circuit Link 1 terminates on an ATM interface on N PE 1 link 2 terminates on an Ethernet interface on N PE 1 and link 3 terminates on an Ethernet interface on N PE 2 e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet7 0 4 ATM6 0 0 100 The N PE 2 is a Cisco 7600 with IOS 12 2 33 SRE Interface s GigabitEthernet7 0 5 Configlets N PE 1 ATM Ethernet N PE 2 Ethernet l vlan 500 vlan 800 exit exit ethernet evc Customer1_166 ethernet evc Customer1_166 l interface GigabitEthernet7 0 4 interface GigabitEthernet7 0 5 no shutdown no shutdown service instance 1 ethernet Customer1_166 service instance 1 ethernet Customer1_166 encapsulation dotiq 600 encapsulation dotliq 623 bridge domain 500 split horizon bridge domain 800 split horizon interface ATM6 0 0 100 point to point interface Vlan800 pvc 200 300 description UT 9 encapsulation aal5snap xconnect 192 169 105 20 6 pw class bridge domain 500 split horizon TSC pw tunnel 900 interface Vlan500 no ip address description U
273. e Configuration e Service L2VPN Metro Ethernet e Feature ERS EVPL and EWS EPL e Device configuration The N PE is a CRS 1 with IOS XR 3 6 or later The U PE is a 12 2 18 SXF with IOS Configlets U PE N PE interface GigabitEthernet0 0 0 2 559 dotiq vlan 559 12transport interface GigabitEthernet0 0 0 4 559 dotiq vlan 559 12transport 12vpn xconnect group ISC p2p cl test 12 crs1 1 0 559 interface GigabitEthernet0 0 0 2 559 interface GigabitEthernet0 0 0 4 559 l Comments e The default E Line name has changed for local connect configlets e The format of the default E line name is device_name_with_underscores VCID VLANID Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets ERS EVPL EWS EPL ATM or Frame Relay Additional Template Variables for L2VPN 10S and IOS XR Device A ERS EVPL EWS EPL ATM or Frame Relay Additional Template Variables for L2VPN IOS and IOS XR Device Configuration e Service L2VPN Metro Ethernet e Feature ERS EVPL EWS EPL ATM and Frame Relay e Device configuration The N PE is a 12 2 18 SXF with IOS for ERS EVPL EWS EPL Frame Relay service The N PE is a CRS 1 with IOS XR 3 6 or later for ERS EVPL EWS EPL service and IOS XR 3 7 or later for ATM service ATM port mode The U PE is a 12 2 25 EY4 with IOS for ERS EVPL or EWS EPL service
274. e This is pushed onto the device where the Service Instance ID is 10 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g aas AppendixA Sample Configlets WE FiexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Point to Point Circuit FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Point to Point Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with pseudowire core connectivity with an end to end circuit with multiple links One link terminates on an ATM interface on N PE 1 and the other link terminates on an Ethernet interface on N PE 2 e Device configuration N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 0 370 N PE2 is a Cisco 7600 with IOS 12 2 33 SRE Interface s GigabitEthernet4 0 2 Configlets N PE 1 ATM N PE 2 Ethernet interface ATM1 0 0 370 point to point ethernet evc 1 3_51 no atm enable ilmi trap pvc 0 370 12transport interface GigabitEthernet4 0 2 encapsulation aal5snap no ip address xconnect 192 169 105 10 123 pw class no mls qos trust inter ether l service instance 103 ethernet 1 3_51 encapsulation dotlq 370 rewrite ingress tag pop 1 symmetric xconnect 192 169 105 20 123 encapsulation mpls Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Ase i OL 21636 01 Appen
275. e e Destination Device must be an N PE e Destination Interface e Ring Note Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Before adding or inserting a ring in an NPC you must create a ring and save it in the repository To obtain information on creating NPC rings see the Cisco IP Solution Center Infrastructure Reference 6 0 Source Device is the beginning of the link and Destination Device is the end of the link Click Create The Create a Named Physical Circuit window appears Click Add Device The Select a Device window appears Choose a CE as the beginning of the link Click Select The device appears in the Create a Named Physical Circuit window To insert another device or a ring click Insert Device or Insert Ring To add another device or ring to the NPC click Add Device or Add Ring For this example click Add Device to add the N PE Choose a PE as the destination device Click Select The device appears In the Outgoing Interface column click Select outgoing interface A list of interfaces defined for the device appears Choose an interface from the list and click Select Click Save The Named Physical Circuits window now displays the NPC that you created Creating a Ring Only NPC Step 1 To create an NPC that contains only a ring without specifying a CE perform the following steps Choose Service Inventory gt Inventory and Connection Manager
276. e operator can specify an outer tag with a value from 1 to 4096 e This attribute is available regardless of the number of tags used in the match criteria Whether the incoming traffic is double tagged or single tagged if Push Outer is enabled all corresponding service requests push an outer tag All subsequent nodes consider only the outer most two tags if FlexUNI capable or just one tag not FlexUNI capable and treat the inner most tags transparently as payload e This VLAN ID is not derived from ISC managed VLAN ID pools Check the Push Inner check box to impose an inner VLAN ID tag onto the incoming frames that fulfill the match criteria This operation pushes both an inner and an outer tag onto the incoming packet not just an inner tag If this check box is unchecked no inner tag is imposed on the incoming frames Usage notes e If Push Inner is checked all service requests created with the policy push a dotlq inner tag on the incoming frames matching the match criteria When creating the link during service creation the operator can specify an inner tag with a value from to 4096 e If Push Inner is checked Push Outer is automatically checked e This attribute is available regardless of the number of tags used in the match criteria Regardless of whether the incoming traffic is double tagged or single tagged if Push Inner is enabled all corresponding service requests push an inner tag All subsequent nodes consider only th
277. e 1 1 1 1 VLAN translation The VLAN of the incoming traffic CE VLAN is replaced by another VLAN PE VLAN The specification of the VLAN translation is done during the creation of the service request for the policy as covered in Creating a Service Request page C 3 e 2 1 2 1 VLAN translation The double tagged Q in Q traffic at the U PE UNI port can be mapped to different flows to achieve service multiplexing When you choose 2 1 VLAN translation the L2VPN Point to Point Editor window dynamically changes to enable you to choose where the 2 1 VLAN translation takes place See Figure C 2 Figure C 2 Choose Where 2 1 VLAN Translation Takes Place VLAN Translation No 141 f 24 IV Tr Select where 2 1 translation takes place Auto C U PE C PE AGG C N PE Iv The choices for where 2 1 VLAN translation takes place are e Auto This is the default choice e U PE e PE AGG e N PE If you choose Auto the 2 1 VLAN translation takes place at the device closest to the UNI port The other choices come into play only when there is more than one place that 2 1 VLAN translation can be done If there is only one place where the translation can be done the choice is ignored The actual VLAN values are specified when you create a service request based on this policy See Creating a Service Request page C 3 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 c2 E OL 21636 01 AppendixC Setting Up VLAN Translatio
278. e Change Report window appears See Figure 11 7 Figure 11 7 Service Request State Change Report Service Request State Change Report Element Hame State Create Time Report Resueet PENDING 2005 09 15 14 15 09 SR Job ID 13 transitioned from REQUESTED to PENDING state P DEPLOYED 2005 09 15 14 15 23 SR Job ID 13 transitioned from PENDING to DEPLOYED state i l The history reports lists the following information about the service request e Element Name the device interface and subinterfaces participating in this service request e State the transition states the element has gone through e Create Time the time the element was created for this service request e Report the action taken by ISC for the element in this service request Step2 Click OK to return to the Service Request Details window Configlets After you deploy the service request ISC generates Cisco IOS commands to turn on L2VPN or VPLS Services on all the network devices that participate in the service request To view the configlets that are generated perform the following steps Step 1 Click Configlets on the Service Request Details window See Figure 11 4 You see a list of network devices for which a configlet was generated See Figure 11 8 Figure 11 8 Service Request Configlets Service Request Configlets Configlets for Service Request Job ID 13 Showing 1 4 of 4 records Device ce8 pet o 4 85 ped Rows per page 10 1X q co to page o
279. e Spoke CEs do not have direct connection to each other L A Note The full mesh and the hub and spoke topologies make a difference only when you choose more than two endpoints For example with four endpoints ISC automatically creates six links with full mesh topology With hub and spoke topology however ISC creates only three links Click Add Link The Attachment Tunnel Editor window appears See Figure 8 16 Figure 8 16 Select U PE PE AGG N PE L2VPN Point To Point Service Request Editor Attachment Tunnel Editor Select one circuit Circuit Details Note Required Field 138384 Specify the N PE PE AGG U PE endpoints using the Attachment Tunnel Editor as covered in the following steps Click Select U PE PE AGG N PE in the U PE PE AGG N PE column The PE for Attachment Circuit window appears See Figure 8 17 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 8 Managing an L2VPN Service Request Creating an L2VPN Service Request Figure 8 17 Select PE Device Show PEs with Provider Name gt matching F Showing 1 5 of 5 records Device Name Provkior PE Region Hame Role Type ik RY RP Ri a 1 C amp pet Provider1 region_1 N_PE 2 C GF pes Provider region_1 N_PE 3 C g sw2 Providert region_1 U_PE 4 C EJ w3 Provider1 region_1 U_PE 5 C SB sw4 Providert region_1 U_PE Rows per page fio gt I lt 4 Goto page
280. e Topology that you chose Click OK in Figure 8 6 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request Figure 8 6 NPCs Created L2 VPN Point To Point Service Request Editor ces Ethernet0 1 pet Ethernet4 3 Circuit Details romeo oot El o I fer Delete Link For ERS EVPL ATM and Frame Relay the End to End Wire Editor window appears See Figure 8 7 Figure 8 7 End to End Wire Editor Satun To Point Service Request Editor ce3 pe1 ce8 pe3 m 138490 Note Required Field Step11 The VPN for this service request appears in the VPN field If there is more than one VPN click Select VPN to choose a VPN The VPN for L2VPN service request window appears Step 12 Choose a VPN Name and click Select The L2VPN Service Request Editor window appears with the VPN name displayed Step 13 If necessary click Add AC in the Attachment Circuit AC2 column and repeat Steps 3 to 10 for AC2 The End to End Wire Editor window displays the complete end to end wire See Figure 8 8 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Chapter8 Managing an L2VPN Service Request Creating an L2VPN Service Request W Figure 8 8 End to End Wire Created L2VPN Point To Point Service Request Editor EndToEn
281. e UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter Creating an L2VPN Policy HZ Defining an Ethernet EWS EPL Policy with a CE Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19 Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Check the VC ID AutoPick check box if you want ISC to choose a VC ID If you do not check this check box you will be prompted to provide the VC ID in a VC ID field during service activation Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This a
282. e class This attribute is only applicable for IOS XR devices If the check box is checked an additional attribute PseudoWireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices Choose an L2VPN Group Name from the drop down list The choices are e ISC e VPNSC This attribute is used for provisioning the L2VPN group name on IOS XR devices OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter7 Creating an L2VPN Policy W Defining an ATM Policy without a CE Step 9 Step 10 Step 11 Step 12 amp Note The choices in the drop down list are derived from a configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 Enter an E Line Name to specify the point to point p2p E line name This attribute is only applicable for IOS XR devices If no value is specified for the p2p name ISC generates a default name consisting of the names of the two PEs forming the pseudowire separated by hyphens for example 6503 A 6503 B If the default
283. e core connectivity with UNI with pseudowire tunneling e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GI4 0 0 lt gt GI2 0 0 Configlets U PE N PE None pseudowire class ISC pw tunnel 2147 encapsulation mpls preferred path interface Tunnel2147 disable fallback interface GigabitEtherne4 0 0 service instance 1 ethernet encapsulation dotlq 11 second dotig 41 rewrite ingress tag pop 2 symmetric xconnect pw class ISC pw tunnel 2147 Comments e UNI on N PE the CE is directly connected e Match of both tags is performed e The rewrite operation pops both the inner and outer VLAN tags Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g A33 AppendixA Sample Configlets HE FlexUNI EVC VPLS Core Connectivity UNI Port Security FlexUNI EVC VPLS Core Connectivity UNI Port Security Configuration Configlets Comments e Service FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with VPLS core connectivity with UNI port security e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GI4 0 1 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Port security is enabled Interface s FA1 14 FA3 23 U PE N PE vlan 788 exit l interface FastEthernet3 23 no ip address switchport trunk allowed vlan 783 787 788 I interface FastEthernet1 14 no cdp enable
284. e is pseudowire core connectivity There are two cases e With FlexUNI If Configure With Bridge Domain is checked the policy will configure pseudowires under SVIs associated to the bridge domain If Configure With Bridge Domain is unchecked the policy will configure pseudowires directly under the service instance This will conserve the global VLAN e Without FlexUNI If Configure With Bridge Domain is checked the policy will configure pseudowires under SVIs If Configure With Bridge Domain is unchecked the policy will configure pseudowires directly under subinterfaces Pseudowires can be configured either directly under service instance of the corresponding FlexUNI capable interface or under SVIs associated to the bridge domain Check the Use Split Horizon check box to enable split horizon with bridge domain Usage notes e The Use Split Horizon attribute is disabled by default e The Use Split Horizon attribute can be used only when the Configure Bridge Domain check box is checked enabled e When Use Split Horizon is enabled the bridge domain command in the CLI will be generated with split horizon When it is disabled the bridge domain command will be generated without split horizon Click the Click here link of the Description attribute to enter a description label for the service request This is useful for searching the ISC database for the particular service request A dialogue appears in which you
285. e number of tags used in the match criteria Whether the incoming traffic is double tagged or single tagged if Push Outer is enabled all corresponding service requests push an outer tag All subsequent nodes consider only the outer most two tags if FlexUNI capable or just one tag not FlexUNI capable and treat the inner most tags transparently as payload e This VLAN ID is not derived from ISC managed VLAN ID pools Step4 Check the Push Inner check box to impose an inner VLAN ID tag onto the incoming frames that fulfill the match criteria This operation pushes both an inner and an outer tag onto the incoming packet not just an inner tag If this check box is unchecked no inner tag is imposed on the incoming frames Usage notes e If Push Inner is checked all service requests created with the policy push a dotlq inner tag on the incoming frames matching the match criteria When creating the link during service creation the operator can specify an inner tag with a value from to 4096 e If Push Inner is checked Push Outer is automatically checked e This attribute is available regardless of the number of tags used in the match criteria Regardless of whether the incoming traffic is double tagged or single tagged if Push Inner is enabled all corresponding service requests push an inner tag All subsequent nodes consider only the outer most two tags if FlexUNI capable or just one tag not FlexUNI capable and treat the inner most ta
286. e outer most two tags if FlexUNI capable or just one tag not FlexUNI capable and treat the inner most tags transparently as payload e This VLAN ID is not derived from ISC managed VLAN ID pools Check the Translate Outer check box to allow the operator to specify a target outer VLAN ID during service request creation The outer tag of all the incoming frames that fulfill the match criteria are translated to this ID If the check box is unchecked no outer tag translation is performed See Table 5 1 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy HZ Setting the Interface Attributes Step6 Check the Translate Inner check box to allow the operator to specify a target inner VLAN ID during service request creation The inner tag of all the incoming frames that fulfill the match criteria are translated to this ID If the check box is unchecked no inner tag translation is performed See Table 5 1 amp Note Table 5 1 summarizes the realization of different VLAN translations available in the FlexUNI EVC infrastructure The second and third columns Match Outer Tag and Match Inner Tag refer to policy settings The last two columns Translate Outer Tag and Translate Inner Tag indicate the VLAN translation that occurs on the incoming frames Table 5 1 VLAN Translation Summary Table Type Match Outer Tag Matc
287. e proper way to do this You can enter a description for the service request in the first Description field The description will show up in this window and also in the Description column of the Service Requests window The maximum length for this field is 256 characters e The Circuit ID is created automatically based on the VLAN data for the circuit To modify the link attributes click Edit in the Link Attributes column as shown in the VPLS link editor The Link Attributes window appears Edit the link attributes as desired amp Note If you did not choose VLANI D AutoPick in the VPLS policy you are prompted to provide the VLAN in a Provider VLAN ID field amp Note For information on the Bridge Domain ID attribute which shows up in some VPLS service request scenarios see Modifying the VPLS Service Request page 10 10 To add a template and data file to a link choose a Device Name and click Add under Templates The Add Remove Templates window appears OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 10 Managing a VPLS Service Request HI Modifying the VPLS Service Request Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 amp Note To add a template to a link you must have already created the template For detailed steps to create templates see the Cisco IP Solution Center Infrastructure Reference 6 0 For
288. e request with VPLS connectivity with the following configurations Link one has a Cisco 67xx interface and an IOS 12 2 33 SRB image on a Cisco 7600 N PE Link two has a Cisco 67xx interface and an IOS 12 2 33 SRB image on a Cisco 7600 N PE Link three has an ES20 based interface and an IOS 12 2 33 SRB image on a Cisco 7600 N PE Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 PEN Chapter3 Creating a FlexUNI EVC Ethernet Policy WE Overview of FlexUNI EVC Support in ISC Example 2 As far as Layer 2 access nodes are concerned configurations on the UNI NNI of a U PE and or PE AGG are not influenced by the FlexUNI EVC capability on the N PE However if a selected named physical circuit NPC with N PE interface is configured with FlexUNI EVC it cannot be provisioned for traditional configuration An error will be generated while saving the service request On the other hand if a selected NPC with N PE interface is configured without FlexUNI it cannot be provisioned for FlexUNI configuration An error will be generated while saving the service request For example if for link one of a FlexUNI EVC service request if the encapsulation is selected as dot1Q the interface can share other L2 ERS VPLS ERMS UNIs on the same U PE PE AGG If the N PE interface that is part of the NPC being picked is already configured with non FlexUNI EVC features using an existing L2VPN or VPLS service requ
289. e types Step3 Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 9 Creating a VPLS Policy Step 4 Step 5 Defining an MPLS EMS EP LAN Policy withoutaCE W Enter an Interface Format as the slot number port number for the PE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a N PE U PE Encapsulation type The choices are e DOTIQ e DEFAULT Note Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 When creating a service request based on the MPLS EMS EP LAN without CE policy the Encapsulation attribute is ignored Therefore setting this value has no effect Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepa
290. e version equal to the current version if available If not the previous highest version is matched e If exact matching attributes are not found then the match proceeds with the criteria described in Table B 1 An information message listing the exactly matched subtemplates of the super template is shown if and only if any of the matching criteria are met e If none of the attributes are matched then the default subtemplate is applied e If no default subtemplate exists a subtemplate with all null attribute values is matched e If none of the rows specified in the table match then ISC looks for subtemplates that are marked as device default or else version default If no subtemplates are marked as such then no matching subtemplates are picked A warning message is displayed The matching criteria are summarized in Table B 1 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix B Working with Templates and Data Files WE Using Templates with Service Requests Table B 1 Default SubTemplate Matching Criteria Matching Order Role Type Device Type Line Card Port Type Software Version 1 Exact Match Exact Match Exact Match Exact Match Exact Match 2 Exact Match Exact Match Exact Match Exact Match Previous Highest 3 Exact Match Exact Match Exact Match No Values Exact Match 4 Exact Match Exact Match Exact Match No Values
291. e1 Ethernet4 2 Rows per page fio gt I lt q Goto page f1 of 1 Gs DDI 138395 Note If only one NPC exists for the Chosen PE and PE interface that NPC is auto populated in the Circuit Selection column and you need not choose it explicitly Step12 If applicable choose the name of the NPC from the Select column Step13 Click OK The Attachment Tunnel Editor appears See Figure 8 28 Figure 8 28 NPC Created L2VPN Point To Point Service Request Editor Attachment Tunnel Editor SRID New Job ID New Policy Name L2vpnEwsNoCe Showing 1 1 of 1 records gl N PE PE AGG U PE UNI Interface Circuit Selection Circuit Details Sf m sw3 GigabitEthemet0 5 x Detail pet Ethernet4 2 Circuit Details Rows perpage 10 1 q coto page f1 of 1 G9 DDI Add Link Delete Link OK Cancel 138396 Note Required Field Note Each time you choose a PE and its interface the NPC that was precreated from this PE and interface is automatically displayed under Circuit Selection See Figure 8 28 This means that you do not have to further specify the PE to complete the link Step 14 Click OK The Service Request Editor window appears displaying the name of the selected PE in the AC1 column See Figure 8 29 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 319 Chapter8 Managing an L2VPN Service Request WE Modifying the L2VPN Service Request Figure 8 29 Atta
292. eCharacters_ServiceRequestJobID For example if the customer name is NorthAmericanCustomer and the service request job ID is 56345 the autogenerated connect name would be NorthAmer_56345 The CLI generated would be connect NorthAmer_56345 ATM7 0 5 11 ATM7 0 4 18 In this case 11 and 18 are service instance VPIs If the policy setting for Configure Bridge Domain is non editable the option in the service request will be read only Check the Use Split Horizon check box to enable split horizon with bridge domain Usage notes The Use Split Horizon attribute is disabled by default The Use Split Horizon attribute can be used only when the Configure Bridge Domain check box is checked enabled When Use Split Horizon is enabled the bridge domain command in the CLI will be generated with split horizon When it is disabled the bridge domain command will be generated without split horizon Click the Click here link of the Description attribute to enter a description label for the service request A dialogue appears in which you can enter a description To set up direct connect links see the section Setting Direct Connect Links page 6 8 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Step 10 To set up links with L2 access nodes see the section Setting Lin
293. ears See Figure 11 5 Figure 11 5 Service Request Links Service Request Links End to End Wires for Service Request Job ID 3 Showing 1 1 of 1 record Es H PE Attachment Circuit 1 H PE Attachment Circuit 2 Status 1 sw3 sw4 REQUESTED Rowsperpage 10 I q Soto page f1 of1 DDI 138563 Step2 Choose a link and click Details The Link Details window appears See Figure 11 6 Figure 11 6 Link Details Window Service Request Link End to End Wire Details Type L2VPN EndToEndWire ID 1 Status Message State REQUESTED L2VPH Policy L2 pnPolicy1 L2VPH Service Type EthernetEVCS_NO_CE Attachment Circuit ID 3 U PE Name sw3 U PE UNI Interface GigabitEthernet0 3 N PE Name pet N PE Major Interface FastEthernet0 0 20 Attachment Circuit ID 4 U PE Name sw4 U PE UNI Interface FastEthernet0 8 N PE Name pes N PE Major Interface FastEthernet0 0 20 Step3 Click OK to return to the Service Request Links window 138564 Step4 Choose another link to view or click OK to return to the Service Request Details window Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E OL 21636 01 Chapter 11 Deploying Monitoring and Auditing Service Requests Deploying Service Requests W History To view history information about the service request perform the following steps Step1 Click History on the Service Request Details window See Figure 11 4 The Service Request Stat
294. ecommissioning the service request the service remains running on the network specifically the configuration remains on the devices on which the service was provisioned but all record of the service request that created the service is removed from ISC Purged When a service request is Purged it is removed from the ISC database Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E OL 21636 01 _ Chapter 11 Deploying Monitoring and Auditing Service Requests Deploying Service Requests W Viewing Service Request Details Step 1 Step 2 The service request details include the link endpoints for the service request the history and the configlet generated during the service request deployment operation Use the service request details to help you troubleshoot a problem or error with the service request or to check the commands in the configlet From the Service Request Details page you can view more information about e Links the link endpoint details e History Service request history report e Audit Audit reports for the link IDs e Configlets View the ISC generated configlet for the L2VPN or VPLS service request The following sections describe the links history and configlet details for an L2VPN or VPLS service request The audit details are described in Auditing Service Requests page 11 12 To view service request details perform the following steps Choose Service Inventory
295. ed Otherwise deployment will fail Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Check the UNI Port Security check box see Figure 7 12 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d In the Secure MAC Addresses field enter one or more Ethernet MAC addresses Figu
296. ed and the FlexUNI check box checked Figure 4 6 Standard UNI Details Window Cisco ASR 9000 Configure Bridge Domain Enabled Standard UNI Details OA Attribute Value N PE U PE Information pe13 Interface Name FastEthernet1 Encapsulation DOT1Q PE UNI Interface Description poo UNI Shutdown E Use PseudoWireClass E AutoPick Bridge Group Name r Bridge Group Name pooo AutoPick Bridge Domain Name E Note Required Field Step2o0of2 204848 m Sy ee Figure 4 7 is an example of a direct connect link for a Cisco ASR 9000 running IOS XR with pseudowire core connectivity configure bridge domain not enabled and the FlexUNI check box checked Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 ais Chapter4 Managing a FlexUNI EVC Ethernet Service Request HZ Setting the Service Request Details Figure 4 7 Standard UNI Details Window Cisco ASR 9000 Configure Bridge Domain not Enabled Standard UNI Details Attribute Value N PE U PE Information pe13 Interface Name FastEthernet1 Encapsulation DOT1Q PE UNI Interface Description UNI Shutdown 5 Use PseudoWireClass E L2VPN Group Name sc E Line Name Note Required Field Step 2 0f2 m ET 204849 Step23 The N PE U PE Information and Interface Name fields display the PE device and interface name selected in previous steps These fields are read only Step 24 Choose an Encapsula
297. ed again e The PE VLAN is released e If the link being deleted is the last link on the UNI port then this port is set to new For 2 1 VLAN translation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 g cs Appendix C Setting Up VLAN Translation E Platform Specific Usage Notes e The CE VLAN becomes available to be translated again e The translated to PE VLAN is released e Ifthe link being deleted is the last CE PE pair on this UNI port and there is no EWS EPL service on this port then this port is set to new In addition the outer VLAN is released Platform Specific Usage Notes VLAN translation is available on 7600 and 3750 ME platforms The 7600 and 3750 ME have different ways to support VLAN translation Not only is the command syntax different but so is the place where the VLAN translation is carried out On the 7600 for 1 1 VLAN translation the operation is done on the PFC card For 2 1 VLAN translation the operation is done on the uplink GE WAN OSM module On the 3750 ME however both translations occur on the uplinks ES ports VLAN Translation on the 3750 Be aware of the following points when performing VLAN translation on the 3750 e The 3750 where VLAN translation occurs should be designated as a U PE or PE AGG role not N PE e VLAN translation on the up link ES port should be performed on the Gigabit 1 1 1 or Gigabit 1 1 2 port e Ifa 1 1 VLAN
298. ed and not yet deployed it is not an error However if a Deploy is done and it remains Requested the service is in an error state Wait Deploy This service request state pertains only when downloading configlets to a server running Cisco Configuration Engine Wait Deploy indicates that the configlet has been generated but it has not been downloaded to the Cisco Configuration Engine server because the device is not currently online The configlet is staged in the repository until such time as the Cisco Configuration Engine server notifies ISC that it is up Configlets in the Wait Deploy state are then downloaded to the Cisco Configuration Engine server Table 11 2 User Operations on ISC Service Requests describes user operations and their impact on ISC service requests Table 11 2 User Operations on ISC Service Requests User Operations Description Decommission This user operation removes the service from all devices in the service request Force Deploy This user operation allows you to Deploy a service request from any state except Closed This is equivalent to restarting the state diagram The service request can move from its current state to any other possible state However it does not move to the Requested state Force Purge This user operation removes a service request from the database irrespective of its state If you Force Purge a service request from the ISC repository before first d
299. efault this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the Filter BPDU check box to specify that the UNI port should not process Layer 2 Bridge Protocol Data Units BPDUs Check the UNI Port Security check box see Figure 9 26 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient numbe
300. elivered in several ways by variations of the Class on the platform The FlexUNI EVC policy and associated service request offer a generic and flexible service construct to support device capabilities This policy is flexible enough to cater to different service offerings using the EVC architecture It allows service designers to utilize most of the EVC features in a flexible manner to match the hardware and platform capabilities The FlexUNI EVC policy can be used to create only a FlexUNI EVC service request and not any other existing ISC service request types such as L2VPN VPLS and so on Likewise a FlexUNI EVC service request can be created using only a FlexUNI EVC policy and not any other existing ISC policies The FlexUNI EVC infrastructure provides several benefits to Carrier Ethernet CE deployments including e Flexible frame matching e Flexible VLAN tag manipulation and or translation e Multiple services on the same port e Flexible service mapping e VLAN scaling and locally significant VLANs FlexUNI EVC supports a variety of network configurations such as the following e Provisioning of Ethernet access as a EVC capable EWS interface on the N PE e Interconnecting Ethernet accesses terminating on a single Cisco 7600 N PE on one or multiple ports in a bridge domain e Interconnecting Ethernet accesses terminating on multiple Cisco 7600 N PEs in a VPLS service e FlexUNI EVC service support on Cisco ASR 9000 Series Routers r
301. elling Iv Iv Tunnel CDP Iv Iv CDP Threshold in packets seconds 0 4096 IV cdp drop threshold 0 4096 E Tunnel YTP Iv IV WTP Threshold in packets seconds 0 4096 Iv vip drop threshold 0 4096 Tunnel STP lV Vv STP Threshold in packets seconds 0 4098 Iv stp drop threshold 0 4096 E z Recovery Interval in seconds 30 86400 Iv For each protocol that you check enter the shutdown threshold and drop threshold for that protocol a Tunnel CDP Enable Layer 2 tunnelling on Cisco Discover Protocol CDP b CDP Threshold Enter the number of packets per second to be received before the interface is shut down Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I oL 21636 01 g o2 Chapter9 Creating a VPLS Policy HZ Defining an Ethernet ERMS EVP LAN Policy with a CE Step 23 Step 24 c cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets d Tunnel VTP Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP e WTP threshold Enter the number of packets per second to be received before the interface is shut down f vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets g Tunnel STP Enable Layer 2 tunnelling on Spanning Tree Protocol STP h STP Threshold Enter the number of packets per second to be received
302. er Provided Service Instance Name Local Core Connectivity page A 44 FlexUNI EVC User Provided Service Instance Name VPLS Core Connectivity page A 45 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Point to Point Circuit page A 46 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit page A 47 FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit page A 48 FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit page A 49 FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit page A 50 FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit page A 51 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit page A 52 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit page A 53 FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit page A 54 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain page A 55 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain page A 56 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit no Bridge Domain page A 57 The configlets provided in this appe
303. er values e Service Type Type of service Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P36 OL 21636 01 Chapter 13 Generating L2 and VPLS Reports L2 VPN Report The L2 VPN Report provides a way to track a VLAN ID and or VC ID back to the VPN and customer without having to iterate through every link and every VPN service Given a VLAN ID or VC ID the respective customer and VPN details are displayed in the report L2 and VPLS Reports W Click the L2 VPN Report icon to bring up the window for this report See Figure 13 4 Figure 13 4 Layout Title Chart Type Filters VLAN ID VC ID Customer Name Access Domain Sorting Field Filter Values L2 VPN Report L2 VPN Report Tabular VLAN ID gt Ascending 138551 e VLAN ID VLAN identification number e VC ID Virtual circuit identification number e Customer Name Name of the customer e Access Domain Access domain name Output Values e VLAN ID VLAN identification number e VC ID Virtual circuit identification number e SR Job ID Service request job identification number e VPN Name of the VPN e Customer Name Name of the customer e Service Type Type of service e Access Domain Access domain name e Provider Name Name of the provider OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 13 Generating L2 and VPLS
304. erface FastEthernet1 0 24 no cdp enable no cdp enable no ip address no ip address duplex auto duplex auto switchport switchport switchport trunk encapsulation dotlq switchport trunk encapsulation dotlq switchport mode trunk switchport mode trunk switchport trunk allowed vlan none switchport trunk allowed vlan none switchport trunk allowed vlan 3200 switchport trunk allowed vlan 3300 switchport nonegotiate switchport nonegotiate Switchport port security aging type switchport port security aging type inactivity inactivity switchport port security maximum 100 switchport port security maximum 100 switchport port security aging time 1000 switchport port security aging time 1000 switchport port security violation protect switchport port security violation protect switchport port security switchport port security storm control unicast level 1 0 storm control unicast level 1 0 storm control broadcast level 50 0 storm control broadcast level 50 0 storm control multicast level 50 0 storm control multicast level 50 0 shutdown shutdown keepalive keepalive spanning tree bpdufilter enable spanning tree bpdufilter enable l interface GigabitEthernet1 0 1 interface Vlan3300 no ip address no ip address switchport xconnect 192 169 105 40 7502 encapsulation switchport trunk encapsulation dotlq mpls switchport mode trunk no shutdown switchport trunk allowed vlan 3200 i Comments None E Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0
305. ernet User Guide 6 0 I OL 21636 01 a 241 Chapter2 Setting Up the ISC Services W Creating and Modifying Pseudowire Classes for 10S XR Devices Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 In the Description field enter a meaningful description of less than 128 characters This field is optional Choose the MPLS encapsulation type from the Encapsulation drop down list amp Note Currently the only encapsulation type supported is MPLS Choose the transport mode from the TransportMode drop down list The choices are e Ethernet e Vlan e NONE default amp Note If you want to set the TransportMode to Vlan we recommend you do this via a pseudowire class if supported by the version of IOS XR being used If pseudowire class is not supported in a particular version of IOS XR then you must set the TransportMode using a Dynamic Component Properties Library DCPL property as explained in the section Configuring the Transport Mode When Pseudowire Classes are Not Supported page 2 13 Enter a Tunnel ID of a TE tunnel that has already been provisioned by ISC or that has been manually provisioned on the device This value is optional You can also select a TE tunnel that has already been provisioned by ISC as covered in the next step Click Select TE Tunnel if you want to select a TE tunnel that has been previously provisioned by ISC The Select TE Tunnel pop up window appears Choose a TE tunnel an
306. ervice requests based on this policy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Choose a Port Type The choices are e Access Port e Trunk with Native VLAN Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B ERMS EVP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter9 Creating a VPLS Policy HZ Defining an MPLS ERMS EVP LAN Policy with a CE Step 17 Step 18 Step 19 Step 20 Step 21 Step 22
307. es associated templates data files will display under the All other Devices option When you copy an existing policy you can copy associated templates data files if any from the All other Devices or Devices with UNI options of the existing policy into the new policy This is similar to normal ISC behavior You can associate templates without data files for either the All other Devices or Devices with UNI options or both Selective determination of templates is supported in all L2VPN and FlexUNI EVC policy types and service requests For MPLS VPN only MPLS PE CE and MPLS PE NoCE policies and service requests are supported For the MPLS VPN PE CE policy type this feature is applicable if the PE is or is not associated with an NPC This feature is not available for Multi VRFCE policies and service requests The following notes describe how this feature is supported in the service request workflow During service request creation selective templates are differentiated based on the devices having a UNI interface or having both UNI and NNI interfaces for the U PE and PE AGG device roles Templates in the policy are copied to the respective devices functioning in the specified roles There is no behavioral change for devices of other roles The selective determination of templates is not applicable for service request modification scenarios as after the service request is created it is the user s decision to make any changes for templates co
