Help with setting up Metro Ethernet

mbroberson1 · ‎07-06-2009

I posted this in the ME section, but thought I would get some views here.

Can someone please help and give suggestions and possible configuration options for setting up metro ethernet in the following senario:

Will be setting up ME between headquarters and three remote branch offices. Each remote branch will be provisioned to 10MB, and the headquarters will have one link for the aggregate provisioned to 30MB.

My questions, we will have routers at the remotes, but how will this terminate at the headquarters? Do we connect the one ME aggregate connection to a router, or to a L3 switch? And how do you configure the headquarters devices to separate the traffic? Do you use sub interfaces like in frame relay? Please provide a sample config if possible.

Thanks

cisco_lad2004 · ‎07-06-2009

Brandon,

In a setup such as this one, I will use vrf lite for separation and use ME with L3 image.

I would trunk VLANs from each remote site and terminate as SVIs. each VLAN represents a service or Dept for example.

HTH

Sam

mbroberson1 · ‎07-06-2009

Hi Sam,

Thanks for your reply. So at the customer site (which I am the customer, not the provider) you would configure vrf lite?

Thanks

cisco_lad2004 · ‎07-06-2009

only if you need esparation of routing at remote sites, else HQ is enough.

Another solution would be to use PVLANs at HQ. So for ADMIN Vlans for exmaple, you would trunk same VLAN from HQ, and configure SVI. With PVLANs, no remote site can communicate with another at L2, all communication has to be at layer via SVI at HQ which gives you more control by using ACL. the config u need for this set up is one primary Vlan at HQ and secondary VLAN at remote sites.

I actually think, the latter is a simpler solution if separation is only required between sites and not at same site.

vlan 90

name VoIP-primary

private-vlan primary

private-vlan association 100

!

vlan 100

name VoIP-isolated

private-vlan isolated

!

interface Vlan90

description MGMT ### VoIP ###

ip address 10.157.2.1 255.255.254.0

private-vlan mapping 100

In this examaple, users on one site can talk to HQ, but not each other. PVLAN block communication at Layer 2 only, so u still need L3 ACLs at ur SVI on HQ to control.

HTH

Sam

Joseph W. Doherty · ‎07-06-2009

Suggestions would depend on how your devices will "see" the Ethernet toplogy that connects all your sites. Assuming all four sites will see a "typical" Ethernet multipoint shared segment (E-LAN/VPLS), you may want to know what, if any, QoS support the MetroE vendor provides and/or have something "smarter" than a basic/LAN L2 or L3 switch connecting to MetroE connection. At 10 to 30 Mbps, ISR routers might be a suitable MetroE connected device, for higher speeds, you might want to consider a MetroE switch.

mbroberson1 · ‎07-06-2009

See attachment. It will be like a hub and spoke topology. All communications between remotes will be through the hub site.

Thanks

Joseph W. Doherty · ‎07-06-2009

Since the hand-off is Ethernet, and if routing is only via the hub, I'm guessing there might be a VLAN trunk on the hub link with a VLAN per remote site. Whoever the MetroE vendor is, should be able to inform you further.

mbroberson1 · ‎07-10-2009

So if I have a "hub-and-spoke" ME setup and routers (not switches) at the hub and spoke locations will I have subinterfaces on the hub router with dot1q for each coresponding vlan and at the remotes the same type of setup?

Thanks

Joseph W. Doherty · ‎07-10-2009

Normally, yes using dot1q subinterfaces on a router's routed interface is how they support VLAN trunks. (BTW, recall some of the older routers didn't support dot1q, and even for newer routers, you might need a non-base feature IOS image.)