VPLS Topology—Single PE or Direct Attachment

The single PE or direct attachment architecture uses a flat architecture and supports Ethernet port, 802.1Q VLAN, and dot1q tunnel modes. The CEs are directly connected to the PE routers, and this architecture involves the creation of a separate VSI for each customer. Customer traffic originating from the CE in native Ethernet or VLAN tagged frames are MPLS encapsulated with an AToM stack. Direct attachment VPLS also uses a full mesh of directed LDP and tunnel LSPs between all the PE routers. Although this creates signaling overhead, the real detriment to large-scale deployment is the packet replication requirements for each provisioned VC on a PE router. Due to scalability constraints, this solution is suitable only for simple implementations. Figure 12-6 shows a direct attachment VPLS architecture providing VPLS services to Customers A and B.

Figure 12-6. Direct Attachment VPLS Network

[View full size image]

Customer A's network has CE routers CE1-A, CE2-A, and CE3-A connected to PEs PE1, PE2, and PE3, respectively. Links to CE1-A, CE2-A, and CE3-A are configured as switch access ports on PE1, PE2, and PE3. Customer B's CE devices, CE1-B, CE2-B, and CE3-B, are configured as 802.1Q trunk ports to PE1, PE2, and PE3, respectively. Figure 12-7 shows the data forwarding that takes place in a direct attachment VPLS architecture using port and 802.1Q modes.

Figure 12-7. VPLS Data Forwarding in Port and 802.1Q Mode

[View full size image]

Configuration Flowchart for Direct Attachment VPLS

To achieve a functional VPLS network, there are two important steps. The first step is to ensure that the SP's network comprising PE1, PE2, and PE3 is enabled for MPLS forwarding. Example 12-1 shows the provider network configurations for PE1, PE2, and PE3. Throughout this chapter, you will use these as provider network configurations.

Example 12-1. Provider Network Configuration for MPLS Forwarding

!PE1

hostname PE1

!

mpls label protocol ldp

mpls ldp discovery targeted-hello accept

mpls ldp router-id Loopback0 force

!

interface Loopback0

 ip address 10.10.10.101 255.255.255.255

!

interface GE-WAN3/1

description connected to PE2

 ip address 10.10.10.1 255.255.255.252

 negotiation auto

 mpls ip

 mls qos trust dscp

!

interface GE-WAN3/2

description connected to PE3

 ip address 10.10.10.5 255.255.255.252

 negotiation auto

 mpls ip

 mls qos trust dscp

!

router ospf 1

 network 10.0.0.0 0.255.255.255 area 0

______________________________________________________________________

!PE2

hostname PE2

!

mpls label protocol ldp

mpls ldp discovery targeted-hello accept

mpls ldp router-id Loopback0 force

!

interface Loopback0

 ip address 10.10.10.102 255.255.255.255

!

interface GE-WAN3/1

description connected to PE1

 ip address 10.10.10.2 255.255.255.252

 negotiation auto

 mpls ip

 mls qos trust dscp

!

interface GE-WAN3/2

description connected to PE3

 ip address 10.10.10.9 255.255.255.252

 negotiation auto

 mpls ip

 mls qos trust dscp

!

router ospf 1

 network 10.0.0.0 0.255.255.255 area 0

______________________________________________________________________

!PE3

hostname PE3

!

mpls label protocol ldp

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.103 255.255.255.255

!

interface GE-WAN3/1

description connected to PE2

 ip address 10.10.10.10 255.255.255.252

 negotiation auto

 mpls ip

 mls qos trust dscp

!

interface GE-WAN3/2

description connected to PE1

 ip address 10.10.10.6 255.255.255.252

 negotiation auto

 mpls ip

 mls qos trust dscp

!

router ospf 1

 network 10.0.0.0 0.255.255.255 area 0

The second step is to configure the VPLS service, and Figure 12-8 illustrates the configuration flowchart on the PE router to provision Ethernet port mode, Ethernet 802.1Q VLAN, and Ethernet dot1Q tunnel mode.

Figure 12-8. VPLS Service Configuration Flowchart on PE Router

[View full size image]

Direct Attachment VPLS Configuration Scenario 1—Using Port and 802.1Q VLAN Modes

The objective of this configuration scenario is to demonstrate VPLS network using port and 802.1Q VLAN mode. As shown in Figure 12-7, Customer A VPLS network uses port mode and Customer B VPLS network uses 802.1Q VLAN mode.