308. es and Data Files with a FlexUNI EVC Ethernet Service Request 4 22 Saving the FlexUNI EVC Service Request 4 23 Creating a FlexUNI EVC ATM Ethernet Interworking Policy 5 1 Overview 5 1 Defining the FlexUNI EVC ATM Ethernet Interworking Policy 5 2 Setting the Service Options 5 4 Setting the ATM Interface Attributes 5 6 Setting the FlexUNI Attributes 5 7 Setting the Service Attributes 5 8 Setting the VLAN Matching Criteria Attributes 5 10 Setting the VLAN Rewrite Criteria Attributes 5 10 Setting the Interface Attributes 5 12 Enabling Template Association 5 19 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Overview 6 1 Creating a FlexUNI EVC ATM Ethernet Interworking Service Request 6 2 Setting the Service Request Details 6 3 Pseudowire Core Connectivity 6 3 Local Core Connectivity 6 6 Setting up Links to the N PE 6 8 Setting Direct Connect Links 6 8 Setting the ATM Link Attributes 6 18 Setting Links with L2 Access Nodes 6 22 Modifying the FlexUNI EVC Service Request 6 23 Using Templates and Data Files with a FlexUNI EVC Service Request 6 24 Saving the FlexUNI EVC Service Request 6 24 Creating an L2VPN Policy 7 1 Defining an L2VPN Policy 7 1 Defining an Ethernet ERS EVPL Policy witha CE 7 3 Defining an Ethernet ERS EVPL Policy withouta CE 7 9 Defining an Ethernet EWS EPL Policy with a CE 7 15 Defining an Ethernet EWS EPL Policy withouta CE 7 22 Defining a Frame Relay Policy witha CE 7 28 6 1
309. eshold Enter the number of packets per second to be received before the interface is shut down E Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 9 Creating a VPLS Policy Defining an Ethernet EMS EP LAN Policy withoutaCE W c cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets d Tunnel VTP Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP e WTP threshold Enter the number of packets per second to be received before the interface is shut down f vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets g Tunnel STP Enable Layer 2 tunnelling on Spanning Tree Protocol STP h STP Threshold Enter the number of packets per second to be received before the interface is shut down i stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets j Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Step 23 Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templ
310. ess ring on two different N PEs there is no need for a physical connection between the N PEs However ISC requires that a virtual link must be created between the N PEs in order to close the ring The virtual link is set up through the use of loopback interfaces Figure D 3 shows the creation of an NPC ring with loopback interfaces Figure D 3 NPC Ring with Loopback Interfaces Between N PEs kd Source Device Source Interface Destination Device Destination Interface 1 go 750 abitE 10 1 7 t 7 zC is 3 0 tE Edit Cross Links insert Delete Save Cancel 204826 In order to use loopback interfaces in a ring in this manner you must enable the DCPL property allowLoopbackIntfInNPC which is accessed in the Host Configuration window under the folder repository mlshare When this DCPL property is set to true ISC allows the use of loopback interfaces in a ring Note Note that ISC does not generate any configlets onto the loopback interfaces during deployment of the service request Using N PE Redundancy in FlexUNI EVC Service Requests Using a dual homed access ring in a FlexUNI EVC service request does not require any change in the usual workflow in the ISC GUI During creation of the FlexUNI EVC service request you select the NPC which is associated with an NPC access ring terminating on two N PEs as shown Figure D 4 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix
311. est you cannot configure FlexUNI EVC on it Note If Dot1Q Tunnel is selected as the encapsulation type the port cannot be shared with other services 10S XR Platform Support FlexUNI EVC services are supported on Cisco ASR 9000 Series Routers running IOS XR 3 7 3 and 3 9 0 The following FlexUNI EVC features are supported on IOS XR platforms amp E line connections If an ASR 9000 is added on a direct link only DOT1Q encapsulation is supported for E Line services When using L2 access nodes with NPCs all supported encapsulations are available E LAN connections Flexible frame matching Flexible VLAN tag manipulation translation VLAN scaling and locally significant VLANs The ability to create L2 and L3 services under the same physical interface restricted only to subinterface All the Layer 2 ports on Cisco ASR 9000 devices are trunk ports hence only trunk port based configuration is supported The following FlexUNI EVC services are not supported on IOS XR platforms The N PE Pseudo wire on SVI attribute is not supported SVI interfaces are not available on the devices which restricts support for Standard UNI and Port Security configuration when the UNI is configured on an N PE xconnect commands are not directly supported under interface configuration Support for these commands has been moved to different a hierarchy in IOS XR When the UNI is configured on an N PE device EWS service is not suppo
312. ests created with the policy will match only the outer VLAN tag of the incoming frames OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter3 Creating a FlexUNI EVC Ethernet Policy WE Setting the FlexUNI Attributes Step 2 Step 3 Checking the Both Tags attribute causes the Inner VLAN Ranges attribute covered in the next steps to appear in the FlexUNI Attribute window Check the Inner VLAN Ranges check box to enable the range of inner VLAN tags to be specified during service request creation If the check box is unchecked the range of inner VLAN tags are not allowed In this case the operator must specify discrete VLAN IDs during service request creation Continue with the steps contained in the next section Setting the VLAN Rewrite Criteria Attributes page 3 14 Setting the VLAN Rewrite Criteria Attributes Step 1 Step 2 Step 3 Together with VLAN matching criteria VLAN rewrite makes the FlexUNI EVC infrastructure very powerful and flexible The following VLAN rewrite options are supported e Pop one or two tags e Push one or two tags e Translation 1 1 2 1 1 2 2 2 Be aware of the following considerations when setting the VLAN rewrite criteria attributes e Only one kind of rewrite can be done on every CE facing FlexUNI link e All VLAN rewrites are done using the symmetric keyword on the ingress traffic for example rewrite ingress tag pop 2 symmetric
313. etected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d Inthe Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 9 22 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes 0 1440 Violation Action PROTECT f a Secure MAC Addresses 5 a Check the Enable Storm Control check box see Figure 9 22 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a OL 21636 01 Chapter 9 Creating a VPLS Policy Step 23 Step 24 Defining an Ethernet ERMS EVP LAN Policy withoutaCE W Figure 9 23 E
314. etwork For IOS XR capable devices the pseudowire class is a separately defined object in the ISC repository which can be attached to an L2VPN service policy or service request The pseudowire class feature is only available for use in L2VPN ERS EWS and ATM policies and service requests This section describes how to create and modify pseudowire classes For information on how the pseudowire class is associated to a L2VPN policy and used within a service request see Chapter 7 Creating an L2VPN Policy and Chapter 8 Managing an L2VPN Service Request Creating a Pseudowire Class To create a pseudowire class perform the following steps Step1 Navigate to Service Inventory gt Inventory and Connection Manager Step2 Click the PseudoWireClass icon The Pseudowire Classes window appears Step3 Click the Create button The Create PseudowireClass window appears as shown in Figure 2 1 Figure 2 1 Create PseudoWireClass Window Create PseudoWireClass Name Description Encapsulation DEFAULT TransportMode NONE Tunnel Id Select TE Tunnel 0 65535 Disable Fallback I Save Cancel 211704 Note Required Field Step 4 In the Name field enter a valid PseudoWireClass name The pseudowire class name is used for provisioning pw class commands on the XR device The name should not exceed 32 characters and should not contain spaces Cisco IP Solution Center L2VPN and Carrier Eth
315. exUNI This link is identical to an attachment circuit in existing ISC implementations This has a standard UNI as in existing ISC services NPCs are used while creating such links A Note on Checking of Configurations ISC attempts to provision all configurations generated by a FlexUNI EVC service request ISC does not perform any prior checks to verify if the CLIs are compatible with the specific devices being provisioned This is to ensure flexibility of support for device platform features which could change over time Hence it is important for the service designer or operator to carefully create the FlexUNI EVC policies and service requests Defining the FlexUNI EVC Ethernet Policy Step 1 Step 2 Step 3 You must define a FlexUNI EVC Ethernet policy before you can provision a service A policy can be shared by one or more service requests that have similar service requirements A policy is a template of most of the parameters needed to define a FlexUNI EVC service request After you define it a FlexUNI EVC policy can be used by all the FlexUNI EVC service requests that share a common set of characteristics You create a new FlexUNI EVC policy whenever you create a new type of service or a service with different parameters FlexUNI EVC policy creation is normally performed by experienced network engineers An Editable check box in for an attribute in the policy gives the network operator the option of making a field editable If the v
316. f this L2VPN policy This ownership has relevance when the ISC Role Based Access Control RBAC comes into play For example an L2VPN policy that is customer owned can only be seen by operators who are allowed to work on this customer owned policy Similarly operators who are allowed to work on a provider s network can view use and deploy a particular provider owned policy Click Select to choose the owner of the L2 VPN If you choose Global ownership the Select function is not available The Select Customer window or the Select Provider window appears and you can choose an owner of the policy and click Select Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter7 Creating an L2VPN Policy Defining an Ethernet ERS EVPL Policy witha CE W Step8 Choose the Service Type of the L2VPN policy There are four service types for L2VPN policies e L2VPN ERS EVPL e L2VPN EWS EPL e Frame Relay e ATM Subsequent sections of this chapter cover setting up the policies for each of these services Step9 Check the CE Present check box if you want ISC to ask the service operator who uses this L2VPN policy to provide a CE router and interface during service activation The default is CE present in the service If you do not check the CE Present check box ISC asks the service operator during service activation only for the U PE or the N PE router and customer facing interface Step 10 Cl
317. fault e abort to have ISC stop the L2VPN or VPLS service request provisioning with the error message trunk allowed vlan list is absent on ERS UNI e nochange to have ISC allow all VLANs Step6 Click Set Property Service Deployment After you create a service request and save it in the ISC repository you can deploy or force deploy it Perform the following steps Step1 Choose Service Inventory gt Inventory and Connection Manager gt Service Requests The Service Requests window appears Step2 Choose a service request Step3 Click Deploy and choose Deploy or Force Deploy Use Deploy when the service request state is Requested or Invalid Use Force Deploy when the service request state is Deployed Failed Deployed or Failed Audit The Deploy Service Requests window appears See Figure 11 2 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Pai g OL 21636 01 Chapter 11 Deploying Monitoring and Auditing Service Requests Deploying Service Requests W Figure 11 2 Schedule Service Activation Deploy Service Requests Task Name Task Created 2006 08 21 11 57 47 233 Task Type Deployment Created on Mon Aug 21 11 57 47 PDT Task Description 2006 A Single run Now Once Periodic Run Minute Hourly Daily weekly C Monthly Periodic Run Attributes on Interval Run Limits Start Date and Time End Date and Time Default is unlimited Date Month Day Year
318. for L2VPN point to point ERS EVPL e In this case the 1 1 VLAN translation occurs on the U PE a 3750 It is provisioned on the NNI uplink port e The customer VLAN 123 is translated to the provider VLAN 778 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 AT AppendixA Sample Configlets HERS EVPL 2 1 VLAN Translation ERS EVPL 2 1 VLAN Translation Configuration Configlets Comments e Service L2VPN Metro Ethernet e Feature ERS EVPL with VLAN 2 1 translation Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF Sup720 3BXL Interface s FA8 34 The U PE is a Cisco 3750ME with IOS 12 2 25 EY1 VLAN translation on the NNI port uplink Interface s FA1 0 5 GI1 1 1 L2VPN point to point U PE N PE vlan 567 vlan 779 exit exit I interface FastEthernet1 0 5 no cdp enable no keepalive no ip address switchport switchport access vlan 567 switchport mode dotiq tunnel switchport trunk allowed vlan none switchport nonegotiate spanning tree bpdufilter enable mac access group ISC FastEthernet1 0 5 in I interface GigabitEthernet1 1 1 no ip address switchport trunk allowed vlan 1 123 567 switchport vlan mapping dot1lq tunnel 567 234 779 mac access list extended ISC FastEthernet1 0 5 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any
319. form and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 9216 However ISC uses 9216 in both cases e For the 7600 SVI interface VLAN the MTU size is 1500 9216 Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the UNI Port Security check box see Figure 9 12 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security
320. formation on modifying a FlexUNI EVC service request see the section Modifying the FlexUNI EVC Service Request page 6 23 For additional information about saving a FlexUNI EVC service request see Saving the FlexUNI EVC Service Request page 6 24 Setting Links with L2 Access Nodes The Links with L2 Access Nodes section of the FlexUNI EVC Service Request Editor window allows you to set up links with L2 Ethernet access nodes These are similar to direct connect links except that they have L2 Ethernet access nodes beyond the N PE towards the CE Therefore NPCs are involved Note Step 1 Step 2 ATM links are not supported in L2 access nodes ATM links must be set up as direct connect links For more information see Setting the ATM Link Attributes page 6 18 The steps for setting up links with L2 access nodes are similar to those covered in the section Setting Direct Connect Links page 6 8 See that section for detailed steps on the following common operations e Adding and deleting links e Selecting the N PE e Choosing the UNI interface e Setting the link as a FlexUNI link e Editing the standard and FlexUNI link attributes The main difference in setting up links with L2 access does is specifying the NPC details Perform the following steps to set the NPC details for links with L2 access nodes The first step in the process of adding a link using NPCs is selecting the U PE PE AGG device rather than the N PE If on
321. g a FlexUNI EVC Ethernet Service Request Enabling Template Association Step 1 Step 2 Step 3 The ISC template feature gives you a means to download free format CLIs to a device If you enable templates you can create templates and data files to download commands that are not currently supported by ISC To enable template association for the policy click the Next button in EVC Policy Editor Interface Attribute window before clicking Finish The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window To save the FlexUNI EVC policy click Finish To create a service request based on a FlexUNI EVC policy see Chapter 4 Managing a FlexUNI EVC Ethernet Service Request I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter3 Creating a FlexUNI EVC Ethernet Policy W Enabling Template Association Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 324 ff OL 21636 01 CHAPTER i Managing a FlexUNI EVC Ethernet Serv
322. g frames are 802 1q encapsulated and that they match the VLAN ID configured for the link This specific topology does not involve a trunk UNI as such e DOTIQTUNNEL Configures the UNI as an 802 1q tunnel also known as a dotlq tunnel or Q in Q port e ACCESS Configures the UNI as an access port Step2 Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Step3 Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter3 Creating a FlexUNI EVC Ethernet Policy HZ Setting the Interface Attributes Step 4 Step 5 Step 6 Step7 Step 8 Step 9 Step 10 Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable in order to support modification on a per service request basis Enter a Link Speed optional of None 10 100 1000 Auto o
323. g links devices in a service request that has associated templates When a device is changed in a service request the negate template is deployed for the old device and the template is deployed for the new device When a link in a service request is removed and a new link is added a negate template is deployed for the deleted link and a template is deployed for the added link Using Templates and Data Files with Service Requests This section describes tasks related to templates data files and negate templates that can be performed in the service request workflow The following tasks are covered Choosing a Template in the Service Request Workflow page B 14 Creating a Data File in the Service Request Workflow page B 16 Decommissioning Service Requests with Added Templates page B 18 Viewing Templates from the Service Requests Window page B 18 Choosing a Template in the Service Request Workflow When creating a service request the workflow involves selecting a policy on which to base the service request setting interface and other attributes and so on The specific windows and attributes presented in the workflow depend on the type of service request such as L2VPN VPLS MPLS or FlexUNI EVC To associate templates and data files in a service request you must select a link in the appropriate window of the Service Request Editor window usually by clicking the Add link for the device Cisco IP Solution Center L2VPN and Carrier
324. g traffic falls below the threshold level Figure 3 6 Enable Storm Control Enable Storm Control v UHI Storm Control Unicast Traffic 0 0 100 0 Iv Broadcast Traffic 0 0 100 0 Vv Multicast Traffic 0 0 100 0 4 Vv 211669 Step12 Check the Protocol Tunnelling check box see Figure 3 7 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 3 7 Protocol Tunnelling Protocol Tunnelling IV v Enable cdp IV v cdp shutdown threshold 0 4096 Iv cdp drop threshold 0 4096 M Enable vtp Iv Iv vtp shutdown threshold 0 4096 Iv vtp drop threshold o 4096 4 Vv Enable stp Iv Iv stp shutdown threshold 0 4096 v stp drop threshold 0 4096 v 2 Recovery Interval in seconds 30 86400 IV For each protocol that you choose enter the shutdown threshold and drop threshold for that protocol a Enable cdp Enable Layer 2 tunnelling on Cisco Discover Protocol CDP b cdp shutdown threshold Enter the number of packets per second to be received before the interface is shut down Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 319 Chapter3 Creating a FlexUNI EVC Ethernet Policy HZ Setting the Interface Attributes cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets Enable vtp
325. gs transparently as payload e This VLAN ID is not derived from ISC managed VLAN ID pools Step5 Check the Translate Outer check box to allow the operator to specify a target outer VLAN ID during service request creation The outer tag of all the incoming frames that fulfill the match criteria are translated to this ID If the check box is unchecked no outer tag translation is performed See Table 3 1 Step6 Check the Translate Inner check box to allow the operator to specify a target inner VLAN ID during service request creation The inner tag of all the incoming frames that fulfill the match criteria are translated to this ID If the check box is unchecked no inner tag translation is performed See Table 3 1 Note Table 3 1 summarizes the realization of different VLAN translations available in the FlexUNI EVC infrastructure The second and third columns Match Outer Tag and Match Inner Tag refer to policy settings The last two columns Translate Outer Tag and Translate Inner Tag indicate the VLAN translation that occurs on the incoming frames Table 3 1 VLAN Translation Summary Table Type Match OuterTag Match Inner Tag Translate Outer Tag Translate Inner Tag 1 1 True N A Yes No 1 2 True N A Yes Yes 2 1 True True Yes No 2 2 True True Yes Yes Step7 Click Next Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 PEN Chapter3 Creating a FlexUNI EVC Ethernet
326. h ISC and the L2VPN component see the subsequent chapters of this guide to create and provision L2VPN or VPLS services Installing ISC and Configuring the Network Before you can use the L2VPN module in ISC to provision L2VPN or VPLS services you must first install ISC and do the basic network configuration required to support ISC Details on these steps are provided in the Cisco IP Solution Center Installation Guide 6 0 See that guide for information about ISC installation and general network configuration requirements Note To use the L2VPN component within ISC you must purchase and activate the L2VPN license I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter1 Getting Started WE Configuring the Network to Support Layer 2 Services Configuring the Network to Support Layer 2 Services In addition to basic network configuration required for ISC you must perform the following network configuration steps to support Layer 2 services Information on doing these steps is not provided in the ISC documentation See the documentation for your devices for information on how to perform these steps 1 Enable MPLS on the core facing interfaces of the N PE devices attached to the provider core 2 Set up 32 loopback addresses on N PE devices These loopback addresses should be the termination of the LDP connection s 3 Set all Layer 2 devices switches to VTP transparent mode This
327. h Inner Tag Translate Outer Tag Translate Inner Tag 1 1 True N A Yes No 1 2 True N A Yes Yes 2 1 True True Yes No 2 2 True True Yes Yes Step7 Click Next The EVC Policy Editor Interface Attribute window appears as shown in Figure 5 4 Step8 Continue with the steps contained in the next section Setting the Interface Attributes page 5 12 Setting the Interface Attributes This step of creating the FlexUNI EVC ATM Ethernet Interworking policy involves setting the interface attributes as shown in the EVC Policy Editor Interface Attribute window in Figure 5 5 The attributes you can configure in this window are grouped under the following categories e N PE U PE information e Speed and duplex information e ACL name and MAC addresses e UNI port security e Storm control e 2 protocol tunneling In some cases checking an attribute causes additional attributes to appear in the GUI This is covered in the steps that follow amp Note Ifthe CE is directly connected to an N PE only speed duplex UNI shutdown and other generic options are presented In this case port security storm control L2 protocol tunneling and other advanced features are not supported due to the current platform limitations If these features are needed for a service the service provider must deploy Layer 2 Ethernet access nodes beyond the FlexUNI to support these requirements Cisco IP Solution Center L2VPN and Carrier Ethe
328. ha CE W Defining an ATM Policy with a CE This section describes how to define an ATM policy with CE present Figure 7 24 is an example of the first page of this policy Figure 7 24 ATM Policy with a CE L2VPN Point To Point Policy Editor Attribute Value Policy Hame AtmCe Customer Policy Owner Provider oe e Global Policy L2VPN ERS L2VPN EWS Service Type Frame Relay cee ATM xI CE Present Note Required Field Step1of2 Em e Perform the following steps Step 1 Click Next The window in Figure 7 25 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation Figure 7 25 ATM with CE Policy Attributes L2VPN Point To Point Policy Editor Attribute Value Editable PE Information Transport Mode VP Vv CE Information Interface Type any gt Interface Format UNI Shutdown Vv Use PseudoWVireClass B Vv L2VPN Group Name E Line Name ss PW Tunnel Selection Vv Note Required Field Step 2 of 3 211694 ron I om Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 733 Chapter7 Creating an L2VPN Policy HZ Defining an ATM Policy with a CE Step 2 Step 3 Step 4 Step 5 amp Choose the Transport Mode from
329. han one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Step 17 Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This attribute is unchecked by default Usage notes e The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices e If Use PseudoWireClass is checked an additional attribute Pseudo WireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC e The Use PseudoWireClass attribute is only available if the MPLS core connectivity type was set as PSEUDOWIRE in the Service Options window see Setting the Service Options page 5 4 e Use PseudoWireClass is only applicable for IOS XR devices Step18 For L2VPN Group Name choose one of the following from the drop down list e ISC e VPNSC Usage notes e This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a
330. he UNI belongs to a directly connected and FlexUNI link this setting signifies that the incoming frames are 802 1q encapsulated and that they match the VLAN ID configured for the link This specific topology does not involve a trunk UNI as such e DOTIQTUNNEL Configures the UNI as an 802 1q tunnel also known as a dotlq tunnel or Q in Q port e ACCESS Configures the UNI as an access port Step2 Check the Standard UNI Port check box to enable port security Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 513 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy HZ Setting the Interface Attributes This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Note Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 When the UNI is configured on an N PE device running IOS XR the Standard UNI Port attribute is not supported All the CLIs related to Standard UNI Port and UNI Port Security are ignored in this case Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this
331. he service provider can integrate an existing Frame Relay environment with the packet backbone to improve operational efficiency and to implement the high speed packet interfaces to scale the Frame Relay implementations Transporting Frame Relay frames across MPLS networks provides a number of benefits including e Frame Relay extended service e Aggregation to a higher speed backbone such as OC 192 to scale Frame Relay implementations e Improved operational efficiency the MPLS backbone becomes the single network that integrates the various existing networks and services Topology for FRoMPLS Only the single PE scenario is supported See Figure E 8 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixE ISC Layer 2 VPN Concepts WE VPLS Service Provisioning Figure E 8 Frame Relay over MPLS Sa CG oO ise ise i VPLS Service Provisioning VPLS services are multipoint They provide multipoint connectivity over an MPLS or an Ethernet core These implementations in turn support service types as follows e VPLS over MPLS core Ethernet Wire Service EWS This is also sometimes referred to as EMS or Ethernet Multipoint Service The MEF term for this service is EP LAN Ethernet Relay Service ERS This is also sometimes referred to ERMS or Ethernet Relay Multipoint Service The MEF term for this service is EVP LAN e VPLS over Ethernet core Et
332. hernet TenGigabitEthernet TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during L2VPN service request creation Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 7 Creating an L2VPN Policy Defining an Ethernet ERS EVPL Policy withoutaCE W Note Step 4 Step 5 The Standard UNI Port attribute will be unavailable within service requests based on this policy if the UNI is on an N PE device running IOS XR Enter an Interface Format as the slot number port number for the PE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose an Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Note Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 If the Interface Type is ANY ISC will not ask for an Encapsulation type in
333. hernet Interworking Pseudowire Core Connectivity Multipoint Circuit FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with pseudowire core connectivity with an end to end circuit with multiple links One link is terminating on an ATM interface on N PE 1 and the other non flex link terminates on an Ethernet interface on N PE 2 e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM4 1 0 8790 The N PE 2 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet4 0 17 600 Configlets N PE 1 ATM N PE 2 Ethernet interface ATM4 1 0 8790 point to point interface GigabitEthernet4 0 17 600 pve 150 3454 12transport encapsulation dot1Q 600 encapsulation aal5snap xconnect 192 169 105 20 760 pw class xconnect 192 169 105 10 760 pw class ISC pw tunnel 1 ISC pw tunnel 1 Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g A53 AppendixA Sample Configlets WE FiexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with local core connecti
334. hernet Wire Service EWS The MEF term for this service is EP LAN Ethernet Relay Service ERS The MEF term for this service is EVP LAN Instructions on creating policies and service requests for these services are provided in other chapters of the guide VPLS is a multipoint Layer 2 VPN that connects two or more customer devices using EoMPLS bridging techniques VPLS EoMPLS is an MPLS based provider core that is the PE routers have to cooperate to forward customer Ethernet traffic for a given VPLS instance in the core A VPLS essentially emulates an Ethernet switch from a user s perspective All connections are peers within the VPLS and have direct communications The architecture is actually that of a distributed switch Multiple attachment circuits have to be joined together by the provider core The provider core has to simulate a virtual bridge that connects these multiple attachment circuits together To achieve this all PE routers participating in a VPLS instance form emulated VCs among them A Virtual Forwarding Instance VFI is created on the PE router for each VPLS instance PE routers make packet forwarding decisions by looking up the VFI of a particular VPLS instance The VFI acts like a virtual bridge for a given VPLS instance More than one attachment circuit belonging to a given Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Eu OL 21636 01 AppendixE ISC Layer 2 VPN Concepts VPLS Service P
335. ibrary DCPL parameter actionTakenOnUNIVlanList before you deploy an L2VPN or VPLS service request This will be necessary if the trunk allowed vlan list is not present on the User Network Interface UNI To make this change perform the following steps Choose Administration gt Control Center Choose the host that you want to change Click Config Choose Provisioning gt Service gt shared gt actionTakenOnUNIVlanList The window shown in Figure 11 1 appears OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter11 Deploying Monitoring and Auditing Service Requests HI Deploying Service Requests Figure 11 1 Change DCPL Parameter You Are Here Administration Control Center gt Hosts Host Configuration Version Aug 29 04 56 06 CDT z acu a E Logging 1 Provisioning E Engine Enom ProvDrv BJ Service E Firewall rsec Attribute Provisioning Service shared actionTakenOnUNHIVianList Version Aug 29 04 56 06 CDT IPSEC_RA Gat Current Val Urre alue prune Geos Gate Hew Value prune vpn prune E logLevel apart Set Property Reset Property nochange Description action taken when switchport allowed vlan cmd is absent for ERS service Empis AJ shared E FeatureQuery _ ME actionTakenOnUNIVianList 104225 Step5 Choose one of the following e prune to have ISC create the minimum VLAN list This is the de
336. ibutes of the latest service request In addition the state of the existing service requests is changed to the Requested state I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request D Note ISC only displays the available interfaces for the service based on the configuration of the underlying interfaces existing service requests that might be using the interface and the customer associated with the service request You can click the Details button to display a pop up window with information on the available interfaces such as interface name customer name VPN name and service request ID service request type VLAN translation type and VLAN ID information Step9 Ifthe PE role type is U PE click Select one circuit in the Circuit Selection column The NPC window appears See Figure 8 19 Figure 8 19 Select NPC Showing 1 2 of 2 records Select Hame ile C 5 sw2 lt pel Ethernet41 4 C 6 sw2 lt pel Ethernet4 2 Rows per page 10 I lt lt q Soto page 1 of1 DDI OK Cancel If only one NPC exists for the Chosen PE and PE interface that NPC is auto populated in the Circuit Selection column and you need not choose it explicitly 138387 Note If the PE role type is N PE the columns Circuit Selection and Circuit Details are disabled Step 10 Choose the name of the
337. ice Request This chapter provides information on how to provision a FlexUNI EVC Ethernet service request It contains the following sections e Introducing FlexUNI EVC Service Requests page 4 1 e Creating a FlexUNI EVC Service Request page 4 2 e Setting the Service Request Details page 4 2 e Modifying the FlexUNI EVC Service Request page 4 21 e Using Templates and Data Files with a FlexUNI EVC Ethernet Service Request page 4 22 e Saving the FlexUNI EVC Service Request page 4 23 Introducing FlexUNI EVC Service Requests A FlexUNI EVC Ethernet service request allows you to configure interfaces on an N PE to support the FlexUNI EVC features described in Chapter 3 Creating a FlexUNI EVC Ethernet Policy To create a FlexUNI EVC service request a FlexUNI EVC service policy must already be defined as described in Chapter 3 Creating a FlexUNI EVC Ethernet Policy Based on the predefined FlexUNI EVC policy an operator creates a FlexUNI EVC service request with or without modifications to the policy and deploys the service One or more templates can also be associated to the N PE as part of the service request Creating a FlexUNI EVC Ethernet service request involves the following steps e Choose an existing FlexUNI EVC Ethernet policy e Choose a VPN amp Note When working with VPN objects in the context of FlexUNI EVC Ethernet policies and service requests only the VPN name and customer attributes are relevant Other V
338. ice requests within the Ethernet access domain demarcated by the FlexUNI Likewise if a manually specified VLAN is already in use in the access domain delimited by the FlexUNI ISC will display an error message indicating that the new VLAN ID being specified is already in use on the NPC The operator will be prompted to specify a different VLAN ID which will be provisioned on the L2 access nodes OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy WE Setting the FlexUNI Attributes Step6 Continue with the steps contained in the next section Setting the VLAN Matching Criteria Attributes page 5 10 Setting the VLAN Matching Criteria Attributes Prior to the introduction of the FlexUNI capability service providers could either deploy service multiplexed services ERS ERMS or EVPL EVCS or service bundled services on a single port Both could not be supported simultaneously due to the limitations in the infrastructure which only allowed matching the outer most VLAN tag One of the key benefits of FlexUNI EVC support in ISC is to provide a flexible means to examine the VLAN tags up to two levels of the incoming frames and associate them to appropriate Ethernet Flow Points EFPs This allows service providers to deploy simultaneously both the service multiplexed and service bundled services on a single port To set the FlexUNI VLAN ma
339. ick Next The next sections contain examples of setting policies for the service types with and without a CE present Defining an Ethernet ERS EVPL Policy with a CE This section describes defining an Ethernet ERS EVPL policy with CE present Figure 7 2 is an example of the first page of this policy Figure 7 2 Ethernet ERS EVPL Policy with a CE L2VPN Point To Point Policy Editor Attribute Value Policy Hame l vpnErsCe Customer Policy Owner Provider Global Policy L2VPNERS C L2VPN EWS Service Type C Frame Relay ATM CE Present Vv Note Required Field Step 1 of 2 l Em e ___ 138471 Perform the following steps Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 EN Chapter7 Creating an L2VPN Policy HZ Defining an Ethernet ERS EVPL Policy with a CE Step 1 Click Next The window in Figure 7 3 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation Figure 7 3 L2VPN Point To Point Policy Editor Attribute PE Information Standard UNI Port CE Information Interface Type Interface Format UNI Shutdown Keep Alive Interface Type for UNI Display ANY UNI VLAN and Other Information VLAN ID AutoPick VC ID AutoPick VLAN Name Use Pseudo
340. ick here link of the Description attribute to enter a description label for the service request A dialogue appears in which you can enter a description Step 11 To set up direct connect links see the section Setting Direct Connect Links page 4 10 Step12 To set up links with L2 access nodes see the section Setting Links with L2 Access Nodes page 4 20 Local Core Connectivity If the MPLS Core Connectivity Type for the FlexUNI EVC Ethernet policy is LOCAL the EVC Service Request Editor window shown Figure 4 3 appears Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 nE Chapter4 Managing a FlexUNI EVC Ethernet Service Request HI Setting the Service Request Details Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Figure 4 3 EVC Service Request Details Window for Local Core Connectivity FlexUNI EVC Service Request Editor 204860 Perform the following steps to set the attributes in the first section of the Service Request Details window The Job ID and SR ID fields are read only When the service request is being created for the first time the fields display a value of NEW When an existing service request is being modified the values of the fields indicate the respective IDs that the ISC database holds within the editing flow of the service request The Policy field is read only It displays the name of the policy on which the service request is based
341. ier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets Configlets ERS EWS EPL Hybrid W U PE N PE system mtu 1522 vlan 775 exit vlan 775 exit interface FastEthernet8 17 interface FastEthernet1 17 switchport trunk allowed vlan switchport trunk allowed vlan 1 451 653 659 766 768 772 773 775 878 1 451 653 659 766 768 772 773 775 878 interface Vlan775 interface FastEthernet1 10 switchport trunk allowed vlan no ip address description L2VPN EWS xconnect 99 99 8 99 89029 encapsulation 1 451 653 659 766 768 772 773 775 878 mpls no shutdown Comments e This is the ERS EVPL side NNI e The N PE is a 7600 with an OSM or a SIP 600 module Provisioning is the same as the ERS EVPL e The U PE is really a PE AGG It connects to the wholesale customer as an NNI Both ports are regular NNI ports Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I oL 21636 01 B21 AppendixA Sample Configlets HE EWS EPL Pseudowire Class E Line L2VPN Group Name IOS XR Device EWS EPL Pseudowire Class E Line L2VPN Group Name IOS XR Device Configuration e Service L2VPN Metro Ethernet e Feature EWS EPL e Device configuration The N PE is a CRS 1 with IOS XR 3 6 1 or later UNI on U PE Configlets U PE N PE l system mtu 1522 interface GigabitEthernet0 3 1 1 700 12transport vlan 700 dotiq vlan 700 exit l i
342. iguration for FlexUNI EVC service requests Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 516 E OL 21636 01 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Setting the Interface Attributes W Table 5 2 Use Cases for Hybrid Configuration for FlexUNI EVC Service Requests N PE Use Bridge Pseudowire Domain FlexUNI on SVI CLIs Generated True True True e xconnect under VLAN interface e Service instance under main interface True True False e xconnect under service instance e Service instance under main interface False True N A e xconnect under service instance e Service instance under main interface True False True xconnect under VLAN interface True False False xconnect under subinterface False False False xconnect under subinterface Step14 Specify the type of VLAN Translation for this policy by clicking the appropriate radio button The choices are e No No VLAN translation is performed This is the default e 1 1 1 1 VLAN translation e 2 1 2 1 VLAN translation amp Note For detailed coverage of setting up VLAN translation see Appendix C Setting Up VLAN Translation amp Note VLAN translation is only supported on links that are specified as non FlexUNI at the service request level Step15 Enter the MTU Size in bytes The maximum transmission unit MTU size is configurable and optional The default size is
343. iles Figure 8 33 Add Remove Templates Showing 0 of 0 records Data File Action Active I lt q Goto page f1 of 1 Ga D Dl Rows per page 10 v 138401 Step8 Click Add I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter8 Managing an L2VPN Service Request W Modifying the L2VPN Service Request The Template Data File Chooser window appears See Figure 8 34 Figure 8 34 Template Datafile Chooser Template DataFile Chooser I DIA Channelization Template AccessList1 I examples i B AccessList Show Data Files matching Show 3 sList1 ccc CCC CCC OMOMMMMMMMMMMMMMMMNMMN j a rye ors Showing 1 2 of 2 records uf fan EG cos cigs teserintion Vv Protocol TCP View 2 r Protocol IP View aa 10 F 14 d Coto page 1 of 1 Pages Ga D DI Accept Cancel g T oO ia 4 Step9 In the left pane navigate to and select a template The associated data files are listed in rows in the main window as shown in Figure 8 34 Step 10 Check the data file that you want to add and click Accept The Add Remove Templates window appears with the template displayed See Figure 8 35 Figure 8 35 Add Remove Templates with Templates Shown Showing 1 1 of 1 record y Template Data File Action Active ad 1 7 sExamples AccessList1 Protocol IP APPEND M eee I dcotopage t oof 1 DDI 138403 Step 11 Choose a Template name Step 12 Under Action use
