Help with setting up Metro Ethernet

Unanswered Question
Jul 6th, 2009
User Badges:

I posted this in the ME section, but thought I would get some views here.


Can someone please help and give suggestions and possible configuration options for setting up metro ethernet in the following senario:


Will be setting up ME between headquarters and three remote branch offices. Each remote branch will be provisioned to 10MB, and the headquarters will have one link for the aggregate provisioned to 30MB.


My questions, we will have routers at the remotes, but how will this terminate at the headquarters? Do we connect the one ME aggregate connection to a router, or to a L3 switch? And how do you configure the headquarters devices to separate the traffic? Do you use sub interfaces like in frame relay? Please provide a sample config if possible.


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco_lad2004 Mon, 07/06/2009 - 09:51
User Badges:
  • Gold, 750 points or more

Brandon,


In a setup such as this one, I will use vrf lite for separation and use ME with L3 image.


I would trunk VLANs from each remote site and terminate as SVIs. each VLAN represents a service or Dept for example.


HTH


Sam

mbroberson1 Mon, 07/06/2009 - 09:58
User Badges:

Hi Sam,


Thanks for your reply. So at the customer site (which I am the customer, not the provider) you would configure vrf lite?


Thanks

cisco_lad2004 Mon, 07/06/2009 - 10:27
User Badges:
  • Gold, 750 points or more

only if you need esparation of routing at remote sites, else HQ is enough.


Another solution would be to use PVLANs at HQ. So for ADMIN Vlans for exmaple, you would trunk same VLAN from HQ, and configure SVI. With PVLANs, no remote site can communicate with another at L2, all communication has to be at layer via SVI at HQ which gives you more control by using ACL. the config u need for this set up is one primary Vlan at HQ and secondary VLAN at remote sites.


I actually think, the latter is a simpler solution if separation is only required between sites and not at same site.


vlan 90

name VoIP-primary

private-vlan primary

private-vlan association 100

!

vlan 100

name VoIP-isolated

private-vlan isolated

!

interface Vlan90

description MGMT ### VoIP ###

ip address 10.157.2.1 255.255.254.0

private-vlan mapping 100



In this examaple, users on one site can talk to HQ, but not each other. PVLAN block communication at Layer 2 only, so u still need L3 ACLs at ur SVI on HQ to control.



HTH


Sam

Joseph W. Doherty Mon, 07/06/2009 - 10:42
User Badges:
  • Super Bronze, 10000 points or more

Suggestions would depend on how your devices will "see" the Ethernet toplogy that connects all your sites. Assuming all four sites will see a "typical" Ethernet multipoint shared segment (E-LAN/VPLS), you may want to know what, if any, QoS support the MetroE vendor provides and/or have something "smarter" than a basic/LAN L2 or L3 switch connecting to MetroE connection. At 10 to 30 Mbps, ISR routers might be a suitable MetroE connected device, for higher speeds, you might want to consider a MetroE switch.

mbroberson1 Mon, 07/06/2009 - 11:25
User Badges:

See attachment. It will be like a hub and spoke topology. All communications between remotes will be through the hub site.


Thanks



Attachment: 
Joseph W. Doherty Mon, 07/06/2009 - 15:29
User Badges:
  • Super Bronze, 10000 points or more

Since the hand-off is Ethernet, and if routing is only via the hub, I'm guessing there might be a VLAN trunk on the hub link with a VLAN per remote site. Whoever the MetroE vendor is, should be able to inform you further.

mbroberson1 Fri, 07/10/2009 - 17:13
User Badges:

So if I have a "hub-and-spoke" ME setup and routers (not switches) at the hub and spoke locations will I have subinterfaces on the hub router with dot1q for each coresponding vlan and at the remotes the same type of setup?


Thanks

Joseph W. Doherty Fri, 07/10/2009 - 19:38
User Badges:
  • Super Bronze, 10000 points or more

Normally, yes using dot1q subinterfaces on a router's routed interface is how they support VLAN trunks. (BTW, recall some of the older routers didn't support dot1q, and even for newer routers, you might need a non-base feature IOS image.)

Actions

This Discussion