Moving T1 branch office to Metro Ethernet

jerry.mcrae · ‎02-01-2012

I am preparing to move two branch offices from a point to point T1 connection to Century Link Metro Ethernet.

Currently my branch locations connect to my HQ 7204 router via a channelized DS3. I have a 4507R at HQ that I will connect the ME circuit to.

We will also be moving our Internet connection on the ME circuit.

Our service provider Clink will hand me a single Ethernet handoff for the Internet and branch office connections. For the first phase I will connect one branch office using ME. Once that is in place and tested we will move another office and so on. Then our final step is to move our web connection to the ME circuit.

Each branch office has their own unique voice and data subnet. They each have a 2801 router and a 3560 switch. The routers are MGCP gateways with only one PSTN connection, a POTs 911 line on a FXO port.

So my questions are;

1 - Should I connect the ME directly in to the 3560 at the branch offices or use the Fa0/1 on the 2801? Fa0/0 is currently connected to the 3560.

2 - On my 4507R at HQ how will I configure the ME switch port? As a dot1q trunk port?

3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).

4 - On the 4507R will I need to configure a vlan interface for each branch subnet?

I attached two network diagrams. One represents our current topology (MEexisting) and the second represents the new ME circuit changes (MEprojected).

Any information would really be appreciated. Let me know if you need more infomation.

Jerry

rais · ‎02-02-2012

You don't have to treat ME as LAN connections. I wouldn't create a huge bridged domain.

1. You should use Fa0/1 with all the policies/ACL etc you have on T1.

2. If you are getting a single pipe, you can go for a router on stick. Most likely, your provider would let you use any VLAN ids.

3. No need to change IP architecture.

4. Most likely yes.

Thanks.

jerry.mcrae · ‎02-06-2012

rais - thanks for the reply. i will update this thread once i get my hands on the new circuit.

jerry.mcrae · ‎02-23-2012

so i connected the metro e circuit to my 4507R and i plugged the other end of the ME circuit into my branch office routers fa0/1 interface. the fa0/0 interface is connected to the local LAN.

i added this config to the 4507.

interface GigabitEthernet3/1

description METRO E CONNECTION!!!!!

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,11,15,20

switchport mode trunk

load-interval 30

speed 100

duplex full

end

i may end up removing the "switchport trunk allowed vlan" command because i am not sure i am actualy passing these vlans across to my branch offices. Also in th next month or two we will be adding Internet access to this port. My guess is I'll need to allow my two Internet vlans and vlan 10 only.

I also configured eigrp on the 4507. we were using static routes before we added metro e.

router eigrp 100

network 10.0.0.0

network 192.168.130.0

On the 4507 i have noticed my vlan interfaces flapping since i enabled eirgp on the switch. i found this in the logs.

000928: Feb 23 08:59:55 MST: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.10.1

.10 (Vlan10) is down: Peer Termination received

000929: Feb 23 08:59:55 MST: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.10.1

.10 (Vlan10) is up: new adjacency

i havent had any user complaints yet. so this is something i need to work on correcting. it seems to only happen once a day in the morning.

on my branch routers i added this.

interface FastEthernet0/1

description METRO E CONNECTION!!!!!

no ip address

duplex full

speed 100

service-policy output EWT_SP

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 10.10.1.10 255.255.255.0

router eigrp 100

network 10.0.0.0 ==============i added this network to the routing table to route for intfa0/1.10

network 10.10.166.0 0.0.0.255

network 192.168.166.0

i then changed my default route to point to the 4507 instead of the router this office used to connect to.

i should be getting 10mb up/download speed but i am only getting around 5mb upload and almost 10mb down.

my service provider ask me to plug a laptop into the metro e circuit, give it a static IP then run a bandwidth test and tell them what happened tomorrow.

so thats the latest. ill update once i found out why im having eigrp and bandwidth issues.