344. in e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GI2 0 0 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Port security is enabled Interface s FA1 14 FA3 23 U PE N PE vlan 772 vlan 100 exit interface GigabitEtherne2 0 0 no shut interface FastEthernet3 23 service instance 10 ethernet switchport trunk allowed vlan 500 772 l interface FastEthernet1 14 no cdp enable no keepalive no ip address switchport trunk allowed vlan 500 772 spanning tree bpdufilter enable mac access group ISC FastEthernet3 23 in mac access list extended Isc FastEthernet1 14 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0o deny any host 0180 c200 0000 permit any any encapsulation dotlq 500 rewrite ingress tag push dotlq 23 second dotiq 41 symmetric bridge domain 100 split horizon Interface Vlani00 no shut xconnect 192 169 105 20 101 encapsulation mpls e UNI on U PE e Single match tag is performed e The rewrite operation push pushes two tags Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC Pseudowire Core Connectivity UNI and Pseudowire Tunneling FlexUNI EVC Pseudowire Core Connectivity UNI and Pseudowire Tunneling Configuration e Service FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with pseudowir
345. indow The behavior is similar for the other attributes in the FlexUNI Details window Check the AutoPick Service Instance ID check box to specify that the service instance ID will be autogenerated and allocated to the link during service request creation If the check box is unchecked you must specify the service instance ID see the next step Usage notes e The service instance ID represents an Ethernet Flow Point EFP on an interface in the EVC infrastructure The service instance ID is locally significant to the interface This ID has to be unique only at the interface level The ID must be a value from 1 to 8000 e There are no resource pools available in ISC from which to allocate the service instance IDs e In the case of a manually provided service instance ID it is the responsibility of the operator to maintain the uniqueness of the ID at the interface level e This attribute is not displayed for IOS XR devices If the AutoPick Service Instance ID check box is not checked enter an appropriate value for the service instance ID in the Service Instance ID field Check the AutoPick Service Instance Name check box to specify that the service instance name will be autogenerated If the check box is unchecked you can specify the service instance name see the next step Usage notes e If the check box is checked the Service Instance Name text field is disabled e The service instance name is autogenerated in the following pa
346. ing an Ethernet EMS EP LAN Policy withoutaCE W e For the 3750 and 3550 platforms the MTU range is 1500 1546 e For the 7600 ethernet port the MTU size is always 9216 Even with the same platform and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 9216 However ISC uses 9216 in both cases e For the 7600 SVI interface VLAN the MTU size is 1500 9216 Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the UNI Port Security check box see Figure 9 35 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses al
347. ing repository 2005 09 15 15 02 11 INFO Provisioning ProvDry Open repository succeeded 2005 09 15 15 02 11 INFO Provisioning ProvDry Creating ProvDrvSR for Job 18SR 18 2005 09 15 15 02 11 INFO Provisioning ProvDry Fitter to getLogicalDevices 0 2005 09 15 15 02 11 INFO GSAM getServiceElements ACTION gt AUDIT 2005 09 15 15 02 11 INFO Provisioning ProvDrv Number of logicalDevices got 3 2005 09 15 15 02 12 INFO Provisioning ProvDry Processing logical device 3 with physical id 3 2005 09 15 15 02 12 INFO Provisioning ProvDry Service blade for this device com cisco vpnsc prov i2vpn L2VPNServiceBlade 2005 09 15 15 02 12 INFO Provisioning ProvDry Create blade the first time com cisco vpnsc prov l2vpn L2VPNServiceBlade 2005 09 15 15 02 12INFO Provisioning Service 2vpn created service blade 2005 09 15 15 02 12INFO Provisioning Service 2vpn_ returning XML_JDOM as preference 2005 09 15 15 02 12INFO Provisioning ProvDry Filter to generateXML 0 xi Return to Logs 138533 Choose the log level from the drop down list and click Filter The log levels are All Severe Warning Info Config Fine Finer and Finest Click Return to Logs Click Close in the Task Logs window Auditing Service Requests Each time a service request is deployed in the Cisco IP Solution Center ISC a configuration audit occurs You can view the results of these in configuration audit reports Use configuration audits and reports to verify
348. ing service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Step 17 Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This attribute is unchecked by default Usage notes e The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices e If Use PseudoWireClass is checked an additional attribute Pseudo WireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC e The Use PseudoWireClass attribute is only available if the MPLS core connectivity type was set as PSEUDOWIRE in the Service Options window see Setting the Service Options page 3 8 e Use PseudoWireClass is only applicable for IOS XR devices Step18 For L2VPN Group Name choose one of the following from the drop down list e ISC e VPNSC Usage notes e This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14
349. ing steps Step1 Check the AutoPick Service Instance ID check box to specify that the service instance ID will be autogenerated and allocated to the link during service request creation If the check box is unchecked while setting the ISC link attributes during service request creation ISC will prompt the operator to specify the service instance ID Usage notes e The service instance ID represents an Ethernet Flow Point EFP on an interface in the EVC infrastructure The service instance ID is locally significant to the interface This ID has to be unique only at the interface level The ID must be a value from 1 to 8000 e There are no resource pools available in ISC from which to allocate the service instance IDs e Itis the responsibility of the operator creating the service request to maintain the uniqueness of the ID at the interface level Step2 Check the AutoPick Service Instance Name check box to have ISC autogenerate a service instance name when you create a service request based on the policy The autogenerated value is in the following pattern CustomerName_ServiceRequestJobID Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 lt Chapter3 Creating a FlexUNI EVC Ethernet Policy WE Setting the FlexUNI Attributes Step 3 Step 4 Step 5 If the check box is unchecked then you can enter a value during service request creation Check the Enable PseudoWire Redundancy check bo
350. inks to the N PEs in FlexUNI EVC service requests 4 9 links with L2 Access nodes in FlexUNI EVC service requests 4 20 NPCs 1 3 N PE loopback address 1 3 providers 1 2 target devices 2 1 VLAN translation C 1 VPNs 1 3 sites defining 2 4 states service requests 11 4 subtemplates associating during service provisioning B 11 switches configuring in VTP transparent mode 2 2 T templates 5 19 see also templates and data files B 1 enabling template association in FlexUNI EVC policies 3 23 using in FlexUNI EVC ATM Ethernet service requests 6 24 using in FlexUNI EVC service requests 4 22 working with templates and data files B 1 templates and data files associating subtemplates during service provisioning B 11 associating to a policy B 5 choosing in the service request workflow B 14 Index W creating a data file in the service request workflow B 16 creating data files during service request creation B 12 decommissioning service requests with added templates B 18 overview B 1 overview support in ISC policies B 4 selectively determining templates for U PE and PE AGG devices B 9 summary of template manager features B 1 templates and data files associating to a service request B 11 using negate templates to decommission template configurations B 13 using with ISC policies B 4 using with service requests B 10 B 14 viewing from the service requests window B 18 workflow B 3 terminology conventions
351. ion about saving a FlexUNI EVC service request see Saving the FlexUNI EVC Service Request page 6 24 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request W Using Templates and Data Files with a FlexUNI EVC Service Request Using Templates and Data Files with a FlexUNI EVC Service Request ISC does not support configuration of all the available CLI commands on a device being managed by the application In order to configure such commands on the devices you can use ISC Template Manager functionality Templates can be associated at the policy level on a per device role basis Templates can be overridden at service request level if the policy level setting permits the operator to do so To associate templates and data files in a service request select any link in the Service Request Editor window and click the Template button at the bottom of the window Note If the template feature has not been enabled in the associated policy then the Template button will not be available for selection The SR Template Association window appears as shown in Figure 6 8 In this window you can associate templates at a per device level Figure 6 8 Sample Templates Association Window Showing 1 2 of 2 records 8 Device Name Role Type TemplateData File 1 pet N PE Add 2 sw2 U PE Add Rows per page 1 0 wl I lt q Goto page 1 of
352. ion on how to use templates and data files is service requests see the section Using Templates and Data Files with Service Requests page B 14 in this appendix Using Templates with ISC Policies This section provides information on how to enable template support and associate templates data files with ISC policies It contains the following sections e Overview of Template Support in ISC Policies page B 4 e Associating Templates and Data Files to a Policy page B 5 Overview of Template Support in ISC Policies ISC supports associating templates data files to a service policy This minimizes steps in the provisioning workflow and also reduces potential errors that can occur if an incorrect template data file is selected during service creation In the Policy Editor workflow after the policy attributes are set a new Templates Association window appears The Enable Templates check box that appears in this window allows you to enable template association for the policy and to specify templates data files to be available for service requests based on the policy More than one template data file can be associated to the policy Each template data file can be associated to a device role The available device roles are determined by the policy type In the case of U PE and PE AGG device roles templates data files can be selectively determined based on whether the device has a UNI interface Later at the time of service Cisco IP Solution Center L2
353. ion tl dev 12404 2 Interface Name GigabitEthernet3 0 VLAN and Other Information Bridge Domain id 1 4294967295 PE UNI Interface Description Provider VLAN ID 1 4094 VLAN ID AutoPick E VLAN Name OK Cancel Note Required Field 204861 To use the Bridge Domain ID attribute enter an ID number in the Bridge Domain ID text field to enable bridge domain functionality for the VPLS service request Acceptable values are 1 to 4294967295 Usage notes e The Bridge Domain ID attribute is only available for the following service request scenarios Ethernet ERMS EVP LAN with a CE Ethernet ERMS EVP LAN without a CE Ethernet EMS EP LAN with a CE Ethernet EMS EP LAN without a CE e The Bridge Domain ID attribute is only supported for the Cisco GSR 12406 running IOS 12 0 32 SY6 and functioning in an N PE role This attribute will show up in a service request only for this platform otherwise the attribute will be filtered from the Link Attributes window of the service request e The following points apply to service requests based on this policy When an N PE GSR platform is used as a UNI device the standard UNI attributes are not displayed in the Link Attributes window of the service request workflow When a U PE non GSR platform is used as a UNI device all standard UNI attributes are displayed in the Link Attributes window of the service request workflow For VPLS EMS services a U P
354. ion to allow connectivity between two N PEs across the MPLS core This option does not limit the service to point to point E Line This is because even with the PSEUDOWIRE option selected there can still be multiple CEs connected to a bridge domain on one or both sides of the pseudowire VPLS Choose this option to allow connectivity between multiple N PEs across the MPLS core There is no limit on the number of N PEs across the MPLS core within a service request However many service requests can refer to the same customer associated VPN LOCAL Choose this option for local connect cases in which there is no connectivity required across the MPLS core Local connect supports the following scenarios All interfaces on the N PE are FlexUNI capable and using the EVC infrastructure This is configured by associating all of the customer traffic on these interfaces to a bridge domain This consumes a VLAN ID on the N PE equal to the bridge domain ID Some interfaces on the N PE are FlexUNI capable while others are switch port based In such cases all of the customer traffic on the interfaces that are configured with the EVC infrastructure are associated to a bridge domain The traffic on the non FlexUNI interfaces and all the access nodes interfaces beyond this N PE are configured with the Service Provider VLAN ID where the Service Provider VLAN ID is the same as the bridge domain ID for the EVC based services Only two interfaces
355. ions and behavior of the displayed options Proceed to the appropriate section as determined by the MPLS Core Connectivity Type for the policy e Pseudowire Core Connectivity page 4 3 e VPLS Core Connectivity page 4 5 e Local Core Connectivity page 4 7 Instructions for setting up direct connect links and links with L2 access nodes are presented in later sections Pseudowire Core Connectivity If the MPLS Core Connectivity Type for the FlexUNI EVC Ethernet policy is PPEUDOWIRE the EVC Service Request Editor window shown Figure 4 1 appears Figure 4 1 EVC Service Request Details Window for Pseudowire Core Connectivity FlexUNI EVC Service Request Editor 204858 Perform the following steps to set the attributes in the first section of the Service Request Details window OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter4 Managing a FlexUNI EVC Ethernet Service Request HZ Setting the Service Request Details D Note The Job ID and SR ID fields are read only When the service request is being created for the first time the fields display a value of NEW When an existing service request is being modified the values of the fields indicate the respective IDs that the ISC database holds within the editing flow of the service request Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 The Policy field is read only It displays
356. iption L2VPN EWS switchport mode dotiq tunnel xconnect 99 99 8 99 89029 encapsulation switchport nonegotiate mpls spanning tree portfast no shutdown spanning tree bpdufilter enable 1 interface FastEthernet1 0 23 no ip address switchport trunk allowed vlan 774 787 788 Comments e The N PE is a 7600 with a OSM or SIP 600 module Provisioning is the same as the ERS EVPL example e The U PE is a generic Metro Ethernet ME switch e No PACL provisioned by default BPDU can be tunneled if desired e The system MTU needs to set to 1522 to handle the extra 4 bytes of Q in Q frames Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Pe i OL 21636 01 AppendixA Sample Configlets EWS EPL Point to Point UNI Port Security BPDU Tunneling W EWS EPL Point to Point UNI Port Security BPDU Tunneling Configuration e Service L2VPN Metro Ethernet e Feature EWS EPL point to point with Port security BPDU tunneling e Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF Sup720 3BXL The U PE is a Cisco 3750ME with IOS 12 2 25 EY1 No port security with tunneling L2VPN point to point Q in Q UNI Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 BAT Appendix A Sample Configlets HE EWS EPL Point to Point UNI Port Security BPDU Tunneling Configlets U PE N PE system mtu 1522 l vlan 775 exit system mtu 1522 l
357. is being created for the first time the fields display a value of NEW When an existing service request is being modified the values of the fields indicate the respective IDs that the ISC database holds within the editing flow of the service request Note Step 1 Step 2 Step 3 Step 4 The Policy field is read only It displays the name of the policy on which the service request is based Clicking on the read only policy name displays a list of all the attribute values set within the policy Click Select VPN to choose a VPN for use with this service request The Select VPN window appears with the VPNs defined in the system Note The same VPN can be used by service requests with LOCAL and PPEUDOWIRE core types If a VPN for a service request is used with VPLS core type the same VPN cannot be used for service requests with LOCAL or PPEUDOWIRE core type Choose a VPN Name in the Select column Click Select The EVC Service Request Editor window appears with the VPN name displayed Check the AutoPick VC ID check box if you want ISC to choose a VC ID Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Setting the Service Request Details W If you do not check this check box you will be prompted to provide the ID in the VC ID field as covered in the next step When AutoPick VC ID is checked
358. is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a CE Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Check UNI Shutdown box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating s
359. is is available in the service request workflow in the EVC Service Request Editor window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise the service request will not be created with xconnect under SVI even if N PE Pseudo wire on SVI is enabled Usage notes e For an ATM link the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute Configure with Bridge Domain in the EVC Service Request Editor window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise the service request will not be created with xconnect under SVI even if N PE pseudo wire on SVI is enabled e ISC supports a hybrid configuration for FlexUNI EVC service requests In a hybrid configuration the forwarding commands such as xconnect for one side of an attachment circuit can be configured under a service instance and the xconnect configuration for the other side of the attachment circuit can be configured under a switch virtual interface SVI e N PE Pseudo wire on SVI is applicable for all connectivity types PSEUDOWIRE or LOCAL but a hybrid SVI configuration is possible only for pseudowire connectivity e When MPLS Core Connectivity Type is set as LOCAL connectivity type the N PE Pseudo wire on SVI attribute is always disabled in the policy and service request e For examples of these cases see configlet e
360. is the DOWN LINK port connecting to the N PE or another U PE or PE AGG If you have a single N PE and no CE no U PE and no CE you do not have to create an NPC since there is no physical link that needs to be presented If an NPC involves two or more links three or more devices for example it connects encel1 enpel and enpel2 you can construct this NPC as follows e Build the link that connects two ends mlcel and mlpe4 e Insert a device enpe12 to the link you just made e Click Insert Device to insert the device Creating NPCs Through an NPC GUI Editor Step 1 To create NPCs through the NPC GUI editor perform the following steps Choose Service Inventory gt Inventory and Connection Manager gt Named Physical Circuits The Named Physical Circuits window appears To create anew NPC you choose a CE as the beginning of the link and a N PE as the end If more than two devices are in a link you can add or insert more devices or a ring to the NPC Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 EN OL 21636 01 Chapter2 Setting Up the ISC Services amp Creating Named Physical Circuits W Note The new device or ring added is always placed after the device selected while a new device or ring inserted is placed before the device selected Each line on the Point to Point Editor represents a physical link Each physical link has five attributes e Source Device e Source Interfac
361. ivity with dual homed N PEs on both sides of the network without pseudowire redundancy Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Appendix D Terminating an Access Ring on Two N PEs Additional Network Configurations and Sample Configlets W Figure D 6 Pseudowire Connectivity Dual Homed N PEs on Both Sides of the Network with No Pseudowire Redundancy Pa ey ES 3 F aa R4 y Primary Edge gt Secondary Edge Blocked Segment Data Pseudowire Reese Control Pseudowire Primary VC ID Backup VC ID 204865 Sample configlets for the devices are provided below PE1 vlan lt S Vlan gt interface lt UNI to R1 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE3 loopback gt lt PrimaryVcId gt encapsulation mpls PE2 vlan lt S Vlan gt interface lt UNI to R3 gt switchport switchport trunk encapsulation dotliq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE4 loopback gt lt PrimaryVcId gt encapsulation mpls I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix D Terminating an Access Ring on Two N PEs W Additional Network Configurations and Sample Configlets PE3 vla
362. k Editor SRID New Job ID New Policy Hame YplsMplsErsCe vPH vpls_ers_vpn_1 Description a Showing 1 1 of 1 records gi CE Interface Circuit Selection Circuit Details Circuit ID Link Attributes 4 1 ce3 Ehem sd Detail pet Ethernet4 3 Circuit Details 5 Edit Rows per page 10 I lt q Goto page 1 of 1 G3 D Dl Add Link Delete Link Save Cancel Note Required Field a Step 14 If you want to review the details of this NPC click Circuit Details in the Circuit Details column The NPC Details window appears and lists the circuit details for this NPC Step15 The Circuit ID is created automatically based on the VLAN data for the circuit Step 16 To edit values that were set by the VPLS policy that is the values that were marked editable during the VPLS policy creation click the Edit link in the Link Attributes column for a link The Link Attributes window appears S Note For more information on setting attributes in this window see Modifying the VPLS Service Request page 10 10 amp Note For information on the Bridge Domain ID attribute which shows up in some VPLS service request scenarios see Modifying the VPLS Service Request page 10 10 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g ios Chapter 10 Managing a VPLS Service Request HI Creating a VPLS Service Request without a CE Step 17 Continue to specify additional CEs as in previous steps if desired Step 18 Click OK
363. k box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the UNI Port Security check box see Figure 9 17 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN
364. k of the device on which you want to add an ATM link The ATM Ethernet Attributes window appears as shown in Figure 6 7 Figure 6 7 ATM Ethernet Attributes Window Atm Ethernet Attribute Attribute Value N PEJU PE Information pet Interface Name ATMO 0 0 1 Transport Mode vP ATM Encapsulation AAL5SNAP x ATM VCD Sub interface 1 2147483647 ATM VPI l 0 255 UNI Shutdown E Use Existing PW Class E N PE Pseudo wire On SVI E PW Tunnel Selection a Interface Tunnel o 2147482647 AutoPick Bridge Domain VLAN ID E Cancel Note Required Field 204845 All of the fields in the ATM Ethernet Attributes window are enabled based on the policy settings Choose the Transport Mode from the drop down list The choices are e VP Virtual path mode This is the default e VC Virtual circuit mode Choose the ATM Encapsulation from the drop down list e AALSSNAP To specify the ATM virtual channel descriptor VCD subinterface number enter a value in the ATM VCD Sub Interface field The value can be from 1 to 2147483647 To specify the ATM virtual path identifier VPI enter a value in the ATM VPI field The value can be from 0 to 255 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Step 8 Step 9 Step 10 Step 11 To specify the
365. kets second on the UNI port Recovery Interval Recovery interval in seconds of the UNI port I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 13 Generating L2 and VPLS Reports W sL2 and VPLS Reports VPLS PE Service Report The VPLS PE Service report allows you to choose PEs and display their roles for example N PE U PE or PE AGG and the VPLS services that are running on them Click the VPLS PE Service Report icon to bring up the window for this report See Figure 13 6 Figure 13 6 VPLS PE Service Report Layout Tite VPLS PE Service Repot ss Chart Type Tabular x Filters PE Role Eo PE Name rs Sorting Fk PE roie if Asconaing E 138553 Filter Values e PE Role PE device role N PE U PE or PE AGG e PE Name PE device name Output Values e PE Role PE device role N PE U PE or PE AGG e PE Name PE device name e SR ID Service request identification number e SR Job ID Service request job identification number e Service Type Type of service e SR State Service request state amp Note The SR State output does not list service requests in the CLOSED state Service requests in other states are listed as determined by the filter values E Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 13 Generating L2 and VPLS Reports Creating Custom L2 and VPLS Reports W
366. ks with L2 Access Nodes page 6 22 Setting up Links to the N PE The lower two sections of the EVC Service Request Editor window allow you to set up links to the N PE For direct connect links the CE is directly connected to the N PE with no intermediate L2 access nodes For links with L2 access nodes there are intermediate devices present between the CE and NPE requiring NPCs to be created in ISC The Direct Connect Link section of the window is where you set up links that directly connect to the N PE No NPCs are involved ATM links are supported for direct connect links The Links with L2 Access Nodes section is where you set up links with L2 Ethernet access nodes NPCs are involved Note amp ATM interfaces cannot be in L2 access nodes See the appropriate section depending on which type of link you are setting up e Setting Direct Connect Links page 6 8 e Setting Links with L2 Access Nodes page 6 22 Note Many of steps for setting up the two link types are the same The basic workflow for setting up links as well as the attributes to be set are presented in the following section Setting Direct Connect Links page 6 8 Even if you are setting up links with L2 access nodes it will be helpful to refer to the information presented in that section as the section on L2 access nodes only covers the unique steps for such links Setting Direct Connect Links Step 1 Step 2 Step 3 Perform the following s
367. l supply a VC ID and this field will not be editable In the case where you supply the VC ID manually if the entered value is in the provider s range ISC validates if the entered value is available or allocated If the entered value has been already allocated ISC generates an error message saying that the entered value is not available and prompts you to re enter the value If the entered value is in the provider s range and if it is available then it is allocated and is removed from the VC ID pool If the entered value is outside the provider s range ISC displays a warning saying that no validation could be performed to verify if it is available or allocated e You can also click Add Link to add an end to end wire e You can click Delete Link to delete an end to end wire amp Note If you are attempting to decommission a service request to which a template has been added see Monitoring Service Requests page 11 10 for information on the proper way to do this e The ID number is system generated identification number for the circuit e The Circuit ID is created automatically based on the service For example for Ethernet it is based on the VLAN number for Frame Relay it is based on the DLCI for ATM it is based on the VPI VCI Step5 To edit AC attributes click the Default button The Link Attributes window appears See Figure 8 32 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636
368. le rewrite ingress tag pop 2 symmetric Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Step 1 Step 2 Step 3 Step 4 Step 5 Setting the FlexUNI Attributes W e For any service instance only one type of rewrite option pop push or translate is allowed per instance For example if pop out is enabled push inner push outer translate inner and translate outer are not available To set the FlexUNI VLAN rewrite criteria attributes perform the following steps Check the Pop Outer check box to pop the outer VLAN ID tag of the incoming frames that fulfill the match criteria If this check box is unchecked the outer tag of the incoming traffic is not popped Check the Pop Inner check box to pop the inner VLAN ID tag of the incoming frames that fulfill the match criteria If this check box is unchecked the inner tag is not popped Note that if Pop Inner is checked Pop Outer is automatically checked Check the Push Outer check box to impose an outer VLAN ID tag onto the incoming frames that fulfill the match criteria If this check box is unchecked no outer tag is imposed on the incoming frames Usage notes e If Push Outer is checked all service requests created with the policy push a dotlq outer tag on the incoming frames matching the match criteria When creating the link during service creation th
369. le Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 Q v Broadcast Traffic 0 0 100 0 vE Multicast Traffic 0 0 100 0 vV Step22 Check the Protocol Tunnelling check box see Figure 9 14 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 9 14 Protocol Tunnelling Protocol Tunnelling Iv Iv Tunnel CDP Iv IV CDP Threshold in packets seconds 0 4096 v cdp drop threshold 0 4096 m Tunnel VTP Vv Vv VTP Threshold in packets seconds 0 4096 v vtp drop threshold 0 4096 E Tunnel STP Vv Vv STP Threshold in packets seconds 0 4096 v stp drop threshold 0 4096 E Recovery Interval in seconds 30 86400 Mv For each protocol that you check enter the shutdown threshold and drop threshold for that protocol b Tunnel CDP Enable Layer 2 tunnelling on Cisco Discover Protocol CDP CDP Threshold Enter the number of packets per second to be received before the interface is shut down I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter9 Creating a VPLS Policy HI Defining an MPLS EMS EP LAN Policy without a CE Step 23 Step 24 c cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets d Tunnel VTP Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP e
370. lives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B EMS EP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a
371. lling are supplied by the implementation of 802 1Q in Q tag stacking technology Packets received on one UNI are transported directly to the other corresponding UNI The MEF term for this service is EPL Ethernet Relay Service ERS or EVPL An Ethernet Virtual Circuit EVC is used to logically connect endpoints but multiple EVCs could exist per single UNI Each EVC is distinguished by 802 1q VLAN tag identification The ERS network acts as if the Ethernet frames have crossed a switched network and certain control traffic is not carried between ends of the EVC ERS is analogous to Frame Relay where the CE VLAN tag plays the role of a Data Link Connection Identifier DLCI The MEF term for this service is EVPL Topology for L2VPN Ethernet Over MPLS ERS and EWS EPL and EVPL Ethernet Over MPLS EoMPLS is a tunnelling mechanism that allows the service provider to tunnel customer Layer 2 traffic though a Layer 3 MPLS network It is important to remember that EoMPLS is a point to point solution only The following figures provide a reference for how EoMPLS is utilized Ethernet Services can be distributed to the end customer in two ways I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E AppendixE ISC Layer 2 VPN Concepts E L2VPN Service Provisioning Single PE scenario The customer is directly connected to an Ethernet port on the N PE in Figure E 2 Figure E 2 Single PE scenario U_P
372. lose it and return to the Policy Editor window Click Finish Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 7 38 OL 21636 01 CHAPTER Managing an L2VPN Service Request This chapter covers the basic steps to provision an ERS EVPL EWS EPL ATM or Frame Relay L2VPN service It contains the following sections e Introducing L2VPN Service Requests page 8 1 e Creating an L2VPN Service Request page 8 2 e Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request with a CE page 8 2 e Creating an EWS EPL L2VPN Service Request with a CE page 8 8 e Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request without a CE page 8 11 e Creating an EWS EPL L2VPN Service Request without a CE page 8 16 e Modifying the L2VPN Service Request page 8 20 e Saving the L2VPN Service Request page 8 26 Introducing L2VPN Service Requests An L2VPN service request consists of one or more end to end wires connecting various sites in a point to point topology When you create a service request you enter several parameters including the specific interfaces on the CE and PE routers You can also associate Cisco IP Solution Center ISC templates and data files with a service request See Appendix B Working with Templates and Data Files for more about using templates and data files in service requests To create a service request a Service Policy must already be defined as described in Chapter
373. lowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d In the Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 9 35 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes a fo 1440 Violation Action PROTECT v Secure MAC Addresses Edit gt g Check the Enable Storm Control check box see Figure 9 36 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 9 Creating a VPLS Policy HZ Defining an Ethernet EMS EP LAN Policy without a CE Step 22 Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the
374. loy point to point connections ERS EVPL EWS EPL ATMoMPLS and FRoMPLS must have at least two CEs specified Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g e3 Chapter8 Managing an L2VPN Service Request HI Creating an L2VPN Service Request Step 3 Step 4 Step 5 Step 6 Click Select CE in the CE column The CPE for Attachment Circuit window appears See Figure 8 3 This window displays the list of currently defined CEs a From the Show CPEs with drop down list you can display CEs by Customer Name by Site or by Device Name b You can use the Find button to either search for a specific CE or to refresh the display c You can set the Rows per page to 5 10 20 30 40 or All Figure 8 3 Select CPE Device Show CPEs with Customer Name gt matching F Showing 1 3 of 3 records Device Hame Customer Hame Site Name TE ae 1 C ce3 Customer1 east Managed 2 ces Customer1 east Managed 3 C c13 Customer1 east Managed Rows per page 10 I lt d Soto page 1 of1 DI In the Select column choose a CE for the L2VPN link Click Select 138382 The Service Request Editor window appears displaying the name of the selected CE in the CE column Choose the CE interface from the drop down list See Figure 8 4 Figure 8 4 Select the CE Interface L2VPN Point To Point Service Request Editor Attachment Tunnel Editor SRID New Job ID Ne
375. lue Policy Name VolsMplsErmsNolCe Customer Policy Owner Provider Global Policy F MPLS Core Type cco Ethernet Relay Multipoint Service ERMS O Ethernet Multipoint Service EMS CE Present oO Service Type Note Required Field Step 1 of 3 ss ee 204782 Perform the following steps Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 37 Chapter 9 Creating a VPLS Policy E Defining an MPLS ERMS EVP LAN Policy without a CE Step 1 Click Next The window in Figure 9 7 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Figure 9 7 VPLS Policy Editor MPLS ERMS EVP LAN without a CE Policy Attributes Attribute Value Editable H PEJU PE Information Interface Type ANY pe Standard UNI Port Vv IV Interface Format fs UNI Shutdown r M Keep Alive E Iv Interface Type for UHI Display ANY Vv UNI Vv UNI MAC Addresses Edit Vv Link Speed None z Vv Link Duplex None gt Vv VLAN and Other Information PENI Interface Description Vv VLAN ID AutoPick Vv IV VLAN Name S Use Existing ACL Name r Port Based ACL Name r v Disable CDP Vv M Fitter BPDU Vv Iv UNI Port Security B Vv Note Required Field Step 2 of 3 m a Step2 Choose an Interf
376. ly one NPC exists for the chosen interface that NPC is autopopulated in the Circuit Details column and you need not choose it explicitly If more then one NPC is available click Select one circuit in the Circuit Selection column The NPC window appears enabling you to choose the appropriate NPC Click OK Each time you choose a PE and its interface the NPC that was set up from this PE and interface is automatically displayed under Circuit Selection This means that you do not have to further specify the PE to complete the link If you want to review the details of this NPC click Circuit Details in the Circuit Details column The NPC Details window appears and lists the circuit details for this NPC Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step 3 Step 4 Modifying the FlexUNI EVC Service Request W For details about editing link attributes adding or deleting links or using the FlexUNI check box see the corresponding steps in the section Setting Direct Connect Links page 6 8 When you have completed setting the attributes in the EVC Service Request Editor window click the Save button at the bottom of the window to save the settings and create the FlexUNI EVC service request If any attributes are missing or incorrectly set ISC displays a warning in the lower left of the window Make any correcti
377. mber SR State Service request state The SR State output does not list service requests in the CLOSED state Service requests in other states are listed as determined by the filter values Customer Name Name of the customer VPN Name of the VPN Service Type Type of service VLAN ID VLAN identification number Policy Name Name of the VPLS policy VFI Interface Virtual forwarding interface name Customer Facing UNI Customer facing UNI port AccessDomain Access domain name NPC Named physical circuit UNI Port UNI port UNI Shutdown Shutdown status of the UNI port UNI Aging Length of time in seconds that MAC addresses can stay in the UNI port security table UNI Speed UNI port speed UNI Duplex Duplex status none full half or auto of the UNI port Maximum MAC Address Maximum MAC addresses allowed on the UNI port CDP Shutdown Threshold Cisco Discovery Protocol shutdown threshold in packets second on the UNI port STP Shutdown Threshold Spanning Tree Protocol shutdown threshold in packets second on the UNI port VTP Shutdown Threshold VLAN Trunk Protocol shutdown threshold in packets second on the UNI port CDP Drop Threshold Cisco Discovery Protocol drop threshold in packets second on the UNI port VTP Drop Threshold VLAN Trunk Protocol drop threshold in packets second on the UNI port STP Drop Threshold Spanning Tree Protocol drop threshold in pac
378. me if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Check the Disable CDP check box if you want to disable the Cisco Discover Protocol CDP on the UNI port Check the Filter BPDU check box to specify that the UNI port should not process Layer 2 Bridge Protocol Data Units BPDUs Check the UNI Port Security check box see Figure 9 8 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately
379. ming gt lt Name gt GigabitEthernet0 0 0 1 302 lt Name gt lt Naming gt lt Enabled gt true lt Enabled gt lt AttachmentCircuit gt lt AttachmentCircuitTable gt lt PseudoWireTable gt lt PseudoWire gt lt Naming gt lt Neighbor gt lt IPV4Address gt 10 11 13 15 lt IPV4Address gt lt Neighbor gt lt PseudowireID gt 1005 lt PseudowireID gt lt Naming gt lt PseudoWireParameters gt lt PseudoWire gt lt PseudoWireTable gt lt P2PXConnect gt lt P2PXConnectTable gt lt XConnectGroup gt lt XConnectGroupTable gt lt L2VPN gt lt Configuration gt lt Set gt lt Commit gt lt Request gt Comments e In IOS XR device configuration is specified in XML format Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets ERS EVPL or EWS EPL IOS XR Device Hl e With respect to the XML schemas different versions of IOS XR generate different XML configlets However the configurations will be almost identical except for changes in the XML schema e There are different cases to consider For example when a service request is decommissioned or modified the XML configuration will slightly differ Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a As AppendixA Sample Configlets HERS EVPL and EWS EPL Local Connect on E Line ERS EVPL and EWS EPL Local Connect on E Lin
380. mple Configlets PE1 vlan lt S Vlan gt interface lt UNI to R1 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE3 loopback gt lt PrimaryVcId gt encapsulation mpls backup peer lt PE4 loopback gt lt BackupVcId gt PE2 vlan lt S Vlan gt interface lt UNI to R3 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt I interface vlan lt S Vlan gt xconnect lt PE4 loopback gt lt PrimaryVcId gt encapsulation mpls backup peer lt PE3 loopback gt lt BackupVcId gt PE3 vlan lt S Vlan gt interface lt UNI to R4 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE1 loopback gt lt PrimaryVcId gt encapsulation mpls backup peer lt PE2 loopback gt lt BackupVcId gt PE4 vlan lt S Vlan gt interface lt UNI to R5 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE2 loopback gt lt PrimaryVcId gt encapsulation mpls backup peer lt PE1 loopback gt lt BackupVcId gt Example 2 Pseudowire Connectivity B Figure D 6 illustrates a network configuration using pseudowire connect