Table 12-1 shows the MAC address associated with CE routers.

Table 12-1. MAC Address for CE Routers

Router	MAC Address
Customer A
CE1-A	0012.d9bd.b600
CE2-A	0012.8034.6980
CE3-A	0012.d9e7.ace0
Customer B
CE1-B	0012.80f3.2ce0
CE2-B	0012.d9e7.b520
CE3-B	0012.d9bd.b640

The steps to configure the topology shown in Figure 12-6 are as follows:

PE1(config)#vlan 100

PE1(config-vlan)#state active

PE1(config-vlan)#vlan 200

PE1(config-vlan)#state active

PE1(config)#interface fastEthernet 4/1

PE1(config-if)#description VPLS Customer A (CE1-A)

PE1(config-if)#switchport

PE1(config-if)#switchport access vlan 100

PE1(config-if)#switchport mode access

PE1(config-if)#interface FastEthernet4/2

PE1(config-if)#description VPLS Customer B (CE1-B)

PE1(config-if)#switchport

PE1(config-if)#switchport trunk encapsulation dot1q

PE1(config-if)#switchport trunk allowed vlan 200

PE1(config-if)#switchport mode trunk

An MPLS VPN ID is used to identify VPNs by a VPN identification number, as described in RFC 2685. This MPLS VPN ID is implemented to identify a VPN. The MPLS VPN ID feature does not control the distribution of routing information or associate IP addresses with MPLS VPN ID numbers in routing updates. Multiple VPNs can be configured in a router. You can use a VPN name (a unique ASCII string) to reference a specific VPN configured in the router. Alternately, you can use a VPN ID to identify a particular VPN in the router. The VPN ID follows a standard specification (RFC 2685). To ensure that the VPN has a consistent VPN ID, assign the same VPN ID to all the routers in the SP network that services that VPN. Each VPN ID defined by RFC 2685 consists of the following two elements:

• Organizational unique identifier (OUI)?A three-octet hex number that is assigned by the IEEE Registration Authority to any company that manufactures components under the ISO/IEC 8802 standard. The OUI generates universal LAN MAC addresses and protocol identifiers for use in LAN and MAN applications. For example, an OUI for Cisco Systems is 00-03-6B (hex).

• VPN index?A four-octet hexadecimal number, which identifies the VPN within the company. Use the vpn id command and specify the VPN ID in the following format:

  vpn id oui:vpn-index

  A colon separates the OUI from the VPN index.

Example 12-3 shows the steps to configure VFI and associate it to the attachment circuit.

Example 12-3. Step 3: Define the VFI and Associate It to the Attachment Circuit

PE1(config)#l2 vfi Cust_A manual

PE1(config-vfi)# vpn id 100

PE1(config-vfi)# neighbor 10.10.10.102 encapsulation mpls

PE1(config-vfi)# neighbor 10.10.10.103 encapsulation mpls

PE1(config-vfi)#l2 vfi Cust_B manual

PE1(config-vfi)#vpn id 200

PE1(config-vfi)#neighbor 10.10.10.102 encapsulation mpls

PE1(config-vfi)#neighbor 10.10.10.103 encapsulation mpls

PE1(config)#interface vlan 100

PE1(config-if)#xconnect vfi Cust_A

PE1(config-if)#interface vlan 200

PE1(config-if)#xconnect vfi Cust_B

Verification of VPLS Connectivity

To verify VPLS connectivity, follow these steps:

PE1#show mpls l2transport vc

Local intf     Local circuit        Dest address    VC ID      Status

-------------  -------------------- --------------- ---------- ----------

VFI Cust_A     VFI                  10.10.10.102    100        UP

VFI Cust_B     VFI                  10.10.10.102    200        UP

VFI Cust_A     VFI                  10.10.10.103    100        UP

VFI Cust_B     VFI                  10.10.10.103    200        UP

PE1#show mpls l2transport vc 100 detail

Local interface: VFI Cust_A up

  Destination address: 10.10.10.102, VC ID: 100, VC status: up

    Tunnel label: imp-null, next hop 10.10.10.2

    Output interface: GE3/1, imposed label stack {21}

    Create time: 10:13:08, last status change time: 10:06:25

    Signaling protocol: LDP, peer 10.10.10.102:0 up

      MPLS VC labels: local 21, remote 21

      Group ID: local 0, remote 0

      MTU: local 1500, remote 1500

      Remote interface description:

    Sequencing: receive disabled, send disabled

    VC statistics:

      packet totals: receive 973, send 971

      byte totals:   receive 77383, send 77244

      packet drops:  receive 0, send 0



  Local interface: VFI Cust_A up

    Destination address: 10.10.10.103, VC ID: 100, VC status: up

      Tunnel label: imp-null, next hop 10.10.10.6

      Output interface: GE3/2, imposed label stack {17}

    Create time: 10:13:09, last status change time: 10:06:45

    Signaling protocol: LDP, peer 10.10.10.103:0 up

      MPLS VC labels: local 22, remote 17

      Group ID: local 0, remote 0

      MTU: local 1500, remote 1500

      Remote interface description:

    Sequencing: receive disabled, send disabled

    VC statistics:

      packet totals: receive 90, send 977

      byte totals:   receive 8560, send 77712

      packet drops:  receive 0, send 0

In Example 12-6, show mpls l2transport summary shows the total number of the VCs that are active.

Example 12-6. Output of show mpls l2 summary on PE3

PE1#show mpls l2transport summary

Destination address: 10.10.10.102, total number of vc: 2

  0 unknown, 2 up, 0 down, 0 admin down

  2 active vc on MPLS interface GE3/1

Destination address: 10.10.10.103, total number of vc: 2

  0 unknown, 2 up, 0 down, 0 admin down

  2 active vc on MPLS interface GE3/2

In Example 12-7, show vfi shows the remote PE neighbors to which the pseudo wires are configured. The command will show the neighbors even if the pseudo wire is down.

Example 12-7. Output of show vfi on PE1

PE1#show vfi Cust_A

VFI name: Cust_A, state: up

  Local attachment circuits:

    Vlan100

 Neighbors connected via pseudowires: 10.10.10.102 10.10.10.103

Example 12-8 shows the MAC addresses learned by PE Router PE1.

Example 12-8. Output of show mac-address-table vlan on PE1

PE1#show mac-address-table vlan 100

Legend: * - primary entry



  vlan   mac address     type    learn             ports

------+----------------+--------+-----+--------------------------

*  100  0012.d9e7.ace0   dynamic  Yes

*  100  0012.8034.6980   dynamic  Yes

*  100  0012.d9bd.b600   dynamic  Yes   Fa4/1



PE1#show mac-address-table vlan 200

Legend: * - primary entry



  vlan   mac address     type    learn             ports

------+----------------+--------+-----+--------------------------

*  200  0012.d9e7.b520   dynamic  Yes

*  200  0012.80f3.2ce0   dynamic  Yes   Fa4/2

*  200  0012.d9bd.b640   dynamic  Yes

VPLS Configurations on PE Router

Example 12-9 shows the relevant VPLS configurations on PE Routers PE1, PE2, and PE3.

Example 12-9. VPLS Configurations on PE1, PE2, and PE3

!PE1

hostname PE1

!

l2 vfi Cust_A manual

 vpn id 100

 neighbor 10.10.10.102 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

l2 vfi Cust_B manual

 vpn id 200

 neighbor 10.10.10.102 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

interface FastEthernet4/1

 description VPLS Customer A - CE1-A

 no ip address

 switchport

 switchport access vlan 100

 switchport mode access

!

interface FastEthernet4/2

 description VPLS Customer B

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 200

 switchport mode trunk

!

interface Vlan100

 no ip address

 xconnect vfi Cust_A

!

interface Vlan200

 no ip address

 xconnect vfi Cust_B

______________________________________________________________________

!PE2

hostname PE2

!

l2 vfi Cust_A manual

 vpn id 100

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

l2 vfi Cust_B manual

 vpn id 200

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

interface FastEthernet4/1

 description VPLS Customer A

 no ip address

 switchport

 switchport access vlan 100

 switchport mode access

!

interface FastEthernet4/2

 description VPLS Customer B

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 200

 switchport mode trunk

!