Jerry

nisagar · ‎02-24-2012

Hi,

Why dont you use ip address on the below interface and propagate all your branch network information via eigrp to HQ. This is probably why your eigrp session is flapping because i dont know what L3 interface you are using in HQ for neighbouring up with branch router.

You can use 3560 fa0/0 as L3 interface "no switchport"at your branch office and do the same configuration accordingly on the other interface of HQ as a point to point connnection. You can use a 10.10.1.X 255.255.255.0 if you want for P2P connectivity but suggest to use /30 and let EIGRP do the rest.

router eigrp 100

network 10.10.1.0 0.0.0.255

network 10.10.166.0 0.0.0.255

network 192.168.166.0 0.0.0.255

no auto summary

passiv interface default

no passive interface fa0/0

3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).

You can have a ip address under a fa0/0 3560 "no switchport" of 10.10.1.X /24 and but P2P reccomendation is to use a /30.

Propagate other networks via eigrp.

4 - On the 4507R will I need to configure a vlan interface for each branch subnet?

No if you want to use 10.10.1.X /24 on every branch router, just put ip address under the interface and propagate all networks via eigrp.

3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).

4 - On the 4507R will I need to configure a vlan interface for each branch subnet?

3 - Given that ME is basically a LAN connection will I have to re IP the branch office? HQ is 10.10.1.x/24. Branch is 10.10.166.x/24 (data) 192.168.166.x/24 (voice).

4 - On the 4507R will I need to configure a vlan interface for each branch subnet?

jerry.mcrae · ‎02-24-2012

i dont know what L3 interface you are using in HQ for neighbouring up with branch router. "

NOC4507# sh ip int br | ex un

Interface IP-Address OK? Method Status Protocol

Vlan10 10.10.1.6 YES NVRAM up up

"You can use 3560 fa0/0 as L3 interface "no switchport"at your branch office and do the same configuration accordingly on the other interface of HQ as a point to point connnection."

configure the branch office switch port (3560) connecting to the metro e circuit like this?

interface GigabitEthernet0/1

description METRO E

no switchport

ip address 10.10.1.10 255.255.255.0

speed 100

duplex full

then modify the branch routers routing table to this;

router eigrp 100

network 10.10.1.0 0.0.0.255

network 10.10.166.0 0.0.0.255

network 192.168.166.0 0.0.0.255

no auto summary

passiv interface default

no passive interface fa0/0 ====== i would use 3560 switchport gig0/1 instead of fa0/0.

"and do the same configuration accordingly on the other interface of HQ as a point to point connnection."

my metro e circuit connects two other branch offices and will connect us to the Internet in the near future. i think i need to leave the HQ metro e switchport configured as a trunk.

Like this;

interface GigabitEthernet3/1

description METRO E CONNECTION!!!!!

switchport trunk encapsulation dot1q

switchport mode trunk

load-interval 30

speed 100

duplex full

end

i have another company (OUR FRIENDS) that has a mail server/websites and a SPAM appliance that uses a block of public IPs that route on our current Intenet circuit. I will have to create a vlan for them also. given that i believe i need to leave the 4507 metro e interface configured as a trunk port.

currently i have an Internet facing router (7204) that has two fastethernet interfaces. one interface goes to my network and the other interface goes to theirs.

like this;

interface FastEthernet0/0

description OUR FRIENDS

ip address 4.2.2.2 255.255.255.252

no ip redirects

no ip unreachables

ip flow ingress

load-interval 30

duplex auto

speed auto

no keepalive

no cdp enable

interface FastEthernet0/0

description OURS

ip address 8.8.8.8 255.255.255.252

no ip redirects

no ip unreachables

ip flow ingress

load-interval 30

duplex auto

speed auto

no keepalive

no cdp enable

So it appears i dont need the sub interface that is currently configured on the branch offices fa0/1 interface. Is that correct? Given that i could configure the branch office 3560 with an IP address.

thanks.

Jerry