381. n Setting Up VLAN Translation W Creating a Service Request When you create a service request based on an L2VPN ERS EVPL policy the VLAN options can be changed if they were set to be editable in the policy You can overwrite the policy information for the VLAN translation type and the place where translation occurs This flexibility allows the following provisioning e One AC can have 2 1 VLAN translation while the other AC can have no VLAN translation or 1 1 VLAN translation e The VLAN translation for one AC can be on the UNI box while the translation for the other AC can be on the PE AGG amp Note Note these modifications can happen only when a new service request is created They are not allowed during the modification of an existing service request The specification of the VLAN translation happens during the creation of the service request within the Link Attributes window At that point you can specify which VLAN is translated to which VLAN The Link Attributes window is accessed after the UNI port is selected on the Attachment Tunnel Editor window Because you can set the VLAN translation type after the UNI selection the UNI port display list does not exclude any type for the UNI port This is because e The UNI port list has to include the regular trunk port in case you later on the Link Attributes window decide to perform no VLAN translation or 1 1 VLAN translation e The UNI port list has to include an EWS
382. n lt S Vlan gt interface lt UNI to R4 gt switchport switchport trunk encapsulation dotliq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE1 loopback gt lt PrimaryVcId gt encapsulation mpls PE4 vlan lt S Vlan gt interface lt UNI to R5 gt switchport switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan add lt S Vlan gt interface vlan lt S Vlan gt xconnect lt PE2 loopback gt lt PrimaryVcId gt encapsulation mpls Example 3 Pseudowire Connectivity C Figure D 7 illustrates a network configuration using pseudowire connectivity with dual homed N PEs at one side of the network and with pseudowire redundancy Figure D 7 Pseudowire Redundancy i R3 ima y Primary Edge gt Secondary Edge m Blocked Segment Data Pseudowire rae Control Pseudowire Primary VC ID Backup VC ID PE1 TE B PE2 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 e Ex Pseudowire Connectivity Dual Homed N PEs on One Side of the Network with PE2 R4 F 3 R5 a PES 204866 OL 21636 01 Appendix D Terminating an Access Ring on Two N PEs Additional Network Configurations and Sample Configlets W Sample configlets for the devices are provided below PE1 vlan lt S Vlan gt interface lt UNI to
383. n FlexUNI EVC ATM Ethernet service requests 6 18 direct connect links in FlexUNI EVC ATM Ethernet service requests 6 8 FlexUNI attributes in FlexUNI EVC ATM Ethernet policies 5 7 FlexUNI attributes in policies 3 10 interface attributes in FlexUNI EVC ATM Ethernet policies 5 12 interface attributes in FlexUNI EVC policies 3 16 links with L2 access nodes in FlexUNI EVC ATM Ethernet service requests 6 22 loopback addresses on N PE devices 2 2 service attributes in FlexUNI EVC ATM Ethernet policies 5 8 service attributes in FlexUNI EVC policies 3 11 service options in FlexUNI EVC ATM Ethernet policies 5 4 service options in FlexUNI EVC policies 3 8 service request details for FlexUNI EVC ATM Ethernet service requests 6 3 service request details in FlexUNI EVC Ethernet service requests 4 2 VLAN matching criteria attributes in FlexUNI EVC ATM Ethernet policies 5 10 VLAN matching criteria attributes in FlexUNI EVC policies 3 13 VLAN rewrite criteria attributes in FlexUNI EVC ATM Ethernet policies 5 10 VLAN rewrite criteria attributes in FlexUNI EVC policies 3 14 setting up basic ISC services 1 2 customers 1 2 devices 1 2 devices for IOS XR support 2 3 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 direct connect links in FlexUNI EVC service requests 4 10 ISC resources 1 3 ISC Services 2 1 links to N PEs in FlexUNI EVC ATM Ethernet service requests 6 8 l
384. n to the FlexUNI EVC Service Request Editor window The value in the Link Attributes column now displays as Changed signifying that the link settings have been updated You can edit the link attributes now or at a future time by clicking on the Changed link and modifying the settings in the Standard UNI Details window See Modifying the FlexUNI EVC Service Request page 6 23 for details on editing the link attributes To add another link click the Add button and set the attributes for the new link as in the previous steps in this section To delete a link check the check box in the first column of the row for that link and click the Delete button I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Step 19 Step 20 If you want to set up links with L2 access nodes for this service request see Setting Links with L2 Access Nodes page 6 22 When you have completed setting the attributes in the FlexUNI EVC Service Request Editor window click the Save button at the bottom of the window to save the settings and create the FlexXUNI EVC service request If any attributes are missing or incorrectly set ISC displays a warning in the lower left of the window Make any corrections or updates needed based on the information provided by ISC and click the Save button For in
385. nable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 G Iv Broadcast Traffic 0 0 100 0 v Multicast Traffic 0 0 100 0 G Iv 138440 Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining an Ethernet ERMS EVP LAN Policy without a CE This section describes defining a VPLS policy with an Ethernet core type and an ERMS EVP LAN service type without a CE present Figure 9 24 is an example of the first
386. name is more than 32 characters the device names are truncated Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured During service request creation when you specify the tunnel ID number ISC does not check the validity of the value That is ISC does not verify the existence of the tunnel Click the Next button if you want to enable template support for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to c
387. ndix show the CLIs generated by ISC for particular services and features Each configlet example provides the following information Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a OL 21636 01 AppendixA Sample Configlets Overview W e Service e Feature e Devices configuration network role hardware platform relationship of the devices and other relevant information e Sample configlets for each device in the configuration e Comments Note The configlets generated by ISC are only the delta between what needs to be provisioned and what currently exists on the device This means that if a relevant CLI is already on the device it does not show up in the associated configlet The CLIs shown in bold are the most relevant commands All examples in this appendix assume an MPLS core I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a AppendixA Sample Configlets E ERS EVPL Point to Point ERS EVPL Point to Point Configuration Configlets Comments e Service L2VPN Metro Ethernet e Feature ERS EVPL point to point e Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF Sup720 3BXL Interface s FA8 17 The U PE is a Cisco 3750ME with 12 2 25 EY1 no port security Interface s FA1 0 4 FA1 0 23 L2VPN point to point U PE N PE vlan 772 vlan 772 exit exit l inte
388. nfigured on devices Using Templates with Service Requests This section provides information on templates and data files with a service request It contains the following sections Overview of Template Use in Service Requests page B 10 Using Templates and Data Files with Service Requests page B 14 Overview of Template Use in Service Requests This section provides overview information about template usage in service requests It covers the following topics Associating Templates to a Service Request page B 11 Associating Subtemplates During Service Provisioning page B 11 Creating Data Files During Service Request Creation page B 12 Using Negate Templates to Decommission Template Configurations page B 13 Using Templates and Data Files with Service Requests page B 14 For details on how these features are implemented in the ISC GUI see the section Using Templates and Data Files with Service Requests page B 14 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Appendix B Working with Templates and Data Files Using Templates with Service Requests i Associating Templates to a Service Request The template mechanism in ISC provides a way to add additional configuration information to a device configuration generated by a service request To use the template mechanism the policy on which the service request is based must have been set to enable templates Optionally templates and
389. nk the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute Configure with Bridge Domain in the EVC Service Request Editor window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise the service request will not be created with scanned under SVI even if N PE pseudo wire on SVI is enabled e ISC supports a hybrid configuration for FlexUNI EVC service requests In a hybrid configuration the forwarding commands such as scanned for one side of an attachment circuit can be configured under a service instance and the xconnect configuration for the other side of the attachment circuit can be configured under a switch virtual interface SVT OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Step 29 Step 30 Step 31 Step 32 e N PE Pseudo wire on SVI is applicable for all connectivity types PSEUDOWIRE or LOCAL but a hybrid SVI configuration is possible only for pseudowire connectivity e When MPLS Core Connectivity Type is set as LOCAL connectivity type the N PE Pseudo wire on SVI attribute is always disabled in the policy and service request e For examples of these cases see configlet examples FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI and FlexUNI E
390. nk Save Cancel Note Required Field 138455 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P02 i OL 21636 01 Chapter 10 Managing a VPLS Service Request Step 2 amp Creating a VPLS Service Request witha CE W Click Select VPN to choose a VPN for use with this CE The Select VPN window appears with the VPNs defined in the system Only VPNs with the same service type ERMS EVP LAN or EMS EP LAN as the policy you chose appear See Figure 10 2 Figure 10 2 Select a VPN VPNName maenna ve 1 vpls_ers_vpn1 ERS Customer1 Note Step 3 Step 4 Step 5 The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this check box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Choose a VPN Name in the Select column Click Select The VPLS Link Editor window appears with the VPN name displayed Click Add Link You specify the CE endpoints using the VPLS Link Editor You can add one or more links from a window like the one in Figure 10 3 Figure 10 3 Select CE VPLS Service Request Editor
391. nnectivity without UNI port security e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GI4 0 1 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FA1 14 FA3 23 Configlets U PE N PE vlan 772 12 vfi attest1 458 manual exit vpn id 452 neighbor 192 169 105 20 encapsulation mpls interface FastEthernet3 23 switchport trunk allowed vlan 500 772 vlan 200 bridge domain 200 split horizon interface FastEthernet1 14 no cdp enable interface GigabitEtherne4 0 1 no keepalive no shut no ip address service instance 10 ethernet switchport trunk allowed vlan 500 772 encapsulation dotlq 500 spanning tree bpdufilter enable rewrite ingress tag translate 1 to 2 dotlq mac access group ISC FastEthernet3 23 in 222 second dotig 41 symmetric I mac access list extended Interface vlan 200 Isc FastEthernet1 14 xconnect vfi attest1 458 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any Comments e UNI on U PE e The rewrite operation translates the incoming VLAN tag 500 to two tags 222 and 41 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g a5 AppendixA Sample Configlets HZ FiexUNI EVC Local Connect Core Connectivity UNI Port Security FlexUNI EVC Local Connect Core Connectivity UNI Port Security Configuration Service FlexUNI EVC
392. nnectivity Type PSEUDOWIRE or LOCAL For completeness all attributes available for the different core types are documented in the following steps Attributes apply to all core types unless otherwise noted I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy WE Setting the ATM Interface Attributes amp Note Also some attributes are supported only on IOS or IOS XR platforms Attributes apply to both platforms unless otherwise noted All platform specific attributes are visible in the policy workflow windows Later when a service request is created based on the policy and specific devices are associated with the service request platform specific attributes are filtered from service request windows depending on the device type IOS or IOS XR Step4 Check the Configure With Bridge Domain check box to determine bridge domain characteristics The behavior of the Configure With Bridge Domain option works in tandem with the choice you selected in the MPLS Core Connectivity Type option as follows e PSEUDOWIRE as the MPLS Core Connectivity Type There are two cases A With FlexUNI If Configure With Bridge Domain is checked the policy configures pseudowires under SVIs associated to the bridge domain If Configure With Bridge Domain is unchecked the policy will configure pseudowires directly under the service in
393. notes e AutoPick Bridge Domain VLAN ID consumes a global VLAN ID on the device e The bridge domain VLAN ID is picked from the existing ISC VLAN pool e This attribute is not displayed for IOS XR devices If the AutoPick Bridge Domain VLAN ID check box is unchecked enter an appropriate value in the Bridge Domain VLAN ID field amp Note This configuration applies in conjunction with the Configure Bridge Domain option in the EVC Service Request Editor window If the option is not enabled in that window then AutoPick Bridge Domain VLAN ID check box is redundant and not required When a VLAN ID is manually allocated ISC verifies the VLAN ID to see if it lies within ISC s VLAN ID pool If the VLAN ID is in the pool but not allocated the VLAN ID is allocated to the service request If the VLAN ID is in the pool and is already in use ISC prompts you to allocate a different VLAN ID If the VLAN ID lies outside of the ISC VLAN ID pool ISC does not perform any verification about whether the VLAN ID allocated The operator must ensure the VLAN ID is available Check the Match Inner and Outer Tags check box to enable service requests created with the policy to match both the inner and outer VLAN tags of the incoming frames If you do not check this check box service requests created with the policy will match only the outer VLAN tag of the incoming frames Checking the Match Inner and Outer Tags attribute causes the Inner VLAN ID and O
394. nteger value corresponding to a VPN ID e When a VPLS VPN ID is manually allocated ISC verifies the VPLS VPN ID to see if it lies within ISC s VC ID pool If the VPLS VPN ID is in the pool but not allocated the VPLS VPN ID is allocated to the service request If the VPLS VPN ID is in the pool and is already in use ISC prompts you to allocate a different VPLS VPN ID If the VPLS VPN ID lies outside of the VC ID pool ISC does not perform any verification about whether the VPLS VPN ID allocated The operator must ensure the VPLS VPN ID is available e The VPLS VPN ID can be entered only while creating a service If you are editing the service request the VPLS VPN ID field is not editable Step8 The Configure Bridge Domain check box is check by default and cannot be changed Usage notes e For VPLS all configurations are under the SVI e When the FlexUNI feature is used all configurations are under the SVI and also associated to a bridge domain Step9 Check the Use Split Horizon check box to enable split horizon with bridge domain Usage notes e The Use Split Horizon attribute is disabled by default e The Use Split Horizon attribute can be used only when the Configure Bridge Domain check box is checked enabled e When Use Split Horizon is enabled the bridge domain command in the CLI will be generated with split horizon When it is disabled the bridge domain command will be generated without split horizon Step10 Click the Cl
395. nterface FastEthernet1 0 2 12vpn switchport pw class PW_AD7 AD3_Cutsomer2 switchport access vlan 700 encapsulation mpls switchport mode dotiq tunnel transport mode ethernet switchport nonegotiate preferred path interface tunnel te 2730 no keepalive l no cdp enable spanning tree portfast xconnect group ISC spanning tree bpdufilter enable p2p cl test 12 12404 2 1000 interface GigabitEthernet0 3 1 1 700 interface GigabitEthernet1 0 1 neighbor 192 169 105 30 pw id 1000 no ip address pw class PW_AD7 AD3_Cutsomer2 switchport l switchport trunk encapsulation dotlq switchport trunk allowed vlan 700 switchport mode trunk Comments e The N PE is a CRS 1 router with IOS XR 3 7 e The pseudowire class feature is configured with various associated attributes like encapsulation transport mode preferred path and fallback option e The disable fallback option is required for IOS XR 3 6 1 and optional for IOS XR 3 7 and later e The E Line name p2p command and L2VPN Group Name xconnect group command is an ISC generated default value if user input is not provided Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets EWS EPL NBI Enhancements for L2VPN IOS Device EWS EPL NBI Enhancements for L2VPN 10S Device Configuration e Service L2VPN Metro Ethernet e Feature EWS EPL e Device configuration The N PE is a 12 2 18 SXF with IOS The U PE is
396. o B 5 creating FlexUNI EVC Ethernet policies 3 1 creating with VLAN translation C 2 overview of L2VPN policies 1 4 overview of template support in B 4 overview of VPLS policies 1 4 using templates and data files with B 4 policies see also by type 1 4 pools creating VC ID pools 2 7 pools see entry by type of pool 2 5 providers multipoint ERS EVP LAN for an Ethernet based provider core E 13 multipoint ERS EVP LAN for an MPLS based provider core E 11 multipoint EWS EP LAN for an Ethernet based provider core E 13 multipoint EWS EP LAN for an MPLS based provider core E 11 Index W setting up 1 2 pseudowire classes configuring transport mode when pseudowire classes are not supported 2 13 creating 2 11 pseudowire class objects modifying 2 12 pseudowire core connectivity in FlexUNI EVC ATM Ethernet service requests 6 3 in FlexUNI EVC service requests 4 3 regions defining 2 3 related documentation iii xii relay service Ethernet E 5 reports accessing 13 1 creating custom L2 and VPLS reports 13 11 generating L2 and VPLS reports 13 1 L2 end to end wire report 13 3 L2 PE service report 13 6 L2 VPN report 13 7 overview 13 1 VPLS attachment circuit report 13 8 VPLS PE service report 13 10 VPLS VPN report 13 11 resources setting up ISC resources 1 3 rings creating ring only NPCs 2 9 terminating access rings on two N PEs 2 10 roles device roles with FlexXUNI EVC 3 5 I OL 21636 01 Cisco IP Solution
397. o IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC User Provided Service Instance Name VPLS Core Connectivity FlexUNI EVC User Provided Service Instance Name VPLS Core Connectivity Configuration Configlets e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with VPLS core connectivity and user provided service instance name e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet7 0 0 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FastEthernet1 0 10 U PE N PE 12 vfi vpls test manual vlan 452 vpn id 300 exit neighbor 22 22 22 22 encapsulation mpls interface FastEthernet1 0 10 vlan 500 no ip address l switchport trunk allowed vlan add 452 ethernet evc ServiceInst interface FastEthernet1 0 13 interface GigabitEtherne7 0 0 no Spanning tree bpdufilter enable service instance 10 ethernet ServiceInst switchport encapsulation dotiq 400 no keepalive rewrite ingress tag pop 1 symmetric no ip address bridge domain 500 split horizon switchport switchport trunk encapsulation dotlq interface vlan500 switchport mode trunk xconnect vfi vpls test switchport trunk allowed vlan 452 switchport nonegotiate mac access group ISC FastEthernet1 0 13 in Comments e The transport type is VPLS e The user manually provided ServiceInst as the Service Instance Nam
398. o denote L2VPN services in this guide e Point to point Ethernet Wire Service EWS The MEF name for this service is Ethernet Private Line EPL I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter7 Creating an L2VPN Policy W Defining an L2VPN Policy Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 e Frame Relay over MPLS FRoMPLS e ATM over MPLS ATMoMPLS To define an L2VPN policy in ISC perform the following steps Choose Service Design gt Policies The Policies window appears Click Create Choose L2VPN P2P Policy When you choose L2VPN P2P Policy the L2VPN Point to Point Policy Creation window appears Choose L2VPN on MPLS Core The window in Figure 7 1 appears Figure 7 1 Creating an L2VPN Policy You Are Here Service Design Policies Customer None L2VPN Point To Point Policy Editor Attribute Value Policy Hame Customer tH 11 Service Type Policy Owner C Provider o 2 Interface Type Global Policy AAA Customer Select L2VPN ERS C L2VPN EWS Service Type C Frame Relay C ATM CE Present Vv Note Required Field Step 1 of 2 i Ld _ L _ L Enter a Policy Name for the L2VPN policy Choose the Policy Owner for the L2VPN policy 138365 There are three types of L2VPN policy ownership e Customer ownership e Provider ownership e Global ownership Any service operator can make use o
399. o the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Check the VC ID AutoPick check box if you want ISC to choose a VC ID If you do not check this check box you will be prompted to provide the VC ID in a VC ID field during service activation I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter7 Creating an L2VPN Policy HZ Defining an Ethernet ERS EVPL Policy with a CE Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Step 19 Step 20 Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Check the Use PseudoWireClass check box to enable the selection of a pseudowire class This
400. oadcast Traffic 0 0 100 0 Iv Multicast Traffic 0 0 100 0 G Iv 138440 Step 24 Check the Protocol Tunnelling check box see Figure 7 14 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 7 19 Protocol Tunnelling Protocol Tunnelling Iv lv Enable cdp Iv v cdp shutdown threshold 0 4096 Vv cdp drop threshold 0 4096 v Enable vtp Iv Iv vip shutdown threshold 0 4096 Iv vtp drop threshold 0 4096 v Enable stp Iv Iv stp shutdown threshold 0 4096 v stp drop threshold 0 4098 Vv A D Recovery Interval in seconds 30 86400 E S For each protocol that you check enter the shutdown threshold and drop threshold for that protocol a Enable cdp Enable Layer 2 tunnelling on Cisco Discover Protocol CDP b cdp shutdown threshold Enter the number of packets per second to be received before the interface is shut down c cdp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping CDP packets d Enable vtp Enable Layer 2 tunnelling on VLAN Trunk Protocol VTP e vtp shutdown threshold Enter the number of packets per second to be received before the interface is shut down f vtp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping VTP packets g Enable stp Enable Layer 2
401. ogue appears in which you can enter a description Step9 To set up direct connect links see the section Setting Direct Connect Links page 6 8 Step 10 To set up links with L2 access nodes see the section Setting Links with L2 Access Nodes page 6 22 Local Core Connectivity If the MPLS Core Connectivity Type for the FlexUNI EVC ATM Ethernet Interworking policy is LOCAL the EVC Service Request Editor window shown Figure 6 2 appears Figure 6 2 EVC Service Request Details Window for Local Core Connectivity FlexUNI EVC Service Request Editor 204863 Perform the following steps to set the attributes in the first section of the Service Request Details window Step1 The Job ID and SR ID fields are read only When the service request is being created for the first time the fields display a value of NEW When an existing service request is being modified the values of the fields indicate the respective IDs that the ISC database holds within the editing flow of the service request Step2 The Policy field is read only It displays the name of the policy on which the service request is based Step3 Click Select VPN to choose a VPN for use with this service request The Select VPN window appears with the VPNs defined in the system Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step
402. olicy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B EMS EP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name Enter the System MTU in bytes Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 n OL 21636 01 Chapter 9 Creating a VPLS Policy Step 17 Step 18 Step 19 Step 20 Defining an Ethernet EMS EP LAN Policy with a CE W The maximum transmission unit MTU size is configurable and optional The default size is 92
403. om the existing ISC VLAN pool Once the VLAN ID is assigned in the service request ISC makes the VLAN ID unavailable for subsequent service requests e Inthe case of manual VLAN ID allocation ISC does not manage the VLAN ID if the ID lies outside the range of an ISC managed VLAN pool In this case the operator must ensure the uniqueness of the ID in the Ethernet access domain If an operator specifies a VLAN ID that is within the range of an ISC managed VLAN pool and the VLAN ID is already in use in the access domain ISC displays an error message indicating that the VLAN ID is in use Note on Access VLAN IDs An access VLAN ID is of local significance to the FlexUNI capable ports It should not be confused with the global VLANs This can be visualized as a partitioning of the Ethernet access network beyond the FlexUNI ports into several subEthernet access domains one each for a FlexUNI capable port However all the service interfaces on the Ethernet access nodes beyond the FlexUNI ports will have this very same VLAN ID for a link This ID must be manually specified by the operator when setting the link attributes during service request creation The operator must ensure the uniqueness of the ID across the FlexUNI demarcated Ethernet access domain These VLAN IDs are not managed by ISC by means of locally significant VLAN pools But once a VLAN ID is assigned for a link in the service request ISC makes the VLAN unavailable for subsequent serv
404. omer owned can only be seen by operators who are allowed to work on this customer owned policy Similarly operators who are allowed to work on a provider s network can view use and deploy a particular provider owned policy Click Select to choose the owner of the VPLS policy The policy owner was established when you created customers or providers during ISC setup If the ownership is global the Select function does not appear Choose the Core Type of the VPLS policy Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Chapter9 Creating a VPLS Policy Defining an MPLS ERMS EVP LAN Policy witha CE W There are two core types for VPLS policies e MPLS running on an IP network e Ethernet all PEs are on an Ethernet provider network Step8 Choose the Service Type of the VPLS policy There are two service types for VPLS policies e Ethernet Relay Multipoint Service ERMS The MEF name for ERMS is EVP LAN e Ethernet Multipoint Service EMS The MEF name for EMS is EP LAN Step9 Check the CE Present check box if you want ISC to ask the service operator who uses this VPLS policy to provide a CE router and interface during service activation The default is CE present in the service If you do not check the CE Present check box ISC asks the service operator during service activation only for the PE router and customer facing interface Defining an MPLS ERMS EVP LAN Policy wi
405. on DOT1Q PE UNI Interface Description UNI Shutdown Q N PE Pseudo wire On SVI Use Existing PW Class PW Tunnel Selection 9 Interface Tunnel 4 0 2147483647 Note Required Field Step 2 of 2 m ms e S S S S 204850 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Figure 6 5 is an example of a direct connect link for a Cisco ASR 9000 running IOS XR with pseudowire core connectivity configure bridge domain enabled and the FlexUNI check box checked Figure 6 5 Standard UNI Details Window Cisco ASR 9000 Configure Bridge Domain Enabled Standard UNI Details Attribute Value N PE U PE Information pe13 Interface Name FastEthernet1 Encapsulation DOT1Q PE UNI Interface Description UNI Shutdown ji Use PseudoWireClass E AutoPick Bridge Group Name E Bridge Group Name AutoPick Bridge Domain Name E Note Required Field Step 2 of 2 Ss oS 204851 Figure 6 6 is an example of a direct connect link for a Cisco ASR 9000 running IOS XR with pseudowire core connectivity configure bridge domain not enabled and the FlexUNI check box checked Figure 6 6 Standard UNI Details Window Cisco ASR 9000 Configure Bridge Domain not Enabled Standard UNI Details Attribute Value N PE U PE Information pe13 Interface Name FastEthe
406. on counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d In the Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 7 8 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes 0 1440 violation Action PROTECT w Secure MAC Addresses g Check the Enable Storm Control check box see Figure 7 9 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Figure 7 9 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 amp Iv Broadcast Traffic 0 0 100 0 9 M Multicast Traffic 0 0 100 0 v 138440 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter7 Creating an L2VPN Policy HZ Defining an Ethernet ERS EVPL Policy without a CE Step 25 amp Check the N PE Pseudo wire On SVI check box to configure the pseudowire connection on the switched virtual interface of the OSM card
407. on Center L2VPN and Carrier Ethernet User Guide 6 0 Contents W I OL 21636 01 E Contents ERS EVPL EWS EPL ATM or Frame Relay Additional Template Variables for L2VPN IOS and IOS XR Device A 15 EWS EPL Point to Point A 16 EWS EPL Point to Point UNI Port Security BPDU Tunneling A 17 EWS EPL Hybrid A 19 EWS EPL Pseudowire Class E Line L2VPN Group Name IOS XR Device A 22 EWS EPL NBI Enhancements for L2VPN IOS Device A 23 ATM over MPLS VC Mode A 24 ATM over MPLS VP Mode A 25 ATM Port Mode Pseudowire Class E Line L2VPN Group Name IOS XR Device A 26 Frame Relay over MPLS A 27 Frame Relay DLCI Mode A 28 VPLS Multipoint ERMS EVP LAN A 29 VPLS Multipoint EMS EP LAN BPDU Tunneling A 30 exUNI EVC Pseudowire Core Connectivity UNI Port Security A 31 exUNI EVC Pseudowire Core Connectivity UNI without Port Security with Bridge Domain A 32 exUNI EVC Pseudowire Core Connectivity UNI and Pseudowire Tunneling A 33 exUNI EVC VPLS Core Connectivity UNI Port Security A 34 exUNI EVC VPLS Core Connectivity no UNI Port Security A 35 exUNI EVC Local Connect Core Connectivity UNI Port Security A 36 exUNI EVC Local Connect Core Connectivity UNI no Port Security Bridge Domain A 38 exUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI A 39 exUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI A 40 exUNI EVC AutoPick Se
408. on L2 subinterfaces Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs Usage notes e Checking the PW Tunnel Selection check box activates the Interface Tunnel attribute field see the next step e This attribute only appears if the MPLS core connectivity type is set as pseudowire in the FlexUNI EVC policy e The PW Tunnel Selection attribute is not supported for IOS XR devices I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter4 Managing a FlexUNI EVC Ethernet Service Request HZ Setting the Service Request Details Step 30 If you checked the PW Tunnel Selection check box enter the TE tunnel ID in the Interface Tunnel text field Usage notes e ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address During service request creation ISC does not check the validity of the tunnel ID number That is ISC does not verify the existence of the tunnel e The Interface Tunnel attribute is not supported for IOS XR devices e Step31 Check the AutoPick Bridge Group Name check box to have ISC autopick the bridge group name during service request crea
409. onal of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B EMS EP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Enter a VLAN NAME optional to specify a name to describe the VLAN I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 A Chapter9 Creating a VPLS Policy HZ Defining an MPLS EMS EP LAN Policy with a CE Step 16 Step 17 Step 18 Step 19 Step 20 The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name Enter the System MTU in bytes The maximum transmission unit MTU size is configurable and optional ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is not accepted you must adjust the size until the service request is deployed ISC supports ranges for different platforms as specified below The range is 1500 to 9216 e For the 3750 and 3550 platforms the MTU range is 1500 1546 e For the 7600 ethernet port the MTU size is always 9216 Even with the same plat
410. ons for the FlexUNI EVC Ethernet policy as shown in Figure 3 2 Figure 3 2 EVC Policy Editor Service Options Window EVC Policy Editor Service Options Attribute Value Editable CE Directly Connected To FlexUHI go All Links Terminate On FlexUHI Oo MPLS Core Connectivity Type PSEUDOWIRE Configure With Bridge Domain go Note Required Field Step 2 of 5 j a __ 211665 The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this FlexUNI EVC policy can modify the editable parameter during FlexUNI EVC service request creation To set the FlexUNI EVC service options perform the following steps Step1 Check the CE Directly Connected to FlexUNI check box if the CEs are directly connected to the N PE This check box is not checked by default Usage notes e If the check box is checked a service request created using this policy can have only directly connected links No Ethernet access nodes will be involved e If the check box is unchecked a service request created using this policy might or might not have Ethernet access nodes in the links e When a CE is directly connected to the N PE NPCs are not applicable to the link while creating service requests e When a CE is not directly connected to the N PE NPCs are used during service request creation as per standard ISC behavior There is no change in NPC implementation to supp
411. ons or updates needed based on the information provided by ISC and click the Save button For information on modifying a FlexUNI EVC service request see the section Modifying the FlexUNI EVC Service Request page 6 23 For additional information about saving a FlexUNI EVC service request see Saving the FlexUNI EVC Service Request page 6 24 Modifying the FlexUNI EVC Service Request Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 You can modify a FlexUNI EVC service request if you must change or modify the links or other settings of the service request To modify a FlexUNI EVC service request perform the following steps Choose Service Inventory gt Inventory and Connection Manager gt Service Requests The Service Requests window appears showing service request available in ISC Check a check box for a service request Click Edit EVC Service Editor window appears Modify any of the attributes as desired See the sections start with Setting the Service Request Details section on page 6 3 for detailed coverage of setting attributes in this window amp Note Once the VC ID VPLS VPN ID and VLAN ID have been set in a service request they cannot be modified To add a template data file to an attachment circuit see the section Using Templates and Data Files with a FlexUNI EVC Service Request page 6 24 When you are finished editing the FlexUNI EVC service request click Save For additional informat
412. oose a FlexUNI EVC policy from the policies previously created see Chapter 3 Creating a FlexUNI EVC Ethernet Policy Choose a FlexUNI EVC Ethernet policy from the list Click OK The EVC Service Request Editor window appears The new service request inherits all the properties of the chosen FlexUNI EVC policy such as all the editable and non editable features and pre set parameters Continue with the steps contained in the next section Setting the Service Request Details page 4 2 Setting the Service Request Details After you have selected the FlexUNI EVC Ethernet policy to be used as the basis of the service request the EVC Service Request Editor window appears It is divided into three main sections e Service Request Details e Direct Connect Links no NPCs e Links with L2 Access Nodes involves NPCs Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Setting the Service Request Details W This window enables you to specify options for the service request as well as configure directly connected links and links with L2 access nodes The options displayed in first section of the window change depending on the MPLS Core Connectivity Type that was specified in the policy pseudowire VPLS or local For clarity each of these scenarios is presented in a separate section below to highlight the different window configurat
413. opology for Ethernet Based VPLS E 13 INDEX Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 About This Guide This preface contains the following sections e Objective page xi e Audience page xi e Organization page xi e Related Documentation page xii e Obtaining Documentation and Submitting a Service Request page xiv Objective The Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 contains information about creating L2VPN or VPLS policies and creating and deploying L2VPN or VPLS services using the Cisco IP Solution Center ISC Audience This guide is designed for service provider network managers and operators who are responsible for provisioning L2VPN or VPLS for their customers Network managers and operators should be familiar with the following topics e Basic concepts and terminology used in internetworking e Layer 2 Virtual Private Network L2VPN Virtual Private LAN Service VPLS VPN Multiprotocol Label Switching MPLS and terms and technology e Network topologies and protocols Organization This guide is organized as follows e Chapter 1 Getting Started provides information on getting started tasks for using the L2VPN component of the Cisco IP Solution Center ISC e Chapter 2 Setting Up the ISC Services provides information on setting up the ISC service Cisco IP Solution Center L2VPN and Carrier Ethernet Use
414. or information on creating FlexUNI EVC ATM Ethernet service requests see Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Note Overview For a general overview of FlexUNI EVC support in ISC not restricted to ATM Ethernet Interworking see Overview of FlexUNI EVC Support in ISC page 3 1 ISC supports interworking of a service with ATM and Ethernet protocols across the MPLS core or local switching ATM Ethernet interworking is supported through the following features e Creation of a FlexUNI EVC policy of type ATM Ethernet Interworking The ATM Ethernet Interworking policy type supports a choice of MPLS core options Pseudowire Local local connects e Provisioning of ATM Ethernet interworking using a single FlexUNI EVC service request e Combination of EVC and non EVC syntax that is the creation of an L2 circuit consisting of an L2 syntax and EVC syntax I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy HZ Defining the FlexUNI EVC ATM Ethernet Interworking Policy e Supported platforms ATM interworking is supported on the Cisco 7600 with ES 20 cards ASR 9000 device is supported for IOS XR 3 7 3 and IOS XR 3 9 Because there are no ATM interfaces on the Cisco ASR 9000 ISC does not support interworking on the ASR 9000 for ATM interfaces Only Ethernet interfaces a
415. ort FlexUNI EVC functionality Step2 Check the All Links Terminate on FlexUNI check box if all links need to be configured with FlexUNI EVC features This check box is not check by default Usage notes e If the check box is checked a service request created using such policy will have all links using the FlexUNI EVC feature Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 EN OL 21636 01 _ Chapter 3 Creating a FlexUNI EVC Ethernet Policy Setting the Service Options Ti If the check box is unchecked zero or more links can use the FlexUNI EVC feature This ensures that existing platforms can still be used in one or more links while delivering the services This allows the possibility of a link with FlexUNI EVC support being added in the future amp Note Ifthe check box is unchecked in the service request creation process the user must indicate whether or not the created link is FlexUNI or non FlexUNI If no links are expected to use the FlexUNI EVC feature even in the future for example if the provider is not planning to upgrade to the EVC infrastructure for the service that is being created existing ISC policy types L2VPN or VPLS can be used instead of FlexUNI EVC Step3 Choose an MPLS Core Connectivity Type from the drop down list amp Note The core option supports MPLS only There is no L2TPv3 support for this service amp The choices are PSEUDOWIRE Choose this opt
416. ort port security aging time 32 switchport port security violation shutdown switchport port security 12protocol tunnel cdp 12protocol tunnel stp 12protocol tunnel vtp 12protocol tunnel shutdown threshold 12protocol tunnel shutdown threshold 12protocol tunnel shutdown threshold 12protocol tunnel drop threshold cdp 12protocol tunnel drop threshold stp 12protocol tunnel drop threshold vtp storm control unicast level 34 0 storm control broadcast level 23 0 storm control multicast level 12 0 spanning tree portfast spanning tree bpdufilter enable cdp 88 stp 99 vtp 56 56 64 34 mac access group ISC FastEthernet1 0 19 in interface FastEthernet1 0 23 no ip address switchport trunk allowed vlan 774 775 787 788 1 mac access list extended ISC FastEthernet1 0 19 no permit any any deny any host 3456 3456 1234 permit any any switchport trunk allowed vlan 1 451 653 659 766 768 772 773 775 878 interface Vlan775 no ip address description L2VPN EWS xconnect 99 99 8 99 89029 encapsulation mpls no shutdown e This is the EWS EPL side UND e N PE is 7600 with an OSM or a SIP 600 module Provisioning is the same as the ERS EVPL e The U PE is a generic Metro Ethernet ME switch e PACL with one user defined entry e BPDUs cdp stp and vtp are tunneled through the MPLS core e Storm control is enabled for unicast multicast and broadcast Cisco IP Solution Center L2VPN and Carr