interface Vlan100

 no ip address

 xconnect vfi Cust_A

!

interface Vlan200

 no ip address

 xconnect vfi Cust_B

______________________________________________________________________

!PE3

hostname PE3

!

l2 vfi Cust_A manual

 vpn id 100

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.102 encapsulation mpls

!

l2 vfi Cust_B manual

 vpn id 200

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.102 encapsulation mpls

!

interface FastEthernet2/1

 description VPLS Customer A

 no ip address

 switchport

 switchport access vlan 100

 switchport mode access

!

interface FastEthernet2/2

 description VPLS Customer B

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 200

 switchport mode trunk

!

interface Vlan100

 no ip address

 xconnect vfi Cust_A

!

interface Vlan200

 no ip address

 xconnect vfi Cust_B

CE Router Configurations for Customer A and Customer B

Example 12-10 shows the configurations for Customer A's and Customer B's CE devices.

Example 12-10. CE Router Configurations

!CE1-A

hostname CE1-A

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

______________________________________________________________________

!CE1-B

hostname CE1-B

!

interface FastEthernet0/0.200

 encapsulation dot1Q 200

 ip address 192.168.1.1 255.255.255.0

______________________________________________________________________

!CE2-A

hostname CE2-A

!

interface FastEthernet0/0

ip address 172.16.1.2 255.255.255.0

______________________________________________________________________

!CE2-B

hostname CE2-B

!

interface FastEthernet0/0.200

 encapsulation dot1Q 200

 ip address 192.168.1.2 255.255.255.0

______________________________________________________________________

!CE3-A

hostname CE3-A

!

interface FastEthernet0/0

ip address 172.16.1.3 255.255.255.0

______________________________________________________________________

!CE3-B

hostname CE3-B

!

interface FastEthernet0/0.200

 encapsulation dot1Q 200

 ip address 192.168.1.3 255.255.255.0

Direct Attachment VPLS Configuration Scenario 2—Using Dot1q Tunnel Mode and Layer 2 Protocol Tunneling

Figure 12-9 shows a direct attachment VPLS network that is providing VPLS service to Customer A and B networks. The objective of this configuration scenario is to demonstrate dot1q tunnel mode configuration and the usage of Layer 2 tunnel protocol for CDP in Customer A's VPLS network. Customer B's VPLS network has Site 2 dual-homed to the SP network via user PE (u-PE23). Customer B network is used primarily to demonstrate how STP is tunneled and to prevent Layer 2 loops when a site has redundant links to the provider network. Figure 12-9 shows the VPLS topology used to demonstrate

• Layer 2 tunnel protocol for CDP and STP

• VPLS redundancy

Figure 12-9. Direct Attachment VPLS Using Dot1q Tunnel Mode and Layer 2 Protocol Tunneling

[View full size image]

Prior to configuring this scenario, you will be introduced to the following basic concepts:

• Cisco 802.1Q tunneling (also called Cisco 802.1Q-in-Q)?02.1Q tunneling enables SPs to use a single VLAN to securely transport most or all of a customer's VLANs across the MAN or WAN backbone. In 802.1Q tunneling, IOS adds an additional 802.1Q tag to customer traffic in the switch at the edge of the SP's network to keep each customer's VLAN traffic segregated and private. The tag, therefore, allows customer VLANs to be backhauled across a single SP VLAN through the use of a tunnel port that is assigned to each customer site. All of a single customer's VLANs that are configured in the tunnel port on the SP's WAN edge switch are aggregated and backhauled over a single VLAN.

  Service providers, therefore, do not have to assign a unique VLAN ID number to each individual customer VLAN, which quickly consumes the 4094 VLAN space supported by Ethernet's 802.1Q technology. In this way, encapsulating multiple customer 802.1Q VLANs into a single SP 802.1Q VLAN affords SPs a scalable approach to offering Ethernet services.

• Dot1q tunnel mode?In the VPLS network when using the dot1q tunnel mode, the 802.1Q tag is not used because the provider's MPLS network is used as a transit network in which the tunnel label is used to transport data packets from ingress PE to egress PE. Therefore, the tunnel label replaces the 802.1Q tag when the Layer 2 switch interface is configured to use the dot1q tunnel mode. Example 12-11 shows the configuration to enable dot1q tunnel mode on a switch port interface.

  Example 12-11. Dot1q Tunnel Mode Configuration

  Router(config-if)#switchport mode dot1q-tunnel

  
  

• Layer 2 protocol tunneling?In VPLS networks, Layer 2 switch ports by default drop STP and VTP packets. To avoid this, Layer 2 protocol tunneling allows Layer 2 protocol data units (PDUs), like CDP, STP, and VTP, to be tunneled through a network. As shown in Figure 12-9, if Layer 2 protocol tunneling is not enabled, CE1-A will not see CE2-A and CE3-A as CDP neighbors. Example 12-12 shows the configuration to enable Layer 2 protocol tunneling for CDP on switch port interfaces.

  Example 12-12. Configuring Layer 2 Protocol Tunneling

  Router(config-if)#l2protocol-tunnel cdp

  
  

The steps to configure the topology shown in Figure 12-9 are as follows:

PE1(config)#interface fastEthernet 4/1

PE1(config-if)#description VPLS Customer A (CE1-A)

PE1(config-if)#switchport

PE1(config-if)# switchport access vlan 100

PE1(config-if)#switchport mode dot1q-tunnel

PE1(config-if)#l2protocol-tunnel cdp

______________________________________________________________________

PE2(config)#vlan 20

PE2(config-vlan)#state active

PE2(config-vlan)#no spanning-tree vlan 20,200

PE2(config)#interface FastEthernet4/12

PE2(config-if)# switchport

PE2(config-if)# switchport trunk encapsulation dot1q

PE2(config-if)# switchport trunk native vlan 20

PE2(config-if)# switchport trunk allowed vlan 20,200

______________________________________________________________________

PE3(config)#vlan 20

PE3(config-vlan)#state active

PE3(config-vlan)#no spanning-tree vlan 20,200

PE3(config)#interface FastEthernet2/12

PE3(config-if)# switchport

PE3(config-if)# switchport trunk encapsulation dot1q

PE3(config-if)# switchport trunk native vlan 20

PE3(config-if)# switchport trunk allowed vlan 20,200

u-PE23(config)#spanning-tree mode mst

u-PE23(config)#spanning-tree mst configuration

u-PE23(config-mst)# name instance1

u-PE23(config-mst)# revision 1

u-PE23(config-mst)# instance 1 vlan 200

u-PE23(config)#interface FastEthernet0/11

u-PE23(config-if)# description connected to n-PE3

u-PE23(config-if)# switchport trunk encapsulation dot1q

u-PE23(config-if)# switchport trunk native vlan 20

u-PE23(config-if)# switchport trunk allowed vlan 20,200

u-PE23(config-if)# switchport mode trunk

u-PE23(config-if)#interface FastEthernet0/12

u-PE23(config-if)# description connected to n-PE2

u-PE23(config-if)# switchport trunk encapsulation dot1q

u-PE23(config-if)# switchport trunk native vlan 20

u-PE23(config-if)# switchport trunk allowed vlan 20,200

u-PE23(config-if)# switchport mode trunk

u-PE23(config-if)#interface FastEthernet0/2

u-PE23(config-if)# description connected to CE2-B

u-PE23(config-if)# switchport trunk encapsulation dot1q

u-PE23(config-if)# switchport trunk allowed vlan 200

u-PE23(config-if)# switchport mode trunk

PE2(config)#l2 vfi STP manual

PE2(config-vfi)# vpn id 20

PE2(config-vfi)# neighbor 10.10.10.103 encapsulation mpls

PE2(config)#interface vlan 20

PE2(config-if)#xconnect vfi STP

______________________________________________________________________

PE3(config)#l2 vfi STP manual

PE3(config-vfi)#vpn id 20

PE3(config-vfi)#neighbor 10.10.10.102 encapsulation mpls

PE3(config)#interface vlan 20

PE3(config-if)#xconnect vfi STP

Verify Layer 2 Protocol Tunneling for CDP and MSTP

To verify Layer 2 protocol tunneling for CDP and MSTP, follow these steps:

PE2#show l2protocol-tunnel summary

COS for Encapsulated Packets: 5

Drop Threshold for Encapsulated Packets: 0



Port    Protocol    Shutdown         Drop             Status

                    Threshold        