417. ose it and return to the Policy Editor window Step 24 Click Finish amp Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter9 Creating a VPLS Policy HZ Defining an Ethernet EMS EP LAN Policy without a CE Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 e OL 21636 01 CHAPTER 1 Managing a VPLS Service Request This chapter contains the basic steps to provision a VPLS service It contains the following sections Introducing VPLS Service Requests page 10 1 Creating a VPLS Service Request page 10 2 Creating a VPLS Service Request with a CE page 10 2 Creating a VPLS Service Request without a CE page 10 6 Modifying the VPLS Service Request page 10 10 Using the Bridge Domain ID Attribute page 10 13 Saving the VPLS Service Request page 10 14 Introducing VPLS Service Requests A VPLS service request consists of one or more attachment circuits connecting various sites in a multipoint topology When you create a
418. ot accepted you must adjust the size until the Service Request is deployed In ISC 6 0 different platforms support different ranges e For the 3750 and 3550 platforms the MTU range is 1500 to 1546 e For the Cisco 7600 Ethernet port the MTU size is always 9216 Even with the same platform and same IOS release different line cards support the MTU differently For example older line cards only take an MTU size of 9216 and newer cards support 1500 to 9216 However ISC 6 0 uses 9216 in both cases e For the Cisco 7600 SVI interface VLAN the MTU size is 1500 to 9216 Step16 Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 lt Chapter3 Creating a FlexUNI EVC Ethernet Policy HZ Setting the Interface Attributes This attribute is unchecked by default Subsequently when you create a service request based on this policy you must specify the TE tunnel ID in a field provided ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two N PEs This pseudowire class can be shared by more than one pseudowire as long as the pseudowires share the same tunnel ID and remote loopback address You are responsible to ensure that the tunnel interface and associated ID are configured Dur
419. otiq 452 no spanning tree bpdufilter enable rewrite ingress tag pop 1 symmetric switchport bridge domain 3524 split horizon no keepalive l no ip address interface Vlan3524 switchport no ip address switchport trunk encapsulation dotlq description BD T SVI T Flex switchport mode trunk xconnect 22 22 22 22 52500 encapsulation switchport trunk allowed vlan 452 mpls switchport nonegotiate backup peer 22 22 22 22 52501 mac access group ISC FastEthernet1 0 13 in no shutdown Comments e The transport type is pseudowire e The autopick Service Instance Name will take the value CustomerName_JobID Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I oL 21636 01 g aa AppendixA Sample Configlets HE FiexUNI EVC No AutoPick Service Instance Name No Service Instance Name FlexUNI EVC No AutoPick Service Instance Name No Service Instance Name Configuration e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with AutoPick Service Instance Name not enabled and the Service Instance Name input field left blank e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet7 0 2 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Interface s FastEthernet1 0 14 Configlets U PE N PE l vlan 566 interface GigabitEthernet7 0 2 exit service instance 43 ethernet l encapsulation dotlq 566 interface FastEthernet1 0 14 xconnect 1 1 1 1 453366 encapsulation mpls no spanning
420. out aCE 10 6 Modifying the VPLS Service Request 10 10 Using the Bridge Domain ID Attribute 10 13 Saving the VPLS Service Request 10 14 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 x OL 21636 01 CHAPTER 11 CHAPTER 12 CHAPTER 13 APPENDIX A Deploying Monitoring and Auditing Service Requests 11 1 Deploying Service Requests 11 1 Pre Deployment Changes 11 1 Service Deployment 11 2 Verifying Service Requests 11 3 Service Request States 11 4 Viewing Service Request Details 11 7 Links 11 8 History 11 9 Configlets 11 9 Monitoring Service Requests 11 10 Auditing Service Requests 11 12 Using Autodiscovery for L2 Services 12 1 Generating L2 and VPLS Reports 13 1 Overview 13 1 Accessing L2 and VPLS Reports 13 1 L2 and VPLS Reports 13 2 L2 End to End Wire Report 13 3 L2 PE Service Report 13 6 L2 VPN Report 13 7 VPLS Attachment Circuit Report 13 8 VPLS PE Service Report 13 10 VPLS VPN Report 13 11 Creating Custom L2 and VPLS Reports 13 11 Sample Configlets A 1 Overview A 2 ERS EVPL Point to Point A 4 ERS EVPL Point to Point UNI Port Security A 5 ERS EVPL 1 1 VLAN Translation A 7 ERS EVPL 2 1 VLAN Translation A 8 ERS Pseudowire Class E Line L2VPN Group Name IOS XR Device A 9 ERS EVPL NBI Enhancements for L2VPN IOS Device A 10 ERS EVPL or EWS EPL IOS XR Device A 11 ERS EVPL and EWS EPL Local Connect on E Line A 14 Cisco IP Soluti
421. ownership e Provider ownership e Global ownership Any service operator can make use of this policy This ownership has relevance when the ISC Role Based Access Control RBAC comes into play For example a FlexUNI EVC policy that is customer owned can only be seen by operators who are allowed to work on this customer owned policy Similarly operators who are allowed to work on a provider s network can view use and deploy a particular provider owned policy Click Select to choose the owner of the FlexUNI EVC policy The policy owner was established when you created customers or providers during ISC setup If the ownership is global the Select function does not appear Choose the Policy Type The choices are e ETHERNET e ATM Ethernet Interworking Note Step 8 Step 9 This chapter describes creating the ETHERNET policy type For information on using the FlexUNI EVC ATM Ethernet Interworking policy type see Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Click Next The EVC Policy Editor Service Options window appears as show in Figure 3 2 Continue with the steps contained in the next section Setting the Service Options page 3 8 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter3 Creating a FlexUNI EVC Ethernet Policy HZ Setting the Service Options Setting the Service Options This section describes how to set the service opti
422. ox of a data file to choose it Click the Accept button to confirm the choice The template data file combination appears in the Add Remove Templates window To add additional templates data files to the list click the Add button and repeat the appropriate steps as covered above When you are satisfied with selection of templates data files click the OK button in the Add Remove Templates window The templates data files appear in the Template Datafile column of the Template Association window as shown Figure B 8 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix B Working with Templates and Data Files HI Using Templates with Service Requests Figure B 8 Sample Templates Association Window with Templates Data Files Selected MPLS Link Attribute Editor Template Association Showing 1 2 of 2 records Device Name Role Type Template Data File 1 ces CE MANAGED List 4cl2000 2 pes N PE AccessList1 Protocol IP AccessList Acl2000 Rows per page 10 7 I lt q Goto page f1 of1 DDI Note Required Field Step 5 of 5 Sy es omy 211685 If multiple templates data files are selected for a device they appear as a comma separated list as shown in the figure Step8 Click the Finish button to create the service request with the template data file selections you chose If the template associated to the service request is a super template comprising of one
423. p 10 The Status field reads Allocated if you already filled in the Reserved VLANs information when you created the access domain If you did not fill in the Reserved VLANs information when you created the access domain the Status field reads Available To allocate a VLAN pool you must fill in the corresponding VLAN information by editing the access domain See Creating Access Domains page 2 4 The VLAN pool status automatically sets to Allocated on the Resource Pools window when you save your work Repeat this procedure for each range you want to define within the VLAN Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 26 E OL 21636 01 Chapter2 Setting Up the ISC Services Creating a VC ID Pool W Creating a VC ID Pool VC ID pools are defined with a starting value and a size of the VC ID pool A given VC ID pool is not attached to any inventory object a provider or customer During deployment of an L2VPN or VPLS service the VC ID can be autoallocated from the same VC ID pool or you can set it manually Note When you are setting a manual VC ID on an ISC service ISC warns you if the VC ID is outside the valid range of the defined VC ID pool If so ISC does not include the manually defined VC ID in the VC ID pool We recommend that you preset the range of the VC ID pool to include the range of any VC IDs that you manually assign Create one VC ID pool per network In a VPL
424. p 3 Step 4 Step 5 Setting the FlexUNI Attributes W Check the AutoPick Service Instance Name check box to have ISC autogenerate a service instance name when you create a service request based on the policy The autogenerated value is in the following pattern CustomerName_ServiceRequestJobID If the check box is unchecked then you can enter a value during service request creation Check the Enable PseudoWire Redundancy check box to enable pseudowire redundancy alternative termination device under certain conditions Usage notes e Enable Pseudo Wire Redundancy is only available if the MPLS Core Connectivity Type was set as PSEUDOWIRE in the Service Options window see Setting the Service Options page 5 4 Check the AutoPick VC ID check box to have ISC autopick the VC ID during service request creation If this check box is unchecked the operator will be prompted to specify a VC ID during service request creation Usage notes e When AutoPick VC ID is checked ISC allocates a VC ID for pseudowires from the ISC managed VC ID resource pool Check the AutoPick Bridge Domain VLAN ID check box to have ISC autopick the VLAN ID for the service request during service request creation If this check box is unchecked the operator will be prompted to specify a VLAN ID during service request creation Usage notes e AutoPick Bridge Domain VLAN ID consumes a global VLAN ID on the device e The bridge domain VLAN ID is picked fr
425. p prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter7 Creating an L2VPN Policy HZ Defining an Ethernet ERS EVPL Policy with a CE Step 25 amp Figure 7 5 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 Q va Broadcast Traffic 0 0 100 0 Iv Multicast Traffic 0 0 100 0 G Iv 138440 Check the N PE Pseudo wire On SVI check box to configure the pseudowire connection on the switched virtual interface of the OSM card This check box is checked by default If the check box is not checked the pseudowire will be provisioned on the subinterface of the PFC card if it is available This option is only available for C76xx devices Note Step 26 Step 27 The N PE Pseudo wire on SVI attribute will be unavailable within service requests based on this policy for devices running IOS XR Specify the type of VLAN Translation for this policy by clicking the appropriate radio button The choices are e
426. page of this policy Figure 9 24 Ethernet ERMS EVP LAN Policy without a CE VPLS Policy Editor Attribute Value Policy Name VplsEtherErmsNoCe Customer Policy Owner Provider Global Policy A MPLS Core Type Ethernet A Ethernet Relay Multipoint Service ERMS Service Type Las O Ethernet Multipoint Service EMS CE Present oO Note Required Field I Ld Step 1 of 3 m e y a 204786 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter 9 Creating a VPLS Policy HZ Defining an Ethernet ERMS EVP LAN Policy without a CE Perform the following steps Step 1 Click Next The window in Figure 9 25 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Figure 9 25 VPLS Policy Editor Attribute H PE U PE Information Interface Type Standard UNI Port Interface Format UNI Shutdown Keep Alive Interface Type for UHI Display ANY UNI UNI MAC Addresses Link Speed Link Duplex VLAH and Other Information PEJANI Interface Description VLAN ID AutoPick VLAN Name Use Existing ACL Name Port Based ACL Name Disable CDP Fitter BPDU UNI Port Security Note Required Field Step 2 of 3 Value ANY ha Vv B B
427. parated by hyphens for example 6503 A 6503 B If the default name is more than 32 characters the device names are truncated Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Enter a Link Media type optional of None auto select rj45 or sfp Usage notes e The default is None e When this attribute is used a new CLI will be generated in the UNI interface to define the media type e The Link Media attribute is supported only for ME3400 platforms Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is unchecked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you unchecked the
428. plete the link Step12 Click OK The EndToEndWire Editor window appears displaying the name of the selected CE in the AC1 column See Figure 8 13 Figure 8 13 NPC Created L2VPN Point To Point Service Request Editor EndToEndWire Editor SRID New Job ID New Policy Hame L2vpnEwsCe Core Type MPLS PH l2vypn_ews_vpn Select VPH Description E Showing 1 1 of 1 records Attachment Circuit1 ACI Circuitt Attachment Circuit2 AC2 Circuit2 T Parini AC1 Attributes D AC2 Attributes D I mji a e3 pe1 Default Add AC Default Rows per page 10 1d 4 coto page f1 of1 DDI Add Link Delete Link Save Cancel 138575 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 u OL 21636 01 _ Chapter 8 Managing an L2VPN Service Request Step 13 Step 14 Step 15 Step 16 Step 17 Creating an L2VPN Service Request W Click AC1 Link Attributes and edit the attributes if desired For more information see the section Modifying the L2VPN Service Request page 8 20 Click OK Repeat Steps 6 through 14 for AC2 Click OK You see a window like Figure 8 14 Figure 8 14 Attachment Circuits Selected L2 VPN Point To Point Service Request Editor EndToEndWire Editor SRID New Job ID New Policy Name L2vpnEwsCe Core Type MPLS VPH I2vpn_ews_vpn Select VPN Description Showing 1 1 of 1 records Attachment Circuitt Act Circuitt Attachment Circuit2 AC2 Circuit2 J
429. ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 9 Creating a VPLS Policy Step 3 Step 4 Defining an MPLS EMS EP LAN Policy witha CE W The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interface types Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a CE Encapsulation type The choices are e DOTIQ e DEFAULT Note Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 When creating a service request based on the MPLS EMS EP LAN with CE policy the Encapsulation attribute is ignored Therefore setting this value has no effect Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated
430. ports two general Ethernet service type constructs e Ethernet Line E Line Provides a point to point Ethernet Virtual Circuit EVC e Ethernet LAN E LAN Provides a multipoint to multipoint EVC Two Ethernet services are available for each type These are distinguished by the means of service identification used at the user to network interface UNIs as follows e Port based All to one bundling These are referred to as private e VLAN based These services are multiplexed The EVC is identified by a VLAN ID These are referred as virtual private Table E 1 summarizes these relationships Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 aes AppendixE ISC Layer 2 VPN Concepts W Layer 2 Terminology Conventions Table E 1 Ethernet Service Definitions Service Type Port Based VLAN Based E Line Ethernet Private Line EPL Ethernet Virtual Private Line EVPL E LAN Ethernet Private LAN EP LAN Ethernet Virtual Private LAN EVP LAN In addition to E Line and E LAN services two additional service types are available for Layer 2 e Frame Relay over MPLS FRoMLS e ATM over MPLS ATMoMPLS These service types are not covered in the current MEF documentation in spite of the fact that the MEF has merged with the Frame Relay forum Formerly another terminology was used by the MEF for Layer 2 services Table E 3 maps the older terminology to the current one
431. pport for the policy The Template Association window appears In this window you can enable template support and optionally associate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Step 24 Click Finish amp Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter9 Creating a VPLS Policy HZ Defining an Ethernet EMS EP LAN Policy with a CE Defining an Ethernet EMS EP LAN Policy with a CE This section describes defining a VPLS policy with an Ethernet core type and an EMS EP LAN service type with a CE present Figure 9 28 is an example of the first page of this policy Figure 9 28 Ethernet EMS EP LAN Policy with CE Present
432. provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 514 OL 21636 01 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Setting the Interface Attributes W d Inthe Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 5 6 UNI Port Security UNI Port Security Iv Iv Maximum MAC Address 1 8448 Iv Aging in minutes 0 1440 IV Violation Action PROTECT Vv ao Secure MAC Addresses Eat Iv wr Step 11 Check the Enable Storm Control check box see Figure 5 7 to help prevent the
433. pt for the access interface on both N PEs This saves the user from having to enter data twice because the link attributes in the service request workflow are common for both N PEs that are part of the attachment circuit e This feature is supported for both Cisco 7600 and Cisco ASR 9000 platforms However a single service cannot include both 7600 and ASR 9000 platforms Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 D2 E OL 21636 01 Appendix D Terminating an Access Ring on Two N PEs Setting Up an NPC Access Ring with Two N PEs W e For the Cisco ASR 9000 platform IOS XR version 3 7 3 and 3 9 0 are supported amp Note Check the on line version of Release Notes for Cisco IP Solution Center 6 0 for the most current information on device and platform support in case updates have occurred since the publication of this guide The implementation of this feature is covered in more detail in the following sections Setting Up an NPC Access Ring with Two N PEs Terminating an NPC access ring on two N PEs is achieved by using the standard method of setting up an NPC ring in ISC The basic steps for doing this are described the Cisco IP Solution Center Infrastructure Reference 6 0 Additional information is provided in this guide in the section Creating Named Physical Circuits page 2 8 In normal cases a ring would be closed by connecting the devices via physical interfaces When terminating an acc
434. pts you to allocate a different VC ID If the VC ID lies outside of the ISC VC ID pool ISC does not perform any verification about whether or not the VC ID allocated The operator must ensure the VC ID is available e The VC ID can be entered only while creating a service If you are editing the service request the VC ID field is not editable Check the Enable PseudoWire Redundancy check box to enable pseudowire redundancy alternative termination device under certain conditions See Appendix D Terminating an Access Ring on Two N PEs and specifically the section Using N PE Redundancy in FlexUNI EVC Service Requests page D 3 for notes on how this option can be used If the AutoPick VC ID attribute was unchecked enter a VC ID for the backup pseudowire in the Backup PW VC ID field See the usage notes for the AutoPick VC ID attribute in Step 7 above The backup VC ID behaves the same as the VC ID of the primary pseudowire Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 aa E OL 21636 01 Chapter4 Managing a FlexUNI EVC Ethernet Service Request Step 8 Step 9 Step 10 Step 11 Step 12 Setting the Service Request Details W Check the Configure Bridge Domain check box to determine bridge domain characteristics The behavior of the Configure Bridge Domain option works in tandem with the choice you selected in the MPLS Core Connectivity Type option in the FlexUNI EVC policy which in this cas
435. quest settings or the link type For example if the MPLS core connectivity type of the FlexUNI EVC policy is VPLS or local the pseudowire related attributes will not appear Also setting the link as FlexUNI or non FlexUNI will change the attributes that appear in the window In addition attributes are filtered based on device type IOS or IOS XR These and other cases are noted in the steps for reference Some possible presentations of the Standard UNI attributes are shown in Figure 4 5 through Figure 4 7 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 ana OL 21636 01 Chapter4 Managing a FlexUNI EVC Ethernet Service Request Setting the Service Request Details W Figure 4 5 is an example of a direct connect link for a Cisco 7600 device running IOS with pseudowire core connectivity configure bridge domain enabled and the FlexUNI check box checked Figure 4 5 Standard UNI Details Window Cisco 7600 Configure Bridge Domain Enabled Standard UNI Details Attribute Value N PE U PE Information pet Interface Name FastEthernet2 Encapsulation DOT1Q PE UNI Interface Description UNI Shutdown E N PE Pseudo wire On SVI L PW Tunnel Selection r Interface Tunnel 0 2147483647 Note Required Field Step2 of2 204846 e e e ea Figure 4 6 is an example of a direct connect link for a Cisco ASR 9000 running IOS XR with pseudowire core connectivity configure bridge domain enabl
436. r Guide 6 0 OL 21636 01 EE About This Guide e Chapter 3 Creating a FlexUNI EVC Ethernet Policy provides information on creating a FlexUNI EVC policy e Chapter 4 Managing a FlexUNI EVC Ethernet Service Request provides information on creating deploying monitoring and saving FlexUNI EVC service requests e Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy provides information on creating a FlexUNI EVC ATM Ethernet Interworking policy e Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request provides information on creating deploying monitoring and saving FlexUNI EVC ATM Ethernet Interworking service requests e Chapter 7 Creating an L2VPN Policy provides information on creating an L2VPN policy e Chapter 8 Managing an L2VPN Service Request provides information on creating deploying monitoring and saving a L2VPN service requests e Chapter 9 Creating a VPLS Policy provides information on creating a VPLS policy e Chapter 10 Managing a VPLS Service Request provides information on creating deploying monitoring and saving VPLS service requests e Chapter 11 Deploying Monitoring and Auditing Service Requests provides information on how to deploy manage and audit service requests and how to access task logs e Chapter 12 Using Autodiscovery for L2 Services provides an overview of L2 service discovery
437. r Guide 6 0 I OL 21636 01 g A23 AppendixA Sample Configlets HE ATM over MPLS VC Mode ATM over MPLS VC Mode Configuration Service L2VPN e Feature ATM over MPLS ATMoMPLS a type of AToM in VC mode e Device configuration The N PE is a Cisco 7200 with IOS 12 0 28 S NoCE NoU PE L2VPN point to point ATMoMPLS C7200 ATM2 0 Configlets U PE N PE None interface ATM2 0 34234 point to point pve 213 423 12transport encapsulation aal5 xconnect 99 99 4 99 89025 encapsulation mpls Comments e The N PE is any MPLS enabled router e L2VPN provisioning is on the ATM VC connection Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 e OL 21636 01 AppendixA Sample Configlets ATM over MPLS VP Mode W ATM over MPLS VP Mode Configuration e Service L2VPN e Feature ATM over MPLS ATMoMPLS a type of AToM in VP mode e Device configuration Configlets U PE The N PE is a Cisco 7200 with IOS 12 0 28 S Interface s ATM2 0 No CE No U PE L2VPN point to point ATMoMPLS N PE None pseudowire class ISC pw tunnel 123 encapsulation mpls preferred path interface tunnel123 disable fallback I interface ATM2 0 atm pvp 131 12transport xconnect 99 99 4 99 89024 pw class ISC pw tunnel 123 Comments e The N PE is any MPLS enabled router e L2VPN provisioning is on the ATM VP connection e The L2VPN pseudowire is mapped to a
438. r N PE on the same ring is treated as the secondary N PE To change the primary and secondary N PE you must modify the attachment circuits in the service request e Configlets are generated according to the configuration specified in the service request ISC generates identical configlets on both of the N PEs in the attachment circuit AC The Link Attributes sections are common for both N PEs e For FlexUNI EVC services N PE redundancy is supported for PPEUDOWIRE and VPLS core connectivity types e Incase of VPLS core connectivity all N PEs in NPC rings are configured to have Layer 2 Virtual Forwarding Interface VFI and all N PEs on the same VPLS VPN participate in the VPLS service at the same time e In the case of PPEUDOWIRE core connectivity the following notes apply Ifthere is N PE redundancy on both sides a point to point pseudo wire PW will be configured between the N PEs that were specified as the terminating N PE devices during the NPC creation between primary N PEs One more point to point PW will be configured between the N PEs that were not specified as the terminating N PE devices during NPC creation The VC IDs of these pseudowires will be common Ifthere is N PE redundancy on only one side then the Pseudowire Redundancy option must be checked in the GUI in the Service Request Details section of the of the FlexUNI EVC Service Editor window The primary PW will connect the primary N PE of the dual homed ring
439. r an MPLS core Cisco s Any Transport over MPLS AToM enables supports these services These implementations in turn support service types as follows Ethernet Wire Service EWS The MEF term for this service is EPL Ethernet Relay Service ERS The MEF term for this service is EVPL ATM over MPLS ATMoMPLS Frame Relay over MPLS FRoMPLS Instructions on creating policies and service requests for these services are provided in other chapters of the guide For more information see the following sections e Point to Point Ethernet EWS and ERS EPL and EVPL page E 5 e ATM over MPLS ATMoMPLS page E 8 e Frame Relay over MPLS FRoMPLS page E 9 Point to Point Ethernet EWS and ERS EPL and EVPL The EWS and ERS services also known as EPL and EVPL respectively in MEF terminology are delivered with the Cisco Metro Ethernet offering The same network architecture can simultaneously provide both ERS EPL and EWS EVPL connections to diverse customers Additionally this Metro Ethernet infrastructure can be used for access to higher level services such as IP based virtual private networking public internet communications Voice over IP or a combination of all applications Ethernet Wire Service EWS or EPL An Ethernet Virtual Circuit EVC connects two physical User to Network Interfaces UNI such that the connection appears like a virtual private line to the customer VLAN transparency and control protocol tunne
440. r nonegotiate Enter a Link Duplex optional of None Full Half or Auto Check the Use Existing ACL Name check box if you want to assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Check the UNI Port Security check box see Figure 3 5 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Viol
441. r of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d Inthe Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 9 26 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes 0 1440 Violation Action PROTECT v Secure MAC Addresses Edit 5 g Check the Enable Storm Control check box see Figure 9 27 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 x OL 21636 01 Chapter 9 Creating a VPLS Policy Defining an Ethernet ERMS EVP LAN Policy withoutaCE W Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Figure 9 27 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 Iv Broadcast Traffic 0 0 100 0 v Multicast Traffic 0 0 100 0 amp v 138440 Step 23 Click the Next button if you want to enable template su
442. r tree and select it Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 u OL 21636 01 Appendix B Working with Templates and Data Files Step 4 Step 5 Step 6 Using Templates with Service Requests The template is listed in the right side of the GUI along with any data files that are associated with it This example uses the AccessListl template in the Examples directory as shown in Figure B 9 Figure B 9 Templates Datafile Chooser Window with No Data File Listed Template DataFile Chooser E Certificate B Configure_PE_as_ASBR_VPN_S 1 7 Protocol IP View E Contigure _PE_as_ASBR_non v 5 protocok TCP aw B Remove_PE_as_A amp SBR_VPN_Sp E a1 template Rows per page 10 Firewall IPsec Template AccessList1 SDIA Channelization SJExamples Show Data Files Name 7 matching Show B Aneesa ia Showing 1 2 of 2 records E AccessList1 E cewencos OCEL e Deseniption in RU crag O O II d cotopage 1 of 1 Pages Ga D DI Qs Create Data File Accept Cancel Baas Click the Create Data File button to create a data file dynamically in the workflow The Data File Editor window appears as shown in Figure B 10 Figure B 10 Data File Editor Window Data File Editor Template JExamples AccessList1 Data File Name Description Variables Ee String Vars protocol a String vars Required Fields I Display
443. rastructure This is configured by associating all of the customer traffic on these interfaces to a bridge domain This consumes a VLAN ID on the N PE equal to the bridge domain ID Some interfaces on the N PE are FlexUNI capable while others are switch port based In such cases all of the customer traffic on the interfaces that are configured with the EVC infrastructure are associated to a bridge domain The traffic on the non FlexUNI interfaces and all the access nodes interfaces beyond this N PE are configured with the Service Provider VLAN ID where the Service Provider VLAN ID is the same as the bridge domain ID for the EVC based services Only two interfaces on the N PE are involved and both are based on FlexUNI capable line cards In the first case the operator might choose not to configure the bridge domain option In this case the connect command that is used for the local connects are used and the global VLAN is conserved on the device If the operator chooses to configure with the bridge domain option both interfaces are associated to a bridge domain ID so that additional local links can be added to the service in future This consumes a VLAN ID bridge domain ID on the N PE VPLS This option is not supported for FlexUNI EVC ATM Ethernet Interworking policies and services requests Note Attributes available in subsequent windows of the policy workflow dynamically change based on the choice made for the MPLS Core Co
444. rching for a template name having the name of the original template followed by a suffix Negate This takes place at deployment time Negate templates are dynamically instantiated based on the device attributes of the template to which it is associated Note Optional attributes such as device type line card type port type and software version applied to a template automatically apply to the corresponding negate template The optional attributes cannot be applied directly to negate templates When a service is decommissioned the appropriate negate template is deployed The data file for a negate template is selected during deployment as follows e If only one data file is associated with the negate template the data file is automatically selected e If multiple data files are found the data file with same name as template is selected e If multiple data files are found but no data file with the same name exists the template is skipped e If no data file is found the template is skipped The following points cover the behavior of templates in various modification scenarios I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix B Working with Templates and Data Files HI Using Templates with Service Requests If you change the template associated with a service request the negate template automatically changes to the negate template of the newly selected template In this case
445. re 7 12 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes 0 1440 Violation Action PROTECT v oO Secure MAC Addresses Edit 5 Check the Enable Storm Control check box see Figure 7 13 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter7 Creating an L2VPN Policy HZ Defining an Ethernet EWS EPL Policy with a CE Figure 7 13 Enable Storm Control Enable Storm Control Iv UHI Storm Control Unicast Traffic 0 0 100 0 Q Iv Broadcast Traffic 0 0 100 0 Iv Multicast Traffic 0 0 100 0 G Iv 138440 Step 25 Check the Protocol Tunnelling check box see Figure 7 14 if you want to define the Layer 2 Bridge Protocol Data Unit BPDU frames that can be tunneled over the core to the other end Figure 7 14 Protocol Tunnelling Protocol Tunnelling Iv v Enable cdp Iv v cdp shutdown threshold 0 4096 iv cdp drop threshold Q 0 4096 v Enable vtp Iv v vtp shutdown threshold 0 40
446. re a pseudowire on the MPLS core directly under a service instance for E Line only Configure a pseudowire on the MPLS core under a switch virtual interface SVI by associating it to a bridge domain S Note The appropriate VLAN manipulations are applicable to pseudowire in both cases Associate traffic from different interfaces and or VLANs onto a single bridge domain with appropriate VLAN manipulations for VPLS Associate traffic from different interfaces and or VLANs onto a single bridge domain with appropriate VLAN manipulations for local connects Platform Support for FlexUNI EVC in ISC 6 0 FlexUNI EVC services are supported on both IOS and IOS XR platforms as detailed in the following sections 10S Platform Support The following IOS platforms are supported for the FlexUNI EVC service e IOS 12 2 33 SRB and SRC e E820 line cards 2x10GE and 20x1GE Shared Port Adaptor SPA Interface Processor 400 SIP 400 line cards version 2 0 2x1GE and 5x1GE The interfaces on the ES20 and SIP 400 line cards support the IOS EVC syntax Two example platform scenarios are covered in the next sections Note that the UNI characteristics and the FlexUNI capabilities of the N PE are not inter dependent Example 1 FlexUNI EVC service requests allow operators to add links with either a EVC capable interface and or the nonEVC capable interface on the N PE For example an operator can add three links to a FlexUNI EVC servic
447. re supported Defining the FlexUNI EVC ATM Ethernet Interworking Policy Step 1 Step 2 Step 3 You must define a FlexUNI EVC ATM Ethernet Interworking policy before you can provision a service A policy can be shared by one or more service requests that have similar service requirements A policy is a template of most of the parameters needed to define a FlexUNI EVC service request After you define it a FlexUNI EVC policy can be used by all the FlexUNI EVC service requests that share a common set of characteristics You create a new FlexUNI EVC policy whenever you create a new type of service or a service with different parameters FlexUNI EVC policy creation is normally performed by experienced network engineers The Editable check box for an attribute in the policy gives the network operator the option of making a field editable If the value is set to editable the service request creator can change the value s of the particular policy attribute If the value is not set to editable the service request creator cannot change the attribute You can also associate Cisco IP Solution Center ISC templates and data files with a service request See Appendix B Working with Templates and Data Files for more about using templates and data files in service requests To define a FlexUNI EVC ATM Ethernet Interworking policy you start by setting the service type attributes To do this perform the following steps Choose Service Design
448. reated VPLS Service Request Editor VPLS Link Editor SRID New Job ID New Policy Name VplsEwsNoCe YPH l2vpn_ews_vpn_1 Select VPN Description H Showing 1 1 of 1 records J N PEPE AGGA PE UNI Interface Circuit Selection Circuit Details Circuit ID Link Attributes i m sw3 GigabitEthernet0 2 v Detail pet FastEthernet0 0 Circuit Details Edit Rows per page 10 gt I lt q Goto page 1 of 1 5 DDI Add Link Delete Link Save Cancel 138465 Note Required Field If you want to review the details of this NPC click Circuit Details in the Circuit Details column The NPC Details window appears and lists the circuit details for this NPC The Circuit ID is created automatically based on the VLAN data for the circuit To edit values that were set by the VPLS policy that is the values that were marked editable during the VPLS policy creation click the Edit link in the Link Attributes column for a link Note For more information on setting attributes in this window see Modifying the VPLS Service Request page 10 10 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 10 Managing a VPLS Service Request HI Modifying the VPLS Service Request Note For information on the Bridge Domain ID attribute which shows up in some VPLS service request scenarios see Modifying the VPLS Service Request page 10 10
449. rface FastEthernet1 0 23 interface FastEthernet8 17 switchport trunk allowed vlan 500 772 I interface FastEthernet1 0 4 no cdp enable no keepalive no ip address switchport trunk allowed vlan 500 772 spanning tree bpdufilter enable mac access group ISC FastEthernet1 0 4 in I mac access list extended Isc FastEthernet1 0 4 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any switchport trunk allowed vlan 1 451 653 659 766 768 772 878 I interface Vlan772 no ip address description L2VPN ERS xconnect 99 99 8 99 89027 encapsulation mpls no shutdown e The N PE is a 7600 with an OSM or SIP 600 module e The U PE is a generic Metro Ethernet ME switch Customer BPDUs are blocked by the PACL E Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets ERS EVPL Point to Point UNI Port Security ERS EVPL Point to Point UNI Port Security Configuration e Service L2VPN Metro Ethernet e Feature ERS EVPL point to point with UNI port security e Device configuration The N PE is a Cisco 7600 with IOS 12 2 18 SXF OSM Interface s FA2 18 The U PE is a Cisco 3550 with IOS 12 2 25 SEC2 Port security is enabled Interface s FA3 31 FA3 23 L2VPN point to point Configlets U PE N PE vlan 788 vlan 788 exit
450. rier Ethernet User Guide 6 0 B2 E OL 21636 01 Appendix B Working with Templates and Data Files Overview W Template Support for IOS and IOS XR The template mechanism is supported for both IOS and IOS XR devices For IOS XR devices the configlet generated from templates data files contains CLI commands and not XML statements For IOS XR devices template support is provided as CLI commands For IOS devices the operator can download a template configlet using the device console Note Note the following known issue in the case of IOS XR devices When a service request is deployed with templates that contain improper or unsupported configurations the service request still goes to the DEPLOYED state This because the IOS XR device does not issue an error report on the improper configuration s deployed RBAC Support for Template Usage Templates and data files are only accessible to users with the proper RBAC role A permission type for data files has been added The permissions allowed for the data files are view create modify and delete Operators cannot view templates data files assigned to other roles and are not permitted to deploy templates data files to which they do not have access See the Cisco IP Solution Center Infrastructure Reference 6 0 for more information on RBAC support for templates data files Template Variables Template variables support most ISC repository variables for MPLS L2VPN VPLS and FlexUNI
451. rier Ethernet User Guide 6 0 I OL 21636 01 a 723 Chapter Creating an L2VPN Policy HZ Defining an Ethernet EWS EPL Policy without a CE Step 3 Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security The Standard UNI Port attribute will be unavailable within service requests based on this policy if the UNI is on an N PE device running IOS XR In previous releases the only Layer 2 VPN support for EWS EPL was from EWS EPL to EWS EPL In ISC 4 1 2 and later support is also from EWS EPL to Network to Network Interface NND as a trunk port To create this new type of service request you need to create an EWS EPL hybrid policy by unchecking the standard UNI flag When using the EWS EPL hybrid policy for service request creation check the Standard UNI Port flag for the EWS EPL side of the connection and uncheck the standard UNI flag for the NNI side of the connection Note Step 4 Step 5 In the case of hybrid services UNI on an N PE running IOS XR is not supported Enter an Interface Format as the slot number port number for the PE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will
452. ristics of a service that is what the service looks like from the perspective of a customer looking in towards the user to network interface UNI device It does not describe how the service is implemented For details about how these service are implemented see the following URL http www cisco com go ce In particular see the documentation on that site on the subject of Cisco IP Next Generation Network NGN Carrier Ethernet Design The IP NGN Carrier Ethernet Design represents key elements of the Cisco IP NGN architecture that enable a best in class implementation for consistent service delivery optimized to meet the specific demands of each service It is the end to end service transport foundation from the network access to the IP MPLS core This design provides integrated linkages with the service and application layer components to offer a converged intelligent reliable and scalable network model to meet current and future network service requirements The IP NGN Carrier Ethernet Design see Figure E 1 provides a platform independent architecture and Ethernet based services model across all Carrier Ethernet platforms This allows service providers to optimize service transport with the intelligence of appropriate networking technologies such as Ethernet IP MPLS multicast pseudowire or hierarchical private virtual LAN services to meet their business and quality of experience goals Note Real world network implementations m
453. rm the following steps Step 1 Click Next The window in Figure 7 21 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation Figure 7 21 Frame Relay with CE Policy Attributes L2VPN Point To Point Policy Editor Attribute Value Editable PE Information CE Information Interface Type ANY ra Interface Format UNI Shutdown E IV PW Tunnel Selection E Vv Note Required Field Step 2 of 3 m oy 211692 Step2 Choose the Interface Type for the CE from the drop down list The choices are e ANY Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 7 29 Chapter7 Creating an L2VPN Policy W Defining a Frame Relay Policy with a CE Step 3 Step 4 amp e Serial e MFR e POS e Hssi e BRI Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose the CE Encapsulation type The choices are e FRAME RELAY e FRAME RELAY IETF Note Step 5 Step 6 Step 7 Step 8 If the Interface Type is
454. rmation about saving a FlexUNI EVC service request see Saving the FlexUNI EVC Service Request page 4 23 Modifying the FlexUNI EVC Service Request Step 1 Step 2 Step 3 You can modify a FlexUNI EVC service request if you must change or modify the links or other settings of the service request To modify a FlexUNI EVC service request perform the following steps Choose Service Inventory gt Inventory and Connection Manager gt Service Requests The Service Requests window appears showing service request available in ISC Check a check box for a service request Click Edit EVC Service Editor window appears I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter4 Managing a FlexUNI EVC Ethernet Service Request W Using Templates and Data Files with a FlexUNI EVC Ethernet Service Request Step4 Modify any of the attributes as desired See the sections start with Setting the Service Request Details section on page 4 2 for detailed coverage of setting attributes in this window amp Note Once the VC ID VPLS VPN ID and VLAN ID have been set in a service request they cannot be modified Step5 To add a template data file to an attachment circuit see the section Using Templates and Data Files with a FlexUNI EVC Ethernet Service Request page 4 22 Step6 When you are finished editing the FlexUNI EVC service request click Save For additional information about
455. rmation about using templates and data files in service requests see Appendix B Working with Templates and Data Files Step 15 Click OK The Service Request Editor window appears showing the default for AC1 changed See Figure 8 37 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter8 Managing an L2VPN Service Request W Saving the L2VPN Service Request Figure 8 37 Service Request Editor with Link Attributes Changed L2VPN Point To Point Service Request Editor So EndToEndWire Editor sis Showing 1 1 of 1 records 1 60 1 a ce3 pe1 Changed VLAN 22 os ce8 pe3 Default YLAN 22 138583 Note Required Field Step 16 When you are finished editing the end to end wires click Save Saving the L2VPN Service Request To save an L2VPN service request perform the following steps Step 1 When you are finished with Link Attributes for all the Attachment Circuits click Save to finish the L2VPN service request creation If the L2VPN service request is successfully created you will see the service request list window See Figure 8 38 The newly created L2VPN service request is added with the state of REQUESTED as shown in the figure Figure 8 38 L2VPN Service Request Created Service Requests Showing 1 4 of 4 records 1 07 7 __ REQUESTEDL2vPN MODIFY admin Customeri L2vpnErsCe 8M 4 06 3 49 PM 2 10 _ REQUESTEDL2VPN ADD admin C
456. rnet User Guide 6 0 OL 21636 01 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Setting the Interface Attributes W Note Attributes available in the Interface Attributes window dynamically change based on the choice made for the MPLS Core Connectivity Type PSEUDOWIRE or LOCAL in the Service Options window see Setting the Service Options page 5 4 For completeness all attributes available for the different core types are documented in the following steps Attributes apply to all core types unless otherwise noted Figure 5 5 EVC Policy Editor Interface Attributes Window EVC Policy Editor Interface Attributes Attribute Value Editable N PEJU PE Information Encapsulation DOTIQTRUNK P Standard UNI Port Vv Vv UNI Shutdown r P Keep Alive E Vv Speed and Duplex Information Link Speed None M Link Duplex None v Use Existing ACL Name E Port Based ACL Name Vv UNI MAC Addresses Vv Fiter BPDU m Vv UNI Port Security E Vv Protocol Tunnelling E Vv N PE Pseudo wire On svi 2 E Vv VLAN Translation NnoC t1 24 Vv MTU size 1500 9216 CS Vv PW Tunnel Selection 2 E Iv Use PseudoWireClass E Vv L2VPN Group Name Isc X E Line Name Note Required Field Step5of6 ra 204842 To set the FlexUNI EVC interface attributes perform the following steps Step1 Choose an Encapsulation type The choices are e DOTIQTRUNK Configures the UNI as a trunk with 802 1q encapsulation If t
457. rnet1 Encapsulation DOT1Q PE UNI Interface Description UNI Shutdown E Use PseudoWireClass E L2VPN Group Name ISC zi E Line Name l Note Required Field Step20f2 204852 lt Back ff next gt I Finish I cance Step 23 The N PE U PE Information and Interface Name fields display the PE device and interface name selected in previous steps These fields are read only Step 24 Choose an Encapsulation type from the drop down list Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Pei D OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step 25 Step 26 Step 27 Step 28 Setting the Service Request Details W The choices are e DOTIQTRUNK Configures the UNI as a trunk with 802 1q encapsulation If the UNI belongs to a directly connected and FlexUNI link this setting signifies that the incoming frames are 802 1q encapsulated and that they match the VLAN ID configured for the link This specific topology does not involve a trunk UNI as such e DOTIQTUNNEL Configures the UNI as an 802 1q tunnel also known as a dotlq tunnel or Q in Q port e ACCESS Configures the UNI as an access port This attribute allows you to deploy different types of UNI encapsulation on different links of a service In the PE UNI Interface Description field enter a description for the interface if desired Check the UNI Shutdown check box if you want to lea
458. rotocol tunnel stp no shutdown 12protocol tunnel vtp 12protocol tunnel shutdown threshold cdp 88 12protocol tunnel shutdown threshold stp 64 12protocol tunnel shutdown threshold vtp 77 12protocol tunnel drop threshold cdp 34 12protocol tunnel drop threshold stp 23 12protocol tunnel drop threshold vtp 45 no shutdown spanning tree portfast spanning tree bpdufilter enable Comments e The N PE is a 7600 with an OSM or SIP 600 module e The VFI contains all the N PEs neighbors that this N PE talks to e The VPLS EMS EP LAN UNI is the same as L2VPN point to point EWS EPL UNI e The SVI is the same as VPLS ERS EVP LAN SVI Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC Pseudowire Core Connectivity UNI Port Security W FlexUNI EVC Pseudowire Core Connectivity UNI Port Security Configuration Service FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with pseudowire core connectivity with UNI port security e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GI2 0 0 The U PE is a Cisco 3750ME with IOS 12 2 25 EY2 Port security is enabled Interface s FA1 14 FA3 23 Configlets U PE N PE vlan 788 interface GigabitEtherne4 0 1 exit no shut l service instance 10 ethernet interface FastEthernet3 23 encapsulation dotiq 500 no ip address rewrite ingress tag push dotlq 555 switchport
459. rovisioning W VPLS can be connected to this VFI The PE router establishes emulated VCs to all the other PE routers in that VPLS instance and attaches these emulated VCs to the VFI Packet forwarding decisions are based on the data structures maintained in the VFI All the PE routers in the VPLS domain use the same VC ID for establishing the emulated VCs This VC ID is also called the VPN ID in the context of the VPLS VPN For more information see the following sections e Multipoint EWS EP LAN for an MPLS Based Provider Core page E 11 e Multipoint ERS EVP LAN for an MPLS Based Provider Core page E 11 e Topology for MPLS Based VPLS page E 11 Multipoint EWS EP LAN for an MPLS Based Provider Core With multipoint EWS also known as EP LAN in MEF terminology the PE router forwards all Ethernet packets received from an attachment circuit including tagged untagged and Bridge Protocol Data Unit BPDU to either e Another attachment circuit or an emulated VC if the destination MAC address is found in the L2 forwarding table VFI e All other attachment circuits and emulated VCs belonging to the same VPLS instance if the destination MAC address is a multicast broadcast address or not found in the L2 forwarding table Multipoint ERS EVP LAN for an MPLS Based Provider Core With multipoint ERS also known as EVP LAN in MEF terminology the PE router forwards all Ethernet packets with a particular VLAN tag received from an attachment
460. rovisioning task No CLI is pushed down in that case This is a general behavior of ISC when a given hardware does not support a feature In these cases it is the user s responsibility to select proper hardware to support the intended service Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 mce E OL 21636 01 Overview APPENDIX D Terminating an Access Ring on Two N PEs This appendix describes how to terminate an access ring on two N PEs for redundancy in case an access link goes down It contains the following sections e Overview page D 1 e Setting Up an NPC Access Ring with Two N PEs page D 3 e Setting Up an NPC Access Ring with Two N PEs page D 3 e Using N PE Redundancy in FlexUNI EVC Service Requests page D 3 e Additional Network Configurations and Sample Configlets page D 5 ISC supports device level redundancy in the service topology This allows the service to remain active in case one access link should drop This is accomplished through support for provisioning termination of access links against two different N PEs This is implemented by allowing an access ring to terminate on two different N PEs This may also be described as a dual homed access ring The N PEs are connected by a logical link using loopback interfaces on the N PEs The redundant link starts from a U PE device and may optionally include PE AGG devices One attachment link is primary and one is secondary The selection is
461. rt Type The choices are e Access Port e Trunk with Native VLAN amp Note Enter a UNI Port Type only if the encapsulation type is DEFAULT Check the UNI Port Security check box see Figure 7 4 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d In the Secure MAC Addresses field enter one or more Ethernet MAC addresses Figure 7 4 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes o 1440 violation Action PROTECT a 7 g Secure MAC Addresses gt Check the Enable Storm Control check box see Figure 7 5 to hel
462. rted Since the Cisco ASR 9000 device is a router all the Layer 2 ports are default trunk There is no option for configuring access ports which restricts support for access port based services Note Unless otherwise noted all of the FlexUNI EVC policy and service request features documented in this guide are applicable for both IOS and IOS XR platforms Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 EN OL 21636 01 Chapter3 Creating a FlexUNI EVC Ethernet Policy Overview of FlexUNI EVC Supportin ISC Hi Device Roles with FlexUNI EVC S Presently ISC has U PE PE AGG and N PE devices The basic PE device role association of ISC continues for FlexUNI EVC policy and service requests In this release of ISC there are no changes made to the PE role assignment A device having FlexUNI EVC capabilities will not call for a change in the existing role assignment in ISC However FlexUNI EVC capabilities in ISC are supported only for interfaces on N PE and not on PE AGG or U PE devices Note ISC does not support customer edge devices CEs for FlexUNI EVC If the access port contains any DSLAMS non Cisco Ethernet devices and or other Cisco devices that are not supported by ISC such nodes and beyond are not in the scope of ISC In such cases from the ISC perspective the interface on the first ISC managed device is the UNI Topology Overview for FlexUNI EVC This section provides examples of v
463. rts a hybrid configuration for FlexUNI EVC service requests In a hybrid configuration the forwarding commands such as xconnect for one side of an attachment circuit can be configured under a service instance and the xconnect configuration for the other side of the attachment circuit can be configured under a switch virtual interface SVI For examples of these cases see configlet examples FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI and FlexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI N PE Pseudo wire on SVI is applicable for all connectivity types PSEUDOWIRE VPLS and LOCAL but a hybrid SVI configuration is possible only for pseudowire connectivity When MPLS Core Connectivity Type is set as VPLS the N PE Pseudo wire on SVI attribute is always enabled in the policy and service request When MPLS Core Connectivity Type is set as LOCAL connectivity type the N PE Pseudo wire on SVI attribute is always disabled in the policy and service request The N PE Pseudo wire on SVI attribute is not supported for IOS XR devices Only subinterfaces are supported on ASR 9000 devices service instance is not supported All the xconnect commands are configured on L2 subinterfaces Table 3 2 shows various use cases for hybrid configuration for FlexUNI EVC service requests Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter3 Creating a
464. rvice Instance Name A 41 exUNI EVC No AutoPick Service Instance Name No Service Instance Name A 42 exUNI EVC User Provided Service Instance Name Pseudowire Core Connectivity A 43 exUNI EVC User Provided Service Instance Name Local Core Connectivity A 44 exUNI EVC User Provided Service Instance Name VPLS Core Connectivity A 45 exUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Point to Point Circuit A 46 exUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit A 47 exUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit A 48 exUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit A 49 exUNI EVC ATM Ethernet Interworking Local Core Connectivity Multipoint Circuit A 50 exUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit A 51 exUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit A 52 F F F F F F F F F F F F F F F F F F F F F FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity Multipoint Circuit A 53 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 xi OL 21636 01 Contents W FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit A 54 FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain A 55
465. rvice request see the section Modifying the FlexUNI EVC Service Request page 4 21 For additional information about saving a FlexUNI EVC service request see Saving the FlexUNI EVC Service Request page 4 23 Setting Links with L2 Access Nodes The Links with L2 Access Nodes section of the EVC Service Request Editor window allows you to set up links with L2 Ethernet access nodes These are similar to direct connect links except that they have L2 Ethernet access nodes beyond the N PE towards the CE Therefore NPCs are involved The steps for setting up links with L2 access nodes are similar to those covered in the section Setting Direct Connect Links page 4 10 See that section for detailed steps on the following common operations e Adding and deleting links e Selecting the N PE Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a20 OL 21636 01 _ Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Step 1 Step 2 Step 3 Step 4 Modifying the FlexUNI EVC Service Request W e Choosing the UNI interface e Setting the link as a FlexUNI link e Editing the standard and FlexUNI link attributes The main difference in setting up links with L2 access does is specifying the NPC details Perform the following steps to set the NPC details for links with L2 access nodes The first step in the process of adding a link using NPCs is selecting the U PE PE AGG device rather than the N PE If only
466. s Step 19 Step 20 Step 21 Step 22 If Push is the Rewrite Type two text boxes appear a In the text box Outer VLAN ID enter an outer VLAN ID tag that will be imposed on the incoming frames that fulfill the match criteria All service requests created with this setting push a dotlq outer tag on the incoming frames matching the match criteria If a value is not provided the push operation is ignored and not configured on the device b In the text box Inner VLAN ID enter an inner VLAN ID tag that will be imposed on the incoming frames that fulfill the match criteria All service requests created with this setting push a dotlq inner tag on the incoming frames matching the match criteria The Inner VLAN tag cannot be pushed without an Outer VLAN tag That is when pushing an Inner VLAN tag the Outer VLAN tag also must be defined If Translate is the Rewrite Type a Translation Type drop down list appears The choices available in this list vary depending on the setting of the Match Inner and Outer Tags attribute set in a previous step a Ifthe Match Inner and Outer Tags check box is checked true choose a translation type of 1 1 1 2 2 1 or 2 2 from the Translation Type drop down list If you choose 1 1 or 2 1 enter a value in the Outer VLAN ID text box that appears The outer tag of all the incoming frames that fulfill the match criteria will be translated to this ID If you choose 1 2 or 2 2 enter values in the O
467. s ATM1 0 0 370 The N PE 2 is a Cisco ASR 9000 with IOS XR 3 9 0 Interface s GigabitEthernet0 0 0 25 341 Configlets N PE 1 ATM N PE 2 Ethernet interface GigabitEthernet0 0 0 25 341 interface ATM1 0 0 370 point to point 12transport no atm enable ilmi trap encapsulation dotiq 341 pve 0 370 12transport rewrite ingress tag push dotiq 430 encapsulation aal5snap second dotiq 349 symmetric xconnect 10 20 21 1 4531 pw class ISC pw tunnel 1 12vpn bridge group tml bridge domain CISCO interface GigabitEthernet0 0 0 25 341 l neighbor 192 169 105 20 pw id 32190 Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 BASS AppendixA Sample Configlets WE FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with pseudowire core connectivity for end to end circuit with multiple links Bridge domain is enabled One link terminates on an ATM interface on N PE 1 and the other non flex link terminates on an Ethernet interface on N PE 2 e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 0 370 The N PE 2 is a Cisco ASR 9000 with IOS XR 3
468. s an ERS EVPL service If you later add an EWS EPL service to the same port the EWS EPL service will overwrite the previous ERS EVPL provisioning The major difference between ERS EVPL and EWS EPL is the L2PT BPDU treatment For ERS EVPL BPDU is blocked For EWS EPL BPDU is tunneled e Asan ERS EVPL service the 2 1 VLAN translation can share the same port just like a regular ERS EVPL port e An ERS EVPL 2 1 service can be added on top of an existing EWS EPL service Upon completion of the service request creation ISC does an integrity check before saving the service request For 2 1 VLAN translation ISC rejects the service request if the CE VLAN and outer tag PE VLAN combination has been used for another 2 1 VLAN translation on the same port Modifying a Service Request For both 1 1 and 2 1 VLAN translation you can perform the following modifications on an existing service request e Change to a new CE VLAN to be translated from e All other normal changes for a service request are permitted However the following modifications are not allowed e You cannot change the VLAN translation type for a given AC For instance you cannot change from 2 1 to 1 1 VLAN translation e You cannot change the place where 2 1 VLAN translation occurs Deleting a Service Request During service request deletion the following resources are released For 1 1 VLAN translation e The CE VLAN becomes available to be translat
469. s column to specify the UNI attributes FlexUNI Details Window If the FlexUNI check box is checked the FlexUNI Details window appears as shown in Figure 4 4 Figure 4 4 FlexUNI Details Window FlexUNI EVC Details FlexUNI EVC Attributes AutoPick Service Instance ID IV Service Instance ID l 1 8000 AutoPick Service Instance Name E Eie aranca AutoPick Bridge Domain LAN ID IV ae ed 1 4096 VLAN Match Criteria Match Inner and Outer Tags r Outer VLAN ID 1 4096 VLAH Rewrites Rewrite Type Push pa Outer VLAN ID 1 4096 Inner VLAN ID 1 4096 Note Required Field wo Step 1 of 2 5 m e oy g All of the fields in the FlexUNI Details screen are enabled based on the policy settings For example if Both Tags is selected in the policy and is editable then the Match Inner and Outer Tags check box will be selected and editable in this window The behavior is similar for the other attributes in the FlexUNI Details window Check the AutoPick Service Instance ID check box to specify that the service instance ID will be autogenerated and allocated to the link during service request creation If the check box is unchecked you must specify the service instance ID see the next step Usage notes e The service instance ID represents an Ethernet Flow Point EFP on an interface in the EVC infrastructure The service instance ID is locally significant to the interface This ID has
470. s for details on how ISC autogenerates the connect name Because the device only accepts a maximum of 15 characters for the connect name the connect name is generated using the following format CustomerNameTruncatedToMaxPossibleCharacters_ServiceRequestJobID For example if the customer name is NorthAmericanCustomer and the service request job ID is 56345 the autogenerated connect name would be NorthAmer_56345 The CLI generated would be connect NorthAmer_56345 GigabitEthernet7 0 5 11 GigabitEthernet7 0 4 18 In this case 11 and 18 are service instance IDs e If the policy setting for Configure Bridge Domain is non editable the option in the service request will be read only Check the Use Split Horizon check box to enable split horizon with bridge domain Usage notes e The Use Split Horizon attribute is disabled by default e The Use Split Horizon attribute can be used only when the Configure Bridge Domain check box is checked enabled e When Use Split Horizon is enabled the bridge domain command in the CLI will be generated with split horizon When it is disabled the bridge domain command will be generated without split horizon Click the Click here link of the Description attribute to enter a description label for the service request A dialogue appears in which you can enter a description To set up direct connect links see the section Setting Direct Connect Links page 4 10 To set up links with L2 a
471. s using this FlexUNI EVC policy can modify the editable parameter during FlexUNI EVC service request creation To set the FlexUNI EVC service options perform the following steps Step1 Check the CE Directly Connected to FlexUNI check box if the CEs are directly connected to the N PE This check box is not checked by default Usage notes e If the check box is checked a service request created using this policy can have only directly connected links No Ethernet access nodes will be involved e If the check box is unchecked a service request created using this policy might or might not have Ethernet access nodes in the links e When a CE is directly connected to the N PE NPCs are not applicable to the link while creating service requests e When a CE is not directly connected to the N PE NPCs are used during service request creation as per standard ISC behavior There is no change in NPC implementation to support FlexUNI EVC functionality Step2 Check the All Links Terminate on FlexUNI check box if all links need to be configured with FlexUNI EVC features This check box is not check by default Usage notes e If the check box is checked a service request created using such policy will have all links using the FlexUNI EVC feature Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a E OL 21636 01 Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Setting the Service Options Ti
472. same VPN can be used by service requests with LOCAL and PSEUDOWIRE core types If a VPN for a service request is used with VPLS core type the same VPN cannot be used for service requests with LOCAL or PSEUDOWIRE core type amp Note Ifthe same VPN is used among multiple service requests all having VPLS core type then all these service requests participate in the same VPLS service Choose a VPN Name in the Select column Click Select The EVC Service Request Editor window appears with the VPN name displayed Check the AutoPick VPLS VPN ID check box if you want ISC to choose a VPLS VPN ID Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 ae E OL 21636 01 Chapter4 Managing a FlexUNI EVC Ethernet Service Request Setting the Service Request Details W If you do not check this check box you will be prompted to provide the VPN ID in the VPLS VPN ID field as covered in the next step e When AutoPick VPLS VPN ID is checked ISC allocates a VPLS VPN ID from the ISC managed VC ID resource pool In this case the text field for the VPLS VPN ID option is non editable e If AutoPick VPLS VPN ID is checked and a service request already exists that refers to same VPN object the VPLS VPN ID of the existing service request is allocated to the new service request Step7 If AutoPick VPLS VPN ID was unchecked enter a VPLS VPN ID in the VPLS VPN ID field Usage notes e The VPLS VPN ID value must be an i
473. sco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 ios fy OL 21636 01 Chapter 10 Managing a VPLS Service Request Creating a VPLS Service Request withoutaCE W Note Step 11 When you provision an ERMS EVP LAN service and when you choose a UNI for a particular device ISC determines if there are other services using the same UNI If so a warning message is displayed If you ignore the message and save the service request all of the underlying service requests lying on the same UNI are synchronized with the modified shared attributes of the latest service request In addition the state of the existing service requests is changed to the Requested state If the PE role type is U PE click Select one circuit in the Circuit Selection column The Select NPC window appears If only one NPC exists for the chosen PE and PE interface that NPC is automatically populated in the Circuit Selection column and you need not choose it explicitly Note Step 12 Step 13 Step 14 Step 15 If the PE role type is N PE the columns Circuit Selection and Circuit Details are disabled Choose the name of the NPC from the Select column Click OK Each time you choose a PE and its interface the NPC that was precreated from this PE and interface is automatically displayed under Circuit Selection See Figure 10 12 This means that you do not have to further specify the PE to complete the link Figure 10 12 NPC C
474. seudowire and local connect core types ISC Job Job_ID where Job_ID is the service request job ID For VPLS core type SC VPN_Name VPN_ID where VPN_Name is the name of the VPLS VPN being used and VPN_ID is the VPN ID used in the service request amp Note This attribute is applicable only for supported IOS XR devices Continue with the steps contained in the next section Setting the VLAN Matching Criteria Attributes page 3 13 Setting the VLAN Matching Criteria Attributes Step 1 Prior to the introduction of the FlexUNI capability service providers could either deploy service multiplexed services ERS ERMS or EVPL EVCS or service bundled services on a single port Both could not be supported simultaneously due to the limitations in the infrastructure which only allowed matching the outer most VLAN tag One of the key benefits of FlexUNI EVC support in ISC is to provide a flexible means to examine the VLAN tags up to two levels of the incoming frames and associate them to appropriate Ethernet Flow Points EFPs This allows service providers to deploy simultaneously both the service multiplexed and service bundled services on a single port To set the FlexUNI VLAN matching criteria attributes perform the following steps Check the Both Tags check box to enable service requests created with the policy to match both the inner and outer VLAN tags of the incoming frames If you do not check this check box service requ
475. sociate templates and data files with the policy For instructions about associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter7 Creating an L2VPN Policy Defining an Ethernet ERS EVPL Policy withoutaCE W Step 29 Click Finish Defining an Ethernet ERS EVPL Policy without a CE This section describes defining an Ethernet ERS EVPL policy without a CE present Figure 7 6 is an example of the first page of this policy Figure 7 6 Ethernet ERS EVPL Policy without a CE L2 VPN Point To Point Policy Editor Attribute Value Policy Name L2vpnErsNoCe Customer Policy Owner Provider Global Policy L2VPNERS L2VPN EWS Service Type C Frame Relay C ATM CE Present H Note Required Field Step 1 of 2 Em e oe 138472 Perform the following steps Step 1 Click Next The window in Figure 7 7 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation Cisco I
476. st ISC makes the VLAN unavailable for subsequent service requests within the Ethernet access domain demarcated by the FlexUNI Likewise if a Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Ea OL 21636 01 _ Chapter 3 Creating a FlexUNI EVC Ethernet Policy Step 6 Step 7 Step 8 Setting the FlexUNI Attributes W manually specified VLAN is already in use in the access domain delimited by the FlexUNI ISC will display an error message indicating that the new VLAN ID being specified is already in use on the NPC The operator will be prompted to specify a different VLAN ID which will be provisioned on the L2 access nodes Check the AutoPick Bridge Group Name check box to have ISC autopick the group name for the service request during service request creation If this check box is unchecked the operator will be prompted to specify a group name during service request creation If the check box is checked the group name will default to the customer name amp Note This attribute is applicable only for supported IOS XR devices Check the AutoPick Bridge Domain Name check box to have ISC autopick the domain name for the service request during service request creation Usage notes e If this check box is unchecked the operator will be prompted to specify a domain name during service request creation e Ifthe check box is checked the domain name will default to the following format For p
477. stance This conserves the global VLAN B Without FlexUNI If Configure With Bridge Domain is checked the policy configures pseudowires as in LZ2VPN services with SVIs If Configure With Bridge Domain is unchecked the policy configures pseudowires directly under subinterfaces Only pseudowires can be either configured directly under service instance of the corresponding FlexUNI capable interface or under SVIs associated to the bridge domain e LOCAL as the MPLS Core Connectivity Type If Configure With Bridge Domain is checked the policy allows either point to point or multipoint local connect services If Configure With Bridge Domain is unchecked ISC allows only point to point local connects without bridge domain Step5 Click Next The EVC Policy Editor ATM Interface Attribute window appears as shown in Figure 5 3 Step6 Continue with the steps contained in the next section Setting the ATM Interface Attributes page 5 6 Setting the ATM Interface Attributes This section describes how to set the ATM Interface attributes for the FlexUNI EVC ATM Ethernet Interworking policy as shown in Figure 5 3 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Setting the FlexUNI Attributes i Figure 5 3 EVC Policy Editor ATM Interface Attributes Window EVC Policy Editor ATM Interface Attributes Attribu
478. steps Choose Service Inventory gt Inventory and Connection Manage gt Service Requests The Service Requests window appears Click Create Choose L2VPN from the drop down list L2VPN service requests must be associated with an L2VPN policy You choose an L2VPN policy from the policies previously created see Chapter 7 Creating an L2VPN Policy Choose the L2VPN policy of choice If more than one L2VPN policy exists a list of L2VPN policies appears When you make the choice click OK As soon as you make the choice the new service request inherits all the properties of that L2VPN policy such as all the editable and non editable features and pre set parameters To continue creating an L2VPN service request go to one of the following sections e Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request with a CE page 8 2 e Creating an EWS EPL L2VPN Service Request with a CE page 8 8 e Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request without a CE page 8 11 e Creating an EWS EPL L2VPN Service Request without a CE page 8 16 Creating an ERS EVPL ATM or Frame Relay L2VPN Service Request with a CE This section includes detailed steps for creating an L2VPN service request with a CE present for ERS EVPL ATM and Frame Relay policies If you are creating an L2VPN service request for an EWS EPL policy go to Creating an EWS EPL L2VPN Service Request with a CE page 8 8 After you choose
479. stfoot dar CISCO Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 Text Part Number OL 21636 01 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE ALL STATEMENTS INFORMATION AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California Berkeley UCB as part of UCB s public domain version of the UNIX operating system All rights reserved Copyright 1981 Regents of the University of California NOTWITHSTANDING ANY OTHER WARRANTY HEREIN ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS CISCO AND THE ABOVE NAMED SUPPLIERS DISCLAIM ALL WARRANTIES EXPRESSED OR IMPLIED INCLUDING WI
480. stor of a VPN service from an ISP Each customer can own many customer sites Each customer site belongs to one and only one Customer and can own many CEs For detailed steps to create customers and sites see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Defining Customers and Their Sites page 2 4 Import or add raw devices Every network element that ISC manages must be defined as a device in the ISC repository An element is any device from which ISC can collect information In most cases devices are Cisco IOS routers and switches You can set up devices in ISC manually through autodiscovery or through importing device configuration files For detailed steps for importing adding and collecting configurations for devices see the Cisco IP Solution Center Infrastructure Reference 6 0 See also Chapter 12 Using Autodiscovery for L2 Services Assign devices roles as PE or CE After devices are created in ISC you must define them as customer CE or provider PE devices You do this by editing the device attributes on individual devices or in batch editing through the ISC inventory manager To set device attributes see the Cisco IP Solution Center Infrastructure Reference 6 0 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 1 Getting Started Setting Up Basic ISC Services Hil Setting Up the N PE Loopback Address Within ISC you must set the loopback
481. sts The Service Requests window appears Click Create Choose FlexUNI EVC from the drop down list The Select EVC Policy window appears If more than one FlexUNI EVC policy exists a list of FlexUNI EVC policies appears FlexUNI EVC service requests must be associated with a FlexUNI EVC policy You choose a FlexUNI EVC ATM Ethernet Interworking policy from the policies previously created see Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Choose a FlexUNI EVC ATM Ethernet Interworking policy from the list Click OK The EVC Service Request Editor window appears The new service request inherits all the properties of the chosen FlexUNI EVC ATM Ethernet Interworking policy such as all the editable and non editable features and pre set parameters Continue with the steps contained in the next section Setting the Service Request Details page 6 3 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 e2 E OL 21636 01 Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Setting the Service Request Details W Setting the Service Request Details After you have selected the FlexUNI EVC policy to be used as the basis of the service request the EVC Service Request Editor window appears It is divided into three main sections e Service Request Details e Direct Connect Links no NPCs e Links with L2 Access Nodes involves NPCs This window enables you to specify
482. t If any attributes are missing or incorrectly set ISC displays a warning in the lower left of the window Make any corrections or updates needed based on the information provided by ISC and click the Save button For information on modifying a FlexUNI EVC service request see the section Modifying the FlexUNI EVC Service Request page 6 23 For additional information about saving a FlexUNI EVC service request see Saving the FlexUNI EVC Service Request page 6 24 Setting the ATM Link Attributes This section describes how to set up a direct connect link as an ATM link Perform the following steps to set up the ATM link Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Setting the Service Request Details W In the Direct Connect Links section of the FlexUNI EVC Service Request Editor window specify the device for which you would like to set up an ATM link Choose an ATM interface for the UNI amp Note ATM interfaces are displayed in the drop down list in the UNI column only if the FlexUNI EVC service request is based on an ATM Ethernet Interworking policy type When you choose an ATM interface the check box in the FlexUNI EVC column dynamically disappears from the GUI In the Link Attributes column click the Edit lin
483. t associating templates with policies and how to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Step 24 Click Finish S Note The VC ID is mapped from the VPN ID By default ISC will auto pick this value However you can set this manually if desired This is done by editing the associated VPN configuration The Edit VPN window has an Enable VPLS check box When you check this box you can manually enter a VPN ID in a field provided For more information on creating and modifying VPNs see the Cisco IP Solution Center Infrastructure Reference 6 0 Defining an MPLS EMS EP LAN Policy with a CE This section describes defining a VPLS policy with an MPLS core type and an EMS EP LAN service type with CE present Figure 9 10 is an example of the first page of this policy Figure 9 10 MPLS EMS EP LAN Policy with a CE VPLS Policy Editor Attribute Value Policy Name VplsMp IsEmsCe Customer Policy Owner Provider Global Policy X MPLS Core Type ethernet 2 O Ethernet Relay Multipoint Service ERMS Service Type Ethernet Multipoint Service EMS CE Present v Note Required Field Step 1 of 3 fey es _____t 204783 OL 21636 01
484. t attachment circuit AC2 AC2 Interface Encap Type Encapsulation type used for the second attachment circuit AC2 AC2 AccessDomain Access domain name for the second attachment circuit AC2 AC2 Customer Facing UNI Customer facing UNI port of the second attachment circuit AC2 AC2 Loopback IP Address Loop back address for the second attachment circuit AC2 AC2 STP Shutdown Threshold Spanning Tree Protocol shutdown threshold for the second attachment circuit AC2 AC2 VTP Shutdown Threshold VLAN Trunk Protocol shutdown threshold for the second attachment circuit AC2 AC2 CDP Shutdown Threshold Cisco Discovery Protocol shutdown threshold for the second attachment circuit AC2 AC2 STP Drop Threshold Spanning Tree Protocol drop threshold for the second attachment circuit AC2 AC2 CDP Drop Threshold Cisco Discovery Protocol drop threshold for the second attachment circuit AC2 VTP Drop Threshold VLAN Trunk Protocol drop threshold for the second attachment circuit AC2 AC2 UNI Recovery Interval Recovery interval of the UNI port for the second attachment circuit AC2 AC2 UNI Speed UNI port speed for the second attachment circuit AC2 AC2 UNI Shutdown Shutdown status of the UNI port for the second attachment circuit AC2 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter 13 Generating L2 and VPLS Reports W sL2 and VPLS Reports e AC2 UNI
485. t1 Ga DDI View Configlet OK 138529 Step2 Choose the device for which you want to view the configlet Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g io Chapter11 Deploying Monitoring and Auditing Service Requests HI Monitoring Service Requests Step3 Click View Configlet The Configlet for Device window appears See Figure 11 9 Figure 11 9 L2VPN or VPLS Configlet Example Service Request Configlet Configlet for Device pe1 Configlet 1 Job ID 13 Created 2005 09 15 14 15 02 interface Ethernet4 3 1 encapsulation dotiQ 1 xconnect 10 8 0 103 104 encapsulation mpls no shutdown OK 138530 The device configlet shows all commands downloaded to the device configuration during the service request deployment operation Step4 Click OK to exit Monitoring Service Requests To monitor a service request that is being deployed you must use the task logs to help you troubleshoot why a service request has failed or to find more details about a service request To monitor a service request perform the following steps Step 1 Choose Monitoring gt Task Manager The Tasks window appears See Figure 11 10 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 EIZUE OL 21636 01 Chapter 11 Deploying Monitoring and Auditing Service Requests Monitoring Service Requests W Figure 11 10 Tasks Window
486. tEthernet0M 4 0 100 CE Name iscind 2600 2 CE Interface FastEthernet00 100 VPN VPN_A Operation Type MODIFY State DEPLOYED Situ ecage nt 2002 A ee Associated data file s JExamples AccessList1 Protocol IP 211653 The Associated data file s row displays a link for each data file associated with the service request as shown in the figure Click a data file link to display the configlet for the template After viewing the configlet click OK to close the configlet display window Click OK to close the Service Request Details window As an alternative you can access the data files associated with a service request by clicking on the paper clip icon in the Service Requests window The Service Request Datafile Details window appears as shown in Figure B 13 Figure B 13 Service Request Datafile Details Window Service Request Datafile Details Data file Details for Service Request with Job ID 21 Data Files Examples AccessList1 Protocol IP 211654 The window displays only a list of the data files associated with the service request Click a data file link to display the configlet for the template After viewing the configlet click OK to close the configlet display window Click Close to close the Service Request Datafile Details window and return to the Service Requests window Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 S APPENDIX Setting Up VLA
487. tails Ethernet0 3 138516 Note Required Field Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Ez OL 21636 01 Chapter 10 Managing a VPLS Service Request Creating a VPLS Service Request witha CE W amp Note When you provision an ERMS EVP LAN service and when you choose a UNI for a particular device ISC determines if there are other services using the same UNI If so a warning message is displayed If you ignore the message and save the service request all of the underlying service requests lying on the same UNI are synchronized with the modified shared attributes of the latest service request In addition the state of the existing service requests is changed to the Requested state Step 11 Click Select one circuit in the Circuit Selection column The Select NPC window appears If only one NPC exists for the chosen CE and CE interface that NPC is automatically populated in the Circuit Selection column and you need not choose it explicitly Step 12 Choose the name of the NPC from the Select column Step 13 Click OK Each time you choose a CE and its interface the NPC that was precreated from this CE and interface is automatically displayed under Circuit Selection See Figure 10 6 This means that you do not have to further specify the PE to complete the link Figure 10 6 NPC Selected VPLS Service Request Editor VPLS Lin
488. tandard UNI link attributes in the next steps Editing the Standard UNI Attributes The following steps cover setting the attributes in the Standard UNI Details window In the case of a link which is not set as a FlexUNI link by not checking the FlexUNI check box in the Service Request Details window editing the link attributes begins with this window Note The attributes that appear in the Standard UNI Details window are dynamically configured by ISC Some of the attributes covered in the steps below might not appear in the window depending on the policy and service request settings or the link type For example if the MPLS core connectivity type of the FlexUNI EVC policy is local the pseudowire related attributes will not appear Also setting the link as FlexUNI or non FlexUNI will change the attributes that appear in the window In addition attributes are filtered based on device type IOS or IOS XR These cases are noted in the steps for reference Some possible presentations of the Standard UNI attributes are shown in Figure 6 4 through Figure 6 6 Figure 6 4 is an example of a direct connect link for a Cisco 7600 device running IOS with pseudowire core connectivity configure bridge domain enabled and the FlexUNI check box checked Figure 6 4 Standard UNI Details Window Cisco 7600 Configure Bridge Domain Enabled Standard UNI Details Attribute Value N PE U PE Information pet Interface Name FastEthernet2 Encapsulati
489. tching criteria attributes perform the following steps Step 1 Check the Both Tags check box to enable service requests created with the policy to match both the inner and outer VLAN tags of the incoming frames If you do not check this check box service requests created with the policy will match only the outer VLAN tag of the incoming frames Checking the Both Tags attribute causes the Inner VLAN Ranges attribute covered in the next steps to appear in the FlexUNI Attribute window Step2 Check the Inner VLAN Ranges check box to enable the range of inner VLAN tags to be specified during service request creation If the check box is unchecked the range of inner VLAN tags are not allowed In this case the operator must specify discrete VLAN IDs during service request creation Step 3 Continue with the steps contained in the next section Setting the VLAN Rewrite Criteria Attributes page 5 10 Setting the VLAN Rewrite Criteria Attributes Together with VLAN matching criteria VLAN rewrite makes the FlexUNI EVC infrastructure very powerful and flexible The following VLAN rewrite options are supported e Pop one or two tags e Push one or two tags e Translation 1 1 2 1 1 2 2 2 Be aware of the following considerations when setting the VLAN rewrite criteria attributes e Only one kind of rewrite can be done on every CE facing FlexUNI link e All VLAN rewrites are done using the symmetric keyword on the ingress traffic for examp
490. te Value Editable N PE U PE Information Transport Mode VP Iv ATM Encapsulation AAL5SNAP z M Note Required Field To set the ATM interface attributes perform the following steps Step7 Choose the Transport Mode from the drop down list The choices are e VP Virtual path mode This is the default e VC Virtual circuit mode Step8 Choose the ATM Encapsulation from the drop down list e AALSSNAP Step 9 Click Next The EVC Policy Editor FlexUNI Attribute window appears as shown in Figure 5 4 Step 10 Continue with the steps contained in the next section Setting the FlexUNI Attributes page 5 7 Setting the FlexUNI Attributes This section describes how to set the FlexUNI attributes for the FlexUNI EVC ATM Ethernet Interworking policy as shown in Figure 5 4 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 7 Chapter5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy WE Setting the FlexUNI Attributes Figure 5 4 EVC Policy Editor FlexUNI Attribute Window EVC Policy Editor FlexUNI Attributes Attribute Value Editable Service Attribute AutoPick Service Instance ID E IV AutoPick Service Instance Name B Iv Enable Pseudowire Redundancy E IV AutoPick VC ID E Iv AutoPick Bridge Domain VLAN ID E Iv AutoPick Bridge Group Name i IV AutoPick Bridge Domain Name E Iv Match Criteria Both Tags E Iv Rewrite Criteria Pop Outer E Iv Push Outer E Iv Translate Outer B
491. te on the same local N PE Link 1 terminates on an ATM interface link 2 terminates on an ATM interface and link 3 terminates on an ATM interface e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM6 0 0 100 ATM6 0 1 101 ATM6 0 2 102 Configlets N PE 1 ATM N A i vlan 500 exit l interface ATM6 0 0 100 point to point pvc 200 300 encapsulation aal5snap bridge domain 500 1 interface ATM6 0 1 101 point to point pve 201 301 encapsulation aal5snap bridge domain 500 1 interface ATM6 0 2 102 point to point pve 202 302 encapsulation aal5snap bridge domain 500 1 Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 AppendixA Sample Configlets FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit FlexUNI EVC ATM Ethernet Interworking Local Core Connectivity Point to Point Circuit Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with local core connectivity A point to point circuit terminates on different ATM interfaces on same local N PE e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 0 ATM1 0 1 Contiglets N PE 1 ATM N A interface ATM1 0 0 atm pvp 33 12transport interface ATM1 0 1 atm pvp 222 12transport connect Customer1_208
492. ted template data file without removing the entire service Automatic Application of Negate Templates To remove a configuration created from a template data file a negate template must be applied to the existing service This is no longer a manual process in ISC You create both the positive and negate template You can assign a positive template data file to a policy ISC calls the appropriate negate template at the appropriate time as the negate template has a direct relationship with the deploy template ISC determines which negate template to use based on the service request action requested for example deploying or decommissioning a service The negate template has the same name as the template with the addition of the suffix Negate The negate template does not share the data file of the deploy template The negate template must have its own data file defined Compatibility of the Template Mechanism with Previous ISC Releases ISC maintains compatibility with the template mechanism in previous ISC releases Templates created in earlier versions of ISC work as is without any modifications to the templates or the workflow In the case of a policy in the system that was created in an earlier ISC release the GUI workflow for associating templates data files is not visible In such a case the operator adds the template and data files during service deployment as in previous releases of ISC Cisco IP Solution Center L2VPN and Car
493. template file Choose Data File Name or Template Name from the drop down list and enter a search string in the matching field The matching field is not case sensitive and supports wildcards You can further limit the search by using the of Type field to confine the search to a particular service type When listing service requests using Template Name provide the entire path of the template file location for example examples template where examples is the folder name and template implies the template name To view the configlet s for the template s associated with a service request perform the following steps In the Service Requests window check the check box for a service request with an associated template as indicated by a paper clip icon in the Data Files column Click the Details button The Service Request Details window appears as shown in Figure B 12 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Appendix B Working with Templates and Data Files HI Using Templates with Service Requests Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Figure B 12 Service Request Details Window Service Request Details Service Request Details for Job ID 21 Attribute Value Type MPLS State DEPLOYED Operation Type MODIFY Service Request ID 22 Last Modification Time Mon Jan 07 16 23 33 PST 2008 Customer Customer1 Link ID 11 PE Name mipe PE Interface Gigabi
494. tep1 Choose Service Inventory gt Inventory and Connection Manager gt Service Requests The Service Requests window appears Step2 Click Create Step3 Choose VPLS from the drop down list VPLS service requests must be associated with a VPLS policy You choose a VPLS policy from the policies previously created see Chapter 9 Creating a VPLS Policy Step4 If more than one VPLS policy exists a list of VPLS policies appears Choose the button for the VPLS policy of choice Step5 After you make the choice click OK The new service request inherits all the properties of that VPLS policy such as all the editable and noneditable features and preset parameters Creating a VPLS Service Request with a CE This section includes detailed steps for creating a VPLS service request with a CE present In this example the service request is for an VPLS policy over an MPLS core with an ERMS EVP LAN service type and CE present Perform the following steps Step 1 Choose the appropriate VPLS policy The VPLS Service Request Editor window appears See Figure 10 1 Figure 10 1 VPLS Service Request Editor VPLS Service Request Editor VPLS Link Editor SRID New Job ID New Policy Name VplsMplsErsCe VPH Select VPH Description H Showing 0 of 0 records E CE CE Interface Circuit Selection Circuit Details Circuit ID Link Attributes Rows per page 10 x 1 q Goto page 1 of 0 G3 gt Dl Add Link Delete Li
495. teps for such links Setting Direct Connect Links Step 1 Step 2 Step 3 Step 4 Step 5 amp Perform the following steps to set up the direct connect links Most of these steps apply to links with L2 access nodes also Click Add to add a link A new numbered row for the link attributes appears Click Select NPE in N PE column The Select PE Device window appears This window displays the list of currently defined PEs a The Show PEs with drop down list shows PEs by Provider PE Region Name or by Device Name b The Find button allows a search for a specific PE or a refresh of the window c The Rows per page drop down list allows the user to configure the number of entries displayed on the screen at one time In the Select column choose the PE device name for the link Click Select The EVC Service Request Editor window reappears displaying the name of the selected PE in the NPE column Choose the UNI interface from the drop down list in the UNI column Note ISC only displays the available interfaces for the service based on the configuration of the underlying interfaces existing service requests that might be using the interface and the customer associated with the service request You can click the Details button to display a pop up window with information on the available interfaces such as interface name customer name VPN name job ID service request ID service request type translation type and V
496. teps to set up the direct connect links Most of these steps apply to links with L2 access nodes also Click Add to add a link A new numbered row for the link attributes appears Click Select NPE in N PE column The Select PE Device window appears This window displays the list of currently defined PEs a The Show PEs with drop down list shows PEs by Provider PE Region Name or by Device Name b The Find button allows a search for a specific PE or a refresh of the window c The Rows per page drop down list allows the user to configure the number of entries displayed on the screen at one time In the Select column choose the PE device name for the link Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 lt OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Setting the Service Request Details W Step4 Click Select The EVC Service Request Editor window reappears displaying the name of the selected PE in the NPE column Step5 Choose the UNI interface from the drop down list in the UNI column amp Note ISC only displays the available interfaces for the service based on the configuration of the underlying interfaces existing service requests that might be using the interface and the customer associated with the service request You can click the Details button to display a pop up window with information on the available interfaces such as interface name c
497. ter and the intent of the request has been verified at the configuration level That is ISC downloaded the configlets to the routers and the service request passed the audit process Failed Audit This state indicates that ISC downloaded the configlet to the router successfully but the service request did not pass the audit Therefore the service did not move to the Deployed state The Failed Audit state is initiated from the Pending state After a service request is deployed successfully it cannot re enter the Failed Audit state except if the service request is redeployed Failed Deploy The cause for a Failed Deploy status is that DCS reports that either the upload of the initial configuration file from the routers failed or the download of the configuration update to the routers failed due to lost connection faulty password and so on Functional valid only for MPLS services An MPLS service request moves to Functional when the auditor finds the VPN routing and forwarding tables VRF for this service and they match with the service intent This state requires that both the configuration file audit and the routing audit are successful Invalid Invalid indicates that the service request information is incorrect in some way A service request moves to Invalid if the request was either internally inconsistent or not consistent with the rest of the existing network router configurations for example no more in
498. terface UNI device interface of the first attachment circuit AC1 AC1 NPC Named physical circuit for the first attachment circuit AC1 AC2 VLAN ID DLCI VCD VLAN identification number DLCI data link connection identifier or VCD virtual circuit descriptor of the first attachment circuit AC1 AC1 VPI Virtual path identifier for the first attachment circuit AC1 AC1 VCI Virtual channel identifier for the first attachment circuit AC1 AC1 Interface Encap Type Encapsulation type used for the first attachment circuit AC1 AC1 AccessDomain Access domain name for the first attachment circuit AC1 AC1 Customer Facing UNI Customer facing UNI port of the first attachment circuit AC1 AC1 Loopback IP Address Loop back address for the first attachment circuit AC1 AC1 STP Shutdown Threshold Spanning Tree Protocol shutdown threshold in packets second for the first attachment circuit AC1 AC1 VTP Shutdown Threshold VLAN Trunk Protocol shutdown threshold in packets second for the first attachment circuit AC1 AC1 CDP Shutdown Threshold Cisco Discovery Protocol shutdown threshold in packets second for the first attachment circuit AC1 AC1 STP Drop Threshold Spanning Tree Protocol drop threshold in packets second for the first attachment circuit AC1 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P34 g OL 21636 01 _ Chapter 13 Generating L2 and VPLS Reports
499. terfaces were available on the router The Provisioning Driver cannot generate configuration updates to service this request Lost A service request moves to Lost when the Auditor cannot find a configuration level verification of intent in the router configuration files The service request was in the Deployed state but now some or all router configuration information is missing A service request can move to the Lost state only when the service request had been Deployed Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter11 Deploying Monitoring and Auditing Service Requests HI Deploying Service Requests Table 11 1 Summary of Cisco IP Solution Center Service Request States continued Service Request Type Description Pending A service request moves to Pending when the Provisioning Driver determines that the request looks consistent and was able to generate the required configuration updates for this request Pending indicates that the service request has generated the configuration updates and the configuration updates are successfully downloaded to the routers The Auditor regards pending service requests as new requests and begins the audit If the service has been freshly provisioned and not yet audited it is not an error pending audit However if an audit is performed and the service is still pending it is in an error state Requested If the service is newly enter
500. th a CE This section describes how to define a VPLS policy with an MPLS core type and an ERMS EVP LAN service type with CE present Figure 9 2 is an example of the first page of this policy Figure 9 2 MPLS ERMS EVP LAN Policy with a CE VPLS Policy Editor Attribute Value Policy Hame VplsMplsErms ce Customer Policy Owner Provider Global Policy MPLS Core Type O Ethemet Ethernet Relay Multipoint Service ERMS Service Type Li oO Ethernet Multipoint Service EMS CE Present Note Required Field 204781 Step 1 of 3 m a Perform the following steps Step 1 Click Next The window in Figure 9 3 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 mos Chapter9 Creating a VPLS Policy HZ Defining an MPLS ERMS EVP LAN Policy with a CE Figure 9 3 MPLS ERMS EVP LAN with a CE Policy Attributes VPLS Policy Editor Attribute Value Editable CE Information Interface Type ANY bs Interface Format Iv r A Iv UHI Information Standard UNI Port UNI Shutdown lt I lt l Keep Alive Interface Type for UHI Display ANY UNI UNI MAC Addresses IV Link Speed None x Vv Link Duple
501. th a CE page 7 33 e Defining an ATM Policy without a CE page 7 36 Defining an L2VPN Policy You must define an L2VPN policy before you can provision a Cisco IP Solution Center ISC service An L2VPN policy defines the common characteristics shared by the end to end wire attributes and Attachment Circuit AC attributes A policy is a template of most of the parameters needed to define an L2VPN service request After you define it an L2VPN policy can be used by all the L2VPN service requests that share a common set of characteristics You create a new L2VPN policy whenever you create a new type of service or a service with different parameters L2VPN policy creation is normally performed by experienced network engineers A policy can be shared by one or more service requests that have similar service requirements The Editable check box gives the network operator the option of making a field editable If the value is set to editable the service request creator can change to other valid values for the particular policy item If the value is not set to editable the service request creator cannot change the policy item The four major categories of an L2VPN policy correspond to the four major services that L2VPN provides e Point to point Ethernet Relay Service ERS The Metro Ethernet Forum MEF name for this service is Ethernet Virtual Private Line EVPL See Layer 2 Terminology Conventions page E 1 for more information about terms used t
502. th the pseudowire class Configuring the Transport Mode When Pseudowire Classes are Not Supported This section describes how to configure the pseudowire transport mode to be of type Vlan for versions of IOS XR that do not support pseudowire classes This is done through setting a Dynamic Component Properties Library DCPL property See the usage notes following the steps for additional information Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 243 Chapter2 Setting Up the ISC Services HZ Defining L2VPN Group Names for 10S XR Devices Step 1 Step 2 Step 3 Step 4 Step 5 Perform the following steps In ISC navigate to Administration gt Control Center gt Hosts Check a check box for a specific host and click the Config button Navigate to the DCPL property Services Common pseudoWireVlanMode Set the property to true Click Set Property ISC then generates VLAN transport mode configuration for the pseudowire Usage notes e To set the transport mode to Vlan it is recommended that you do this via a pseudowire class if supported by the version of IOS XR being used If the pseudowire class feature is not supported then the transport mode must be set using a DCPL property as explained in the steps of this section e The DCPL property pseudoWireVlanMode only sets the default value for PseudoWireClass TransportMode as Vlan if the DCPL property is set to true Users can always over
503. that the network devices have the correct configuration for the services provided A configuration audit occurs automatically each time you deploy a service request During this configuration audit ISC verifies that all Cisco IOS commands are present and that they have the correct syntax An audit also verifies that there were no errors during deployment The configuration audit verifies the service request deployment by examining the commands configured by the service request on the target devices If the device configuration does not match what is defined in the service request the audit flags a warning and sets the service request to a Failed Audit or Lost state You can create audit reports for new or existing service requests e Audit new services This type of audit is for service requests that have just been deployed The audit identifies problems with the configuration files downloaded to the devices e Audit existing services This type of audit checks and evaluates the configuration of deployed service requests to see if the service request is still in effect We recommend that you schedule a service request audit on a regular basis to verify the state of the network provisioning requests This section describes how to manually generate a configuration audit and view the audit report To view a configuration audit report perform the following steps Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 ua OL
504. the bridge domain If Configure With Bridge Domain is unchecked the policy will configure pseudowires directly under the service instance This will conserve the global VLAN e Without FlexUNI If Configure With Bridge Domain is checked the policy will configure pseudowires under SVIs If Configure With Bridge Domain is unchecked the policy will configure pseudowires directly under subinterfaces Pseudowires can be configured either directly under service instance of the corresponding FlexUNI capable interface or under SVIs associated to the bridge domain Step7 Check the Use Split Horizon check box to enable split horizon with bridge domain Usage notes e The Use Split Horizon attribute is disabled by default e The Use Split Horizon attribute can be used only when the Configure Bridge Domain check box is checked enabled e When Use Split Horizon is enabled the bridge domain command in the CLI will be generated with split horizon When it is disabled the bridge domain command will be generated without split horizon Step8 Click the Click here link of the Description attribute to enter a description label for the service request This is useful for searching the ISC database for the particular service request Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 oL 21636 01 aes Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HI Setting the Service Request Details A dial
505. the device e The bridge domain VLAN ID is picked from the existing ISC VLAN pool Once the VLAN ID is assigned in the service request ISC makes the VLAN ID unavailable for subsequent service requests e Inthe case of manual VLAN ID allocation ISC does not manage the VLAN ID if the ID lies outside the range of an ISC managed VLAN pool In this case the operator must ensure the uniqueness of the ID in the Ethernet access domain If an operator specifies a VLAN ID that is within the range of an ISC managed VLAN pool and the VLAN ID is already in use in the access domain ISC displays an error message indicating that the VLAN ID is in use Note on Access VLAN IDs An access VLAN ID is of local significance to the FlexUNI capable ports It should not be confused with the global VLANs This can be visualized as a partitioning of the Ethernet access network beyond the FlexUNI ports into several subEthernet access domains one each for a FlexUNI capable port However all the service interfaces on the Ethernet access nodes beyond the FlexUNI ports will have this very same VLAN ID for a link This ID must be manually specified by the operator when setting the link attributes during service request creation The operator must ensure the uniqueness of the ID across the FlexUNI demarcated Ethernet access domain These VLAN IDs are not managed by ISC by means of locally significant VLAN pools But once a VLAN ID is assigned for a link in the service reque
506. the drop down list and choose APPEND or PREPEND Append tells ISC to append the template generated CLI to the regular ISC non template CLI Prepend is the reverse and does not append the template to the ISC CLI Step 13 Choose Active to use this template for this service request If you do not choose Active the template is not used Step14 Click OK The Link Attributes with the template added appears See Figure 8 36 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 8 Managing an L2VPN Service Request Figure 8 36 Link Attributes Modifying the L2VPN Service Request W Link Attributes with Template Added Attribute PE Information Interface Name Standard UNI Port PEWNI Interface Description Encapsulation CE Information Interface Hame Encapsulation IP Address with Mask UNI Shutdown Keep Alive VLAH and Other Information VLAN ID AutoPick VLAN Name Link Speed Link Duplex Use Existing ACL Name Port Based ACL Name UNI MAC Addresses UHI Port Security 9 H PE Pseudo wire On SYI VLAN Translation PW Tunnel Selection 9 Interface Tunnel Device Hame ce3 pet Note Required Field Role MANAGED N PE Value pet Ethernet4 3 Iv DOT1Q gt ce3 Ethernet0 DOTIQ x X X XIXXx F r Iv f No 14 24 Vv 0 2147483647 Templates AccessList1 Protocol TCP Cancel 138582 Note For more info
507. the link will always go through a particular interface s slot port location on all or most of the network devices in the service Choose a CE Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Check UNI Shutdown box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Check the UNI check box to display all interfaces defined as type UNI as choices for the UNI interface when creating service requests based on this policy This check box is checked by default Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to
508. the name of the policy on which the service request is based Clicking on the read only policy name displays a list of all the attribute values set within the policy Click Select VPN to choose a VPN for use with this service request The Select VPN window appears with the VPNs defined in the system amp Note The same VPN can be used by service requests with LOCAL and PSEUDOWIRE core types If a VPN for a service request is used with VPLS core type the same VPN cannot be used for service requests with LOCAL or PSEUDOWIRE core type Choose a VPN Name in the Select column Click Select The EVC Service Request Editor window appears with the VPN name displayed Check the AutoPick VC ID check box if you want ISC to choose a VC ID If you do not check this check box you will be prompted to provide the ID in the VC ID field as covered in the next step When AutoPick VC ID is checked ISC allocates a VC ID for pseudowires from the ISC managed VC ID resource pool In this case the text field for the VC ID option is non editable If AutoPick VC ID was unchecked enter a VC ID in the VC ID field Usage notes e The VC ID value must be an integer value corresponding to a VC ID e When a VC ID is manually allocated ISC verifies the VC ID to see if it lies within ISC s VC ID pool If the VC ID is in the pool but not allocated the VC ID is allocated to the service request If the VC ID is in the pool and is already in use ISC prom
509. the service request will not be created with xconnect under SVI even if N PE pseudo wire on SVI is enabled e ISC supports a hybrid configuration for FlexUNI EVC service requests In a hybrid configuration the forwarding commands such as xconnect for one side of an attachment circuit can be configured under a service instance and the xconnect configuration for the other side of the attachment circuit can be configured under a switch virtual interface SVD e N PE Pseudo wire on SVI is applicable for all connectivity types PSEUDOWIRE VPLS and LOCAL but a hybrid SVI configuration is possible only for pseudowire connectivity e When MPLS Core Connectivity Type is set as VPLS the N PE Pseudo wire on SVI attribute is always enabled in the policy and service request e When MPLS Core Connectivity Type is set as LOCAL connectivity type the N PE Pseudo wire on SVI attribute is always disabled in the policy and service request e For examples of these cases see configlet examples FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI and FlexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI e For additional information on the N PE Pseudo wire on SVI attribute see the corresponding coverage in the FlexUNI EVC policy chapter in the section Setting the Interface Attributes e The N PE Pseudo wire on SVI attribute is not supported for IOS XR devices All the xconnect commands are configured
510. tion If this check box is unchecked you are prompted to specify a bridge group name during service request creation see the next step Usage notes e This attribute only displays for IOS XR devices e Ifthe AutoPick Bridge Group Name check box is unchecked enter an bridge group name in the Bridge Group Name text field e The AutoPick Bridge Group Name and Bridge Group Name attributes only appear if Configure Bridge Domain was enabled in the EVC Service Request Editor window earlier in the service request workflow Step 32 Check the AutoPick Bridge Domain VLAN ID check box to have ISC autopick the VLAN ID during service request creation If this check box is unchecked you are prompted to specify a VLAN ID during service request creation see the next step Usage notes e AutoPick Bridge Domain VLAN ID consumes a global VLAN ID on the device e The bridge domain VLAN ID is picked from the existing ISC VLAN pool e The AutoPick Bridge Domain VLAN ID attribute appears for both Cisco 7600 and ASR 9000 devices It will be displayed only for non FlexUNI links Step 33 If the AutoPick Bridge Domain VLAN ID check box is unchecked enter an ID number in the Bridge Domain VLAN ID text field Usage notes e If AutoPick Bridge Domain VLAN ID is checked this field is non editable e When a VLAN ID is manually allocated ISC verifies the VLAN ID to see if it lies within ISC s VLAN ID pool If the VLAN ID is in the pool but not allocate
511. tion about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 Enter an E Line Name to specify the point to point p2p E line name This attribute is only applicable for IOS XR devices If no value is specified for the p2p name ISC generates a default name consisting of the names of the two PEs forming the pseudowire separated by hyphens for example 6503 A 6503 B If the default name is more than 32 characters the device names are truncated Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Enter a Link Media type optional of None auto select rj45 or sfp Usage notes e The default is None e When this attribute is used a new CLI will be generated in the UNI interface to define the media type e The Link Media attribute is supported only for ME3400 platforms Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto Check the Use Existing ACL Name check box if you want assign your own named access list to the port By default this check box is not checked and ISC automatically assigns a MAC based ACL on the customer facing UNI port based on values you enter in UNI MAC addresses below OL 21636 01 Cisco IP Sol
512. tion type from the drop down list The choices are e DOTIQTRUNK Configures the UNI as a trunk with 802 1q encapsulation If the UNI belongs to a directly connected and FlexUNI link this setting signifies that the incoming frames are 802 1q encapsulated and that they match the VLAN ID configured for the link This specific topology does not involve a trunk UNI as such e DOTIQTUNNEL Configures the UNI as an 802 1q tunnel also known as a dotlq tunnel or Q in Q port e ACCESS Configures the UNI as an access port This attribute allows you to deploy different types of UNI encapsulation on different links of a service Usage notes e When a U PE running with IOS is added in the same circuit terminating on an ASR 9000 functioning in an N PE role the all three encapsulation types values will be visible in the drop down list of the Encapsulation attribute e DOT1Q TUNNEL is not directly supported for ASR 9000 devices Step 25 In the PE UNI Interface Description field enter a description for the interface if desired Step 26 Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Step27 Specify the type of VLAN Translation for the service request by clicking the appropriate radio button The choices are e No No VLAN translation is performed This is the default e 1
513. to be unique only at the interface level The ID must be a value from 1 to 8000 e There are no resource pools available in ISC from which to allocate the service instance IDs I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter4 Managing a FlexUNI EVC Ethernet Service Request HZ Setting the Service Request Details Step 9 Step 10 Step 11 Step 12 Step 13 e In the case of a manually provided service instance ID it is the responsibility of the operator to maintain the uniqueness of the ID at the interface level e This attribute is not displayed for IOS XR devices If the AutoPick Service Instance ID check box is not checked enter an appropriate value for the service instance ID in the Service Instance ID field This attribute is not displayed for IOS XR devices Check the AutoPick Service Instance Name check box to specify that the service instance name will be autogenerated If the check box is unchecked you can specify the service instance name see the next step Usage notes e If the check box is checked the Service Instance Name text field is disabled e The service instance name is autogeneratedi n the following pattern CustomerName_ServiceRequestJobID e For example configlets see FlexUNI EVC No AutoPick Service Instance Name No Service Instance Name page A 42 FlexUNI EVC User Provided Service Instance Name Pseudowire Core Connectivity page A 43
514. to use the features in this window see Appendix B Working with Templates and Data Files When you have completed setting up templates and data files for the policy click Finish in the Template Association window to close it and return to the Policy Editor window Click Finish Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter7 Creating an L2VPN Policy Defining a Frame Relay Policy withoutaCE E Defining a Frame Relay Policy without a CE This section describes how to define a Frame Relay policy without a CE present Figure 7 22 is an example of the first page of this policy Figure 7 22 Frame Relay Policy without a CE L2VPN Point To Point Policy Editor Attribute Value Policy Hame FrameRelayNoCe C Customer Policy Owner C Provider Global Policy C L2VPNERS C L2VPN EWS Service Type Frame Relay C A CE Present E Note Required Field Step 1 of 2 ss 138485 Perform the following steps Step 1 Click Next The window in Figure 7 23 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this L2VPN policy can modify the editable parameter during L2VPN service request creation Figure 7 23 Frame Relay without CE Policy Attributes L2VPN Point To Point Policy Editor Attribute Value Editable H PE U PE Information Intertace Type
515. tree bpdufilter enable switchport no keepalive no ip address switchport trunk encapsulation dotlq switchport mode trunk switchport trunk allowed vlan 566 switchport nonegotiate no shutdown mac access group ISC FastEthernet1 0 14 in 1 interface FastEthernet1 0 18 no ip address switchport trunk allowed vlan 566 l mac access list extended ISC FastEthernet1 0 14 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 permit any any Comments e In this example the user does not enable AutoPick Service Instance Name and also leaves the Service Instance Name input field blank e The global command ethernet evc is not generated while the command service instance 43 ethernet is generated e There is no Service Instance Name available and the Service Instance ID is 43 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC User Provided Service Instance Name Pseudowire Core Connectivity FlexUNI EVC User Provided Service Instance Name Pseudowire Core Connectivity Configuration Configlets e FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with pseudowire core connectivity and user provided service instance name e Device configuration The N PE is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s GigabitEthernet7 0 0 The U PE is a Cisco 3750ME
516. tribute PseudoWireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices Choose an L2VPN Group Name from the drop down list The choices are e ISC e VPNSC Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 7 34 OL 21636 01 _ Chapter 7 Creating an L2VPN Policy Step 9 Step 10 Step 11 Step 12 Defining an ATM Policy witha CE W This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 Enter an E Line Name to specify the point to point p2p E line name This attribute is only applicable for IOS XR devices If no value is specified for the p2p name ISC generates a default name consisting of the names of the two PEs forming the pseudowire separated by hyphens for example 6503 A 6503 B If the default name is more than 32 characters the device names are truncated Check the PW Tunnel Selection check
517. tructure Reference 6 0 for details on how to modify report configuration files to create custom reports Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 MEN Chapter 13 Generating L2 and VPLS Reports Creating Custom L2 and VPLS Reports Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Ka OL 21636 01 APPENDIX A Sample Configlets This appendix provides sample configlets for L2VPN and Metro Ethernet service provisioning in ISC It contains the following sections Overview page A 2 ERS EVPL Point to Point page A 4 ERS EVPL Point to Point UNI Port Security page A 5 ERS EVPL 1 1 VLAN Translation page A 7 ERS EVPL 2 1 VLAN Translation page A 8 ERS Pseudowire Class E Line L2VPN Group Name IOS XR Device page A 9 ERS EVPL NBI Enhancements for L2VPN IOS Device page A 10 ERS EVPL or EWS EPL IOS XR Device page A 11 ERS EVPL and EWS EPL Local Connect on E Line page A 14 ERS EVPL EWS EPL ATM or Frame Relay Additional Template Variables for L2 VPN IOS and IOS XR Device page A 15 EWS EPL Point to Point page A 16 EWS EPL Point to Point UNI Port Security BPDU Tunneling page A 17 EWS EPL Hybrid page A 19 EWS EPL Pseudowire Class E Line L2VPN Group Name IOS XR Device page A 22 EWS EPL NBI Enhancements for L2 VPN IOS Device page A 23 ATM over MPLS VC Mode page A 24 ATM over MPLS
518. true choose a translation type of 1 1 1 2 2 1 or 2 2 from the Translation Type drop down list If you choose 1 1 or 2 1 enter a value in the Outer VLAN ID text box that appears The outer tag of all the incoming frames that fulfill the match criteria will be translated to this ID Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 e12 E OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step 21 Step 22 Setting the Service Request Details W If you choose 1 2 or 2 2 enter values in the Outer VLAN ID and Inner VLAN ID text boxes that appear The outer and inner tags of all the incoming frames that fulfill the match criteria will be translated to these IDs b If the Match Inner and Outer Tags check box is unchecked false choose a translation type of 1 1 or 1 2 from the Translation Type drop down list If you choose 1 1 enter a value in the Outer VLAN ID text box that appears The outer tag of all the incoming frames that fulfill the match criteria will be translated to this ID If you choose 1 2 enter values in the Outer VLAN ID and Inner VLAN ID text boxes that appear The outer and inner tags of all the incoming frames that fulfill the match criteria will be translated to these IDs Clicked Next to save the settings in the FlexUNI Details window The Standard UNI Details window appears as shown in Figure 6 5 Continue with setting the s
519. trunk allowed vlan 783 787 788 symmetric xconnect 192 169 105 20 505 encapsulation interface FastEthernet1 14 mpls no cdp enable no keepalive no ip address switchport switchport trunk encapsulation dotiq switchport mode trunk switchport trunk allowed vlan none switchport trunk allowed vlan 788 switchport port security switchport nonegotiate switchport port security maximum 45 switchport port security aging time 34 switchport port security violation shutdown switchport port security mac address 3456 3456 5678 spanning tree bpdufilter enable mac access group ISC FastEthernet3 23 in l mac access list extended Isc FastEthernet3 31 deny any host 0100 0ccc cccc deny any host 0100 0ccc cccd deny any host 0100 0ccd cdd0 deny any host 0180 c200 0000 deny any host 1234 3234 3432 permit any any Comments e UNI on U PE e Single match tag is performed e The rewrite operation push pushes the outer VLAN tag of 555 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 EN AppendixA Sample Configlets HZ FlexUNI EVC Pseudowire Core Connectivity UNI without Port Security with Bridge Domain FlexUNI EVC Pseudowire Core Connectivity UNI without Port Security with Bridge Domain Configuration Configlets Comments e Service FlexUNI EVC Metro Ethernet e Feature FlexUNI EVC with pseudowire core connectivity with UNI without port security and with bridge doma
520. ts Run L2 and VPLS reports See Chapter 13 Generating L2 and VPLS Reports A Note on Terminology Conventions The ISC GUI and this user guide use specific naming conventions for Ethernet services These align closely with the early MEF conventions This is expected to be updated in future releases of ISC to conform with current MEF conventions For reference the equivalent terms used by the MEF forum are summarized in Table 1 1 See Layer 2 Terminology Conventions page E 1 for more information on terminology conventions and how these align with underlying network technologies Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 ia OL 21636 01 Chapter 1 Getting Started A Note on Terminology Conventions W Table 1 1 Ethernet Service Terminology Mappings Term Used in ISC GUI and This User Guide L2VPN over MPLS Core Current MEF Equivalent Term Ethernet Wire Service EWS Ethernet Private Line EPL Ethernet Relay Service ERS Ethernet Virtual Private Line EVPL ATM over MPLS ATMoMPLS Frame Relay over MPLS FRoMPLS VPLS Over MPLS Core Ethernet Wire Service EWS or Ethernet Multipoint Service EMS Ethernet Private LAN EP LAN Ethernet Relay Service ERS or Ethernet Virtual Private LAN EVP LAN Ethernet Relay Multipoint Service ERMS VPLS over Ethernet Core Ethernet Wire Service EWS Ethernet Relay Service ERS Ethernet
521. ttern CustomerName_ServiceRequestJobID Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step 11 Step 12 Step 13 Step 14 Step 15 Setting the Service Request Details W e For example configlets see FlexUNI EVC No AutoPick Service Instance Name No Service Instance Name page A 42 FlexUNI EVC User Provided Service Instance Name Pseudowire Core Connectivity page A 43 and FlexUNI EVC User Provided Service Instance Name Local Core Connectivity page A 44 e This attribute is not displayed for IOS XR devices If the AutoPick Service Instance Name check box is not checked enter an appropriate value for the service instance ID in the Service Instance Name field Usage notes e The text string representing the service instance name must be 40 characters or less and contain no spaces Other special characters are allowed e If AutoPick Service Instance Name is unchecked and no service instance name is entered in the text field then ISC does not generate the global ethernet evc evcname command in the device configuration generated by the service request Check the AutoPick Bridge Domain VLAN ID check box to have ISC autopick the VLAN ID for the service request during service request creation If this check box is unchecked the you must specify a bridge domain VLAN ID see the next step Usage
522. ttribute is only applicable for IOS XR devices If the check box is checked an additional attribute PseudoWireClass appears in the GUI Click the Select button of PseudoWireClass attribute to choose a pseudowire class previously created in ISC The pseudowire class name is used for provisioning pw class commands on IOS XR devices See Creating and Modifying Pseudowire Classes for IOS XR Devices page 2 10 for additional information on pseudowire class support for IOS XR devices Choose an L2VPN Group Name from the drop down list The choices are e ISC e VPNSC This attribute is used for provisioning the L2VPN group name on IOS XR devices amp Note The choices in the drop down list are derived from a configurable DCPL property For information about how to define the L2VPN Group Name choices available in the drop down list see Defining L2VPN Group Names for IOS XR Devices page 2 14 Enter an E Line Name to specify the point to point p2p E line name This attribute is only applicable for IOS XR devices If no value is specified for the p2p name ISC generates a default name consisting of the names of the two PEs forming the pseudowire separated by hyphens for example 6503 A 6503 B If the default name is more than 32 characters the device names are truncated Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters
523. tunnelling on Spanning Tree Protocol STP h stp shutdown threshold Enter the number of packets per second to be received before the interface is shut down i stp drop threshold Enter the number of packets per second to be received at which point the interface will start dropping STP packets j Recovery Interval Enter the amount of time in seconds to wait before recovering a UNI port Step 25 Check the N PE Pseudo wire On SVI check box to configure the pseudowire connection on the switched virtual interface of the OSM card Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 a 727 Chapter7 Creating an L2VPN Policy W Defining a Frame Relay Policy with a CE This check box is checked by default If the check box is not checked the pseudowire will be provisioned on the subinterface of the PFC card if it is available This option is only available for C76xx devices Note Step 26 Step 27 amp The N PE Pseudo wire On SVI attribute will be unavailable within service requests based on this policy for devices running IOS XR Enter the MTU Size in bytes The maximum transmission unit MTU size is configurable and optional The default size is 9216 and the range is 1500 to 9216 ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is not accepted you must adjust the size until the Service
524. ue Editable ANY fed Vv Vv E Vv a Vv IV Vv Edit Vv None x Vv None x Vv IV Vv Vv 1522 1500 9216 g B J IV Vv Vv a Vv a Vv ys oS e fs Os o 211702 Choose an Interface Type from the drop down list You can choose a particular interface on a CE N PE U PE or PE AGG interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interface types Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 This is especially useful to specify here if you know that the link will always go through a particular interface s slot port location on all or most of the network devices in the service OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter9 Creating a VPLS Policy HZ Defining an Ethernet EMS EP LAN Policy with a CE Step 4 Choose a CE Encapsulation type The choices are e DOTIQ e DEFAULT
525. unning IOS XR e Services that combine the existing services with the Ethernet access including the ERS EWS interworking service e Provisioning of E Line services in which one or both N PE interfaces are FlexUNI FlexUNI EVC Features This section summarizes the features supported by the FlexUNI EVC policy and service request in ISC e Choice of topology Customer edge device CE directly connected CE connected through Ethernet access devices e Choice of platforms FlexUNI EVC on all N PEs FlexUNI EVC on none of the N PEs Mix of FlexUNI EVC and the old infrastructure This allows both the old and new platforms to co exist in order to ensure continued support for deployed platforms e Choice of connectivity across the MPLS core with or without bridge domain Pseudo wires Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 32 E OL 21636 01 Chapter3 Creating a FlexUNI EVC Ethernet Policy Overview of FlexUNI EVC Supportin ISC Hi VPLS Local local connects Flexible VLAN handling mechanism that deals with up to two levels of VLAN tags VLAN matching for service classification This provides the ability to match both outer and inner VLAN tags or the ability to match a range of inner VLAN tags VLAN manipulations such as pop outer tag pop inner tag push outer tag push inner tag and VLAN translations 1 1 2 1 1 2 2 2 e Flexible forwarding options Configu
526. ure that you e Know each VLAN pool start number e Know each VLAN pool size I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter2 Setting Up the ISC Services WE Creating VLAN Pools Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 e Have created an access domain for the VLAN pool See Creating Access Domains page 2 4 e Know the name of the access domain to which each VLAN pool will be allocated To have ISC automatically assign a VLAN to the links perform the following steps Choose Service Inventory Choose Inventory and Connection Manager Choose Resource Pools The Resource Pools window appears Choose VLAN from the drop down Pool Type list Click Create The Create VLAN Pool window appears Enter a VLAN Pool Start number Enter a VLAN Pool Size number If the correct access domain is not showing in the Access Domain field click Select to the right of Access Domain field The Access Domain for New VLAN Pool dialog box appears If the correct access domain is showing continue with Step 9 a Choose an Access Domain Name by clicking the button in the Select column to the left of that Access Domain b Click Select The updated Create VLAN Pool window appears Click Save The updated VLAN Resource Pools window appears The pool name is created automatically using a combination of the provider name and the access domain name Ste
527. urity check box see Figure 9 30 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d Inthe Secure MAC Addresses field enter one or more Ethernet MAC addresses OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter9 Creating a VPLS Policy HZ Defining an Ethernet EMS EP LAN Policy with a CE Figure 9 30 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes to 1440 Violation Action PROTECT w Secure MAC Addresses Edit z Step 21 Step 22 Check the Enable Storm Control check box see Figure
528. ustomer L2vpnEwsCe 8M 4 06 11 41 AM 3 7 12 REouesteDL2vPN ADD admin Customeri L2vpnErsNoCe 8 14 06 2 33 PM m Jreouestep Laven ADD admin Customer L2vpnEwsNoCe 8 14 06 3 31 PM Step2 If however the L2VPN service request creation failed for some reason for example a value chosen is out of bounds you are warned with an error message In such a case you should correct the error and save the service request again For information on deploying L2VPN service requests see Deploying Service Requests page 11 1 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a OL 21636 01 CHAPTER Creating a VPLS Policy This chapter contains the basic steps to create a VPLS policy It contains the following sections e Defining a VPLS Policy page 9 1 e Defining an MPLS ERMS EVP LAN Policy with a CE page 9 3 e Defining an MPLS ERMS EVP LAN Policy without a CE page 9 7 e Defining an MPLS EMS EP LAN Policy with a CE page 9 11 e Defining an MPLS EMS EP LAN Policy without a CE page 9 16 e Defining an Ethernet ERMS EVP LAN Policy with a CE page 9 22 e Defining an Ethernet ERMS EVP LAN Policy without a CE page 9 27 e Defining an Ethernet EMS EP LAN Policy with a CE page 9 32 e Defining an Ethernet EMS EP LAN Policy without a CE page 9 37 Defining a VPLS Policy You must define a VPLS policy before you can provision a service A VPLS policy defines the common characteristics shared by the Attachment
529. ustomer name VPN name job ID service request ID service request type translation type and VLAN ID information Note When the UNI is configured on an N PE device running IOS XR the Standard UNI Port attribute is not supported All the CLIs related to Standard UNI Port and UNI Port Security are ignored in this case Step6 Check the FlexUNI check box to mark the link for configuring service instance for the links amp Note The FlexUNI check box is mentioned at this stage because the setting of the check box alters the behavior of the link editing function available in the Link Attributes column This is covered in the next steps Editing the Link Attributes The next steps document the use of the Edit link in the Link Attributes column In the case where the link attributes have already been set this link changes from Edit to Change The link editing workflow changes depending on the status of the FlexUNI check box for the link If the FlexUNI check box is checked the editing workflow involves setting attributes in two windows for two sets of link attributes e The FlexUNI Details e Standard UNI Details If the FlexUNI check box for the link is not checked only the Standard UNI Details window is presented In the steps that follow both scenarios covered Note Step 7 If you are setting up and ATM link by choosing an ATM interface as the UNI on the N PE device there is a different workflow The check bo
530. uter VLAN ID fields covered in the next steps to appear If the Match Inner and Outer Tags check box is checked enter the inner and outer VLAN tags in the Inner VLAN ID and Outer VLAN ID fields Usage notes e You can specify single values single ranges multiples values multiple ranges or combinations of these Examples 10 OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Step 16 10 15 17 10 15 10 15 17 20 10 20 25 e Ifthe Inner VLAN Ranges attribute is set to true in the policy the Inner VLAN ID field can take a range of inner VLAN tags If the Match Inner and Outer Tags check box is unchecked enter the outer VLAN tag in the Outer VLAN ID field Note Step 17 Step 18 Step 19 Step 20 The VLAN specified in Outer VLAN ID will be provisioned on the rest of the L2 access nodes if the link has any including the customer facing UNI In the VLAN Rewrite section of the window choose a Rewrite Type from the drop down list The choices are e Pop e Push e Translate The subsequent attributes in the GUI change depending on the choice of Rewrite Type as covered in the next steps If Pop is the Rewrite Type two check boxes appear a Check the Pop Outer Tag check box to pop the outer VLAN ID tag of the incoming frames that
531. uter VLAN ID and Inner VLAN ID text boxes that appear The outer and inner tags of all the incoming frames that fulfill the match criteria will be translated to these IDs b If the Match Inner and Outer Tags check box is unchecked false choose a translation type of 1 1 or 1 2 from the Translation Type drop down list If you choose 1 1 enter a value in the Outer VLAN ID text box that appears The outer tag of all the incoming frames that fulfill the match criteria will be translated to this ID If you choose 1 2 enter values in the Outer VLAN ID and Inner VLAN ID text boxes that appear The outer and inner tags of all the incoming frames that fulfill the match criteria will be translated to these IDs Clicked Next to save the settings in the FlexUNI Details window The Standard UNI Details window appears as shown in Figure 4 6 Continue with setting the standard UNI link attributes in the next steps Editing the Standard UNI Attributes The following steps cover setting the attributes in the Standard UNI Details window In the case of a link which is not set as a FlexUNI link by not checking the FlexUNI check box in the Service Request Details window editing the link attributes begins with this window Note The attributes that appear in the Standard UNI Details window are dynamically configured by ISC Some of the attributes covered in the steps below might not appear in the window depending on the policy and service re
532. utes L2VPN Point To Point Policy Editor Attribute Value Editable N PEJU PE Information Interface Type ANY x Standard UNI Port Vv Vv Interface Format Poo UNI Shutdown Vv Vv Keep Alive B F Interface Type for UNI Display ANY Vv UNI Vv VLAN and Other Information VLAN ID AutoPick Vv Vv VC ID AutoPick v VLAN Name E Use PseudoWireClass B Vv L2VPN Group Name ISC E Line Name pooo ne None ia 2 Link Speed None E F Link Duplex None z K Use Existing ACL Name E Port Based ACL Name N Vv UNI MAC Addresses abced 5566 7788 permit Edit Iv UNI Port Security L Vv Protocol Tunnelling f Vv N PE Pseudo wire On svi E v MTU size 1522 1500 9216 Vv PW Tunnel Selection E Vv Note Required Field Step 2 0f3 Ss es 204856 Step2 Choose a N PE U PE Interface Type from the drop down list You can choose a particular interface as a CE N PE or U PE interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during L2VPN service request creation Cisco IP Solution Center L2VPN and Car
533. ution Center L2VPN and Carrier Ethernet User Guide 6 0 Chapter Creating an L2VPN Policy HZ Defining an Ethernet EWS EPL Policy without a CE Step 20 Enter a Port Based ACL Name if you checked the Use Existing ACL Name check box as mentioned in the previous step amp Note ISC does not create this ACL automatically The ACL must already exist on the device or be added as part of a template before the service request is deployed Otherwise deployment will fail Step21 Enter one or more Ethernet MAC addresses in UNI MAC addresses This selection is present only if you uncheck the Use Existing ACL Name check box Click the Edit button to bring up a pop up window in which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Step22 Check the UNI Port Security check box see Figure 7 4 if you to want to provision port security related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface a For Maximum Number of MAC address enter the number of MAC addresses allowed for port security b For Aging enter the length of time the MAC address can stay on the port security table c For Violation Action choose what action will occur when a port security violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC
534. ution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 9 Creating a VPLS Policy Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Defining an Ethernet ERMS EVP LAN Policy witha CE W Choose a CE Encapsulation type The choices are e DOTIQ e DEFAULT If DEFAULT is the CE encapsulation type ISC shows another field for the UNI port type Check the Standard UNI Port check box to enable port security This is the default When you uncheck the check box the port is treated as an uplink with no security features and the window dynamically changes to eliminate items related to port security Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Check the Keep Alive check box to configure keepalives on the UNI port By default this check box is unchecked which causes the command no keepalive to be provisioned on the UNI port This prevents a CPE from sending keepalive packets to the U PE for security purposes This attribute is editable to support modification on a per service request basis Check the ANY check box to display all interface types as choices for the UNI interface when creating service requests based on this policy This check box is checked by
535. uto picked or manually entered Check the VLAN ID AutoPick check box above on the Link Attributes window to have PE VLAN automatically assigned See Figure C 4 Figure C 4 Automatic Selection of the PE VLAN VLAN and Other Information VLAN ID AutoPick Vv VLAN Name E If you uncheck the VLAN ID AutoPick check box see Figure C 5 the window displays a Provider VLAN ID where you can manually enter the PE VLAN Figure C 5 Manual Selection of the PE VLAN VLAH and Other Information VLAN ID AutoPick E VLAN Name om D Provider VLAN ID 1 4096 8 Upon completion of the service request creation ISC does an integrity check before saving the service request For 1 1 VLAN translation ISC rejects the service request if the CE VLAN has been used for another 1 1 VLAN translation on the same port 2 1 VLAN Translation When choosing 2 1 VLAN translation the window dynamically changes as shown in Figure C 6 Figure C 6 2 1 VLAN Translation Window VLAN Translation C No C 11 24 2To 1 Translation CE VLAN 1 4096 and Outer VLAN 1 4096 or Auto Pick J Select where 2 1 translation takes place Auto U PE C PE AGG C N PE 138544 Note Ifthe UNI port has been provisioned with EWS EPL service the outer VLAN value is grayed out See Figure C 7 Figure C 7 2 1 VLAN Translation with Outer VLAN Grayed Out LAN Translation OM O14 24 2701 Translation From CE VLAN 1 4096 and Outer VLAN 622 to PE VLAN Above i
536. ve the UNI port shut during service activation for example when the service provider wants to deploy a service in the network but wants to activate it at a later time Specify the type of VLAN Translation for the service request by clicking the appropriate radio button The choices are e No No VLAN translation is performed This is the default e 1 1 1 1 VLAN translation e 2 1 2 1 VLAN translation amp Note VLAN translation and all standard UNI and port security attributes are applicable for links with L2 access If the UNI is on an N P these attributes will not appear amp Note For detailed coverage of setting up VLAN translation see Appendix C Setting Up VLAN Translation Check the N PE Pseudo wire on SVI check box to have ISC generate forwarding commands under SVIs switch virtual interfaces By default this check box is not checked In this case ISC generates forwarding commands under the service instance For a FlexUNI link the attribute N PE Pseudo wire on SVI is dependent on the value of the attribute Configure with Bridge Domain this is available in the service request workflow in the EVC Service Request Editor window N PE Pseudo wire on SVI if enabled will be reflected only when Configure with Bridge Domain is set to true Otherwise the service request will not be created with xconnect under SVI even if N PE Pseudo wire on SVI is enabled Usage notes e Fora FlexUNI li
537. very for the N PE device As shown in the diagram there are two different outgoing interfaces starting from the U PE device Each terminates at a different N PE The second topology N PE and PE AGG redundancy starting at the U PE as shown in Figure D 2 provides fault recovery for both the PE AGG and N PE devices The service switches over from the primary to the secondary link when either the PE AGG or the N PE of the primary link fails For other network scenarios illustrating more complex topologies see Additional Network Configurations and Sample Configlets page D 5 The following list provides additional details about the implementation e Using one U PE and two N PEs consumes one access link AL e When creating a service on a U PE the user specifies an NPC to be used If the topology includes an access ring with two N PEs then the service is configured on both N PEs e For Ethernet over MPLS EoMPLS pseudowire PW services if there is N PE redundancy on both sides of the service provider network two pseudowires are created One N PE is defined as primary and the other as secondary in order to determine the how the pseudowires connect If the user enables the PW Redundancy option the primary and secondary on either end are also connected with pseudowire redundancy e For point to point P2P configurations the two N PEs use two separate pseudowires e ISC supports the case in which the service is configured identically exce
538. vice type with CE present Figure 9 20 is an example of the first page of this policy Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 a22 OL 21636 01 Chapter9 Creating a VPLS Policy Defining an Ethernet ERMS EVP LAN Policy with a CE m Figure 9 20 Ethernet ERMS EVP LAN Policy with a CE PLS Policy Editor pe Value Policy Hame VplsEtherErmsCe Customer Policy Owner Provider Global Policy 7 O wets ae Ethernet Ethernet Relay Multipoint Service ERMS Service Type O Ethernet Multipoint Service EMS CE Present m Note Required Field Step 1 of 3 Em 204785 Perform the following steps Step 1 Click Next The window in Figure 9 21 appears The Editable check box gives you the option of making a field editable If you check the Editable check box the service operator who is using this VPLS policy can modify the editable parameter during VPLS service request creation Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 I OL 21636 01 g 923 Chapter 9 Creating a VPLS Policy HZ Defining an Ethernet ERMS EVP LAN Policy with a CE Step 2 Step 3 Figure 9 21 PLS Policy Editor Ethernet ERMS EVP LAN with a CE Policy Attributes CE Information Interface Type Interface Format UHI Information Standard UNI Port UNI Shutdown Keep Alive Attribute Value Editable ANY i M M E Vv a Vv
539. vices After the service requests are deployed you can monitor audit and run reports on them All of these tasks are covered in this guide To accomplish these tasks perform the following steps 1 Review overview information about L2 services concepts See Appendix E ISC Layer 2 VPN Concepts 2 Set up a FlexUNI L2VPN or VPLS policy See the appropriate chapter depending on the type of policy you want to create Chapter 3 Creating a FlexUNI EVC Ethernet Policy Chapter 5 Creating a FlexUNI EVC ATM Ethernet Interworking Policy Chapter 7 Creating an L2VPN Policy Chapter 9 Creating a VPLS Policy 3 Provision the FlexUNI L2VPN or VPLS service request See the appropriate chapter depending on the type service request you want to provision Chapter 4 Managing a FlexUNI EVC Ethernet Service Request Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Chapter 8 Managing an L2VPN Service Request Chapter 10 Managing a VPLS Service Request 4 Deploy the service request See Chapter 11 Deploying Monitoring and Auditing Service Requests 5 Check the status of deployed services You can use one or more of the following methods Monitor service requests See Chapter 11 Deploying Monitoring and Auditing Service Requests Audit service requests See Chapter 11 Deploying Monitoring and Auditing Service Reques
540. violation is detected e PROTECT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value e RESTRICT Drops packets with unknown source addresses until a sufficient number of secure MAC addresses are removed to drop below the maximum value and causes the Security Violation counter to increment e SHUTDOWN Puts the interface into the error disabled state immediately and sends an SNMP trap notification d Inthe Secure MAC Addresses field enter one or more Ethernet MAC addresses Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter9 Creating a VPLS Policy Defining an MPLS EMS EP LAN Policy witha CE W Figure 9 12 UNI Port Security UHI Port Security Maximum MAC Address 1 8448 Aging in minutes 0 1440 violation Action PROTECT v Secure MAC Addresses Edit g Step21 Check the Enable Storm Control check box see Figure 9 13 to help prevent the UNI port from being disrupted by a broadcast multicast or unicast storm Enter a threshold value for each type of traffic The value which can be specified to two significant digits represents the percentage of the total available bandwidth of the port If the threshold of a traffic type is reached further traffic of that type is suppressed until the incoming traffic falls below the threshold level Figure 9 13 Enable Storm Control Enab
541. vity for point to point circuit The circuit terminates on the same local N PE 1 One link terminates on an ATM interface and the other non flex link terminates on an Ethernet interface e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s ATM1 0 0 444 The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface s FastEthernet3 39 674 Configlets N PE 1 ATM Ethernet N A interface FastEthernet3 39 674 encapsulation dot1Q 674 interface ATM1 0 0 444 point to point pvc 44 4444 12transport encapsulation aal5snap l connect Customer1_204 ATM1 0 0 44 4444 FastEthernet3 39 674 interworking ethernet Comments e None Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 AppendixA Sample Configlets FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain W FlexUNI EVC ATM Ethernet Interworking Pseudowire Core Connectivity End to End Circuit with Bridge Domain Configuration e FlexUNI EVC ATM Ethernet Interworking e Feature FlexUNI EVC for ATM Ethernet interworking with pseudowire core connectivity for end to end circuit with multiple links with bridge domain enabled One link terminates on an ATM interface on N PE 1 and the other link terminates on a flex Ethernet interface on N PE 2 e Device configuration The N PE 1 is a Cisco 7600 with IOS 12 2 33 SRB3 Interface
542. w Policy Hame L2vpnErsCe eae Ca Showing 1 1 of 1 records E CE CE Interface Circuit Selection Circuit Details cet mi ees SelectOne z Detail Select one circuit Circuit Details Select One Ethernet0 0 Ethernet0 1 Ethernet0 2 Ethernet0 3 19 q coto page f1 of 1 DDI Rows per page 10 v Note Required Field 138486 Note When you provision an L2VPN ERS EVPL service when you choose a UNI for a particular device ISC determines if there are other services using the same UNI If so a warning message is displayed If you ignore the message and save the service request all of the underlying service requests relying on the same UNI are synchronized with the modified shared attributes of the latest service request In addition the state of the existing service requests is changed to the Requested state Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 sa E OL 21636 01 _ Chapter 8 Managing an L2VPN Service Request Creating an L2VPN Service Request W Note Step 7 Step 8 Step 9 Step 10 ISC only displays the available interfaces for the service based on the configuration of the underlying interfaces existing service requests that might be using the interface and the customer associated with the service request You can click the Details button to display a pop up window with information on the available interfaces such as interface name
543. which you enter MAC addresses to be allowed or denied on the port You can also specify a range of addresses by setting a base MAC address and a filtered MAC address Enter a Link Speed optional of None 10 100 1000 Auto or nonegotiate Enter a Link Duplex optional of None Full Half or Auto In the PE UNI Interface Description field enter an optional description for example Customer B EMS EP LAN Service Check the VLAN ID AutoPick check box if you want ISC to choose a VLAN ID If you do not check this check box you will be prompted to provide the VLAN in a Provider VLAN ID field during service activation Enter a VLAN NAME optional to specify a name to describe the VLAN The name must be one token no spaces allowed The limit for the VLAN name is 32 characters The name has to be unique Two VLANs cannot share the same name Enter the System MTU in bytes The maximum transmission unit MTU size is configurable and optional ISC does not perform an integrity check for this customized value If a service request goes to the Failed Deploy state because this size is not accepted you must adjust the size until the service request is deployed ISC supports ranges for different platforms as specified below The range is 1500 to 9216 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 Chapter 9 Creating a VPLS Policy Step 17 Step 18 Step 19 Step 20 Step 21 Defin
544. with any service requests If the pseudowire class being modified is associated with any L2VPN service requests the Affected Jobs window appears which displays a list of affected service requests as shown in Figure 2 2 amp Note A list of affected service requests only appears if the Transport Mode Tunnel ID or Disable Fallback values are changed in the pseudowire class being modified Figure 2 2 Affected Jobs Affected Jobs Show Pw Class with Jobld matching E Fina Showing 1 6 of 6 records Jobld Srid Linkld JobState Description 1 214 214 379 REQUESTED 2 197 198 353 REQUESTED 3 179 199 355 REQUESTED 4 200 200 357 REQUESTED 201 201 359 REQUESTED 6 214 214 378 REQUESTED Rows per page 10 v I lt q Go to page 1 of1 DDI Save Save and Deploy Cancel Save and Deploy will redeploy SR s that are in deployed state Only Others will be moved to requested State 204581 Step4 Click Save to update service requests associated with the modified pseudowire class The impacted service requests are moved to the Requested state Step5 Click Save and Deploy to update and deploy service requests associated with the modified pseudowire class Deployment tasks are created for the impacted service requests that were previously in the Deployed state Step6 Click Cancel to discard changes made to the modified pseudowire class In this case no change of state occurs for any service requests associated wi
545. wnload free form CLIs to a device in order to deploy commands and configurations not normally supported by ISC Templates are written in the Velocity Template Language and are generally comprised of IOS and IOS XR device CLI configurations Optionally you can set variables also defined in Velocity that are substituted with data stored in data files The template and data file information is downloaded to the device at the time of service activation The information in this appendix assumes the templates including subtemplates if applicable and optional data files have been set up Note You can also create data files on demand during service request creation as covered in later sections of this appendix This overview section covers the following topics e Summary of Template Manager Features page B 1 e Template and Data File Workflow page B 3 Summary of Template Manager Features This section highlights key features of template and data file support in ISC especially those that have an impact on working with policies and service requests Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 E Bi Appendix B Working with Templates and Data Files WE Overview Template Attributes The ISC template mechanism allows you to differentiate templates by specifying optional attributes on a template including e Device type e Line card type e Port type e Software version IOS
546. x None Vv VLAN and Other Information PE UMI Interface Description SY IV VLAN ID AutoPick Iv Iv VLAN Name ts Use Existing ACL Name E Port Based ACL Name D Vv Disable CDP Iv Iv Fitter BPDU Iv Iv UHI Port Security E IV Note Required Field Step 2 of 3 S 211696 Step2 Choose an Interface Type from the drop down list You can choose a particular interface on a CE N PE PE AGG or U PE interface based on the service provider s POP design The interfaces are e ANY Any interface can be chosen e Port Channel A bundle of ports that share the same characteristics this gives the service provider the ability to aggregate bandwidth and protection e Ethernet e FastEthernet e GE WAN e GigabitEthernet e TenGigabitEthernet e TenGigE The value defined here functions as a filter to restrict the interface types an operator can see during VPLS service request creation If defined as ANY the operator can see all interface types Step3 Enter an Interface Format as the slot number port number for the CE interface for example 1 0 indicates that the interface is located at slot 1 port 0 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 oa E OL 21636 01 _ Chapter 9 Creating a VPLS Policy Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 Step 16 Defining an MPLS ERMS EVP LAN Policy witha CE W This
547. x in the FlexUNI EVC column dynamically disappears and clicking the Edit link in the link attributes column brings up the ATM Ethernet Attributes window For information on using this window to set up an ATM link see Setting the ATM Link Attributes page 6 18 Click Edit in the Link Attributes column to specify the UNI attributes FlexUNI Details Window If the FlexUNI check box is checked the FlexUNI Details window appears as shown in Figure 6 3 I OL 21636 01 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 E Chapter6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request HZ Setting the Service Request Details Step 8 Step 9 Step 10 Figure 6 3 FlexUNI Details Window FlexUNI E VC Details FlexUNK EVC Attributes AutoPick Service Instance ID IV Service Instance ID l 1 8000 AutoPick Service Instance Name gl foes aranca l AutoPick Bridge DomainLAN ID Iv or DonekiviAn 1 4096 VLAN Match Criteria Match Inner and Outer Tags r Outer VLAN ID l 1 4096 VLAH Rewrites Rewrite Type Push r Outer VLAN ID 1 4096 Inner YLAN ID 1 4096 Note Required Field o Step 1 of 2 F m oy g All of the fields in the FlexUNI Details screen are enabled based on the policy settings For example if Both Tags is selected in the policy and is editable then the Match Inner and Outer Tags check box will be selected and editable in this w
548. x to enable pseudowire redundancy alternative termination device under certain conditions Usage notes e Enable Pseudo Wire Redundancy is only available if the MPLS Core Connectivity Type was set as PSEUDOWIRE in the Service Options window see Setting the Service Options page 3 8 e See Appendix D Terminating an Access Ring on Two N PEs and specifically the section Using N PE Redundancy in FlexUNI EVC Service Requests page D 3 for notes on how this option can be used Check the AutoPick VC ID check box to have ISC autopick the VC ID during service request creation If this check box is unchecked the operator will be prompted to specify a VC ID during service request creation Usage notes e This attribute is available only if MPLS Core Connectivity of Type was set as PPEUDOWIRE or VPLS in the Service Options window see Setting the Service Options page 3 8 e When AutoPick VC ID is checked ISC allocates a VC ID for pseudowires from the ISC managed VC ID resource pool e If MPLS Core Connectivity of Type is VPLS ISC allocates the VPLS VPN ID from the ISC managed VC ID resource pool Check the AutoPick Bridge Domain VLAN ID check box to have ISC autopick the VLAN ID for the service request during service request creation If this check box is unchecked the operator will be prompted to specify a VLAN ID during service request creation Usage notes e AutoPick Bridge Domain VLAN ID consumes a global VLAN ID on
549. xamples FlexUNI EVC Pseudowire Core Connectivity Bridge Domain Pseudowire on SVI and FlexUNI EVC Pseudowire Core Connectivity no Bridge Domain no Pseudowire on SVI e For additional information on the N PE Pseudo wire on SVI attribute see the corresponding coverage in the FlexUNI EVC policy chapter in the section Setting the Interface Attributes page 3 16 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 OL 21636 01 _ Chapter 6 Managing a FlexUNI EVC ATM Ethernet Interworking Service Request Step 12 Step 13 Step 14 Step 15 Step 16 Step 17 Step 18 Setting the Service Request Details W e The N PE Pseudo wire on SVI attribute is not supported for IOS XR devices All the xconnect commands are configured on L2 subinterfaces service instance Check the PW Tunnel Selection check box if you want to be able to manually select the Traffic Engineering TE tunnel for the pseudowire connecting point to point N PEs Usage notes e Checking the PW Tunnel Selection check box activates the Interface Tunnel attribute field see the next step e This attribute only appears if the MPLS core connectivity type is set as pseudowire in the FlexUNI EVC policy If you checked the PW Tunnel Selection check box enter the TE tunnel ID in the Interface Tunnel text field ISC uses the tunnel information to create and provision a pseudowire class that describes the pseudowire connection between two
550. xists for the template it is automatically selected e During service request creation the operator can enter values for template variables e Optionally if no data file exists for the template the operator can create a new data file during service request creation When the Datafile Chooser window is opened from Template Association window a Create Datafile button is provided which allows the new data file to be created e The Create Datafile button is only displayed if the operator has the appropriate RBAC permissions to create a data file See the section Creating a Data File in the Service Request Workflow page B 16 for how to set up a data file in the service request workflow Using Negate Templates to Decommission Template Configurations To remove a configuration created from a template data file a negate template must be applied to the existing service ISC automatically applies the appropriate negate template during the decommission of the service request For instructions on how to use the ISC Template Manager to create negate templates see the Cisco IP Solution Center Infrastructure Reference 6 0 When a template is associated in a policy or service request the negate template automatically gets associated During decommission of the service the negate template is used for deployment When decommissioning a service request associated with a template data file the negate template is automatically picked up dynamically by sea
551. y Figure E 12 VPLS ERS EVP LAN Multipoint Topology T ss 21 Multiplexed UNI BN T N ultiplexe E a Internet Access Router ee eS 7 192 168 11 1 24 1 Internet Security Policy G 104079 Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 MENA E OL 21636 01 Numerics 1 to 1 VLAN translation C 3 2 to 1 VLAN translation C 4 3750 VLAN translation on C 6 7600 VLAN translation on C 6 A AALS E 8 access domains creating 2 4 accessing reports 13 1 access rings setting up an NPC access ring with two N PEs D 3 terminating an access ring on two N PEs D 1 terminating an access ring on two N PEs overview D 1 terminating on two N PEs 2 10 using N PE redundancy in FlexUNI EVC service requests D 3 assigning roles N PE or U PE 2 1 ATM interface attributes setting in FlexUNI EVC ATM Ethernet policies 5 6 ATM link attributes setting in FlexUNI EVC ATM Ethernet service requests 6 18 ATMoMPLS E 8 ATM over MPLS ATMoMPLS E 8 ATM policies with CE defining 7 33 without CE defining 7 36 ATM service requests INDEX with CE creating 8 2 without CE creating 8 11 audience iii xi auditing service requests 11 1 11 12 autodiscovery creating NPC links through autodiscovery 2 10 autodiscovery of L2 services 12 1 bridge domain using the Bridge Domain ID attribute in VPLS service requests 10 13 Bridge Domain ID attribute using in V
552. you e Know the name of the access domain that you want to create e Have created a service provider to associate with the new access domain e Have created a provider region associated with your provider and PE devices e Have created PE devices to associate with the new access domain e Know the starting value and size of each VLAN to associate with the new access domain e Know which VLAN will serve as the management VLAN Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide 6 0 P24 E OL 21636 01 _ Chapter 2 Setting Up the ISC Services Step 1 Step 2 Creating VLAN Pools W To create an Access Domain perform the following steps Choose Service Inventory gt Inventory and Connection Manager Click Access Domains in the left column The Access Domains window appears The Access Domains window contains the following e Access Domain Name Lists the names of access domains The first character must be a letter The name can contain letters numbers and these punctuation characters period underscore and dash Limit 80 characters You can sort the list by access domain name e Provider Name Lists the names of providers Must begin with a letter Can contain letters numbers and these punctuation characters period underscore and dash Limited to 80 characters You can sort the list by provider name e From the Access Domains window you can create edit or delete access domains using the following
Download Pdf Manuals
Related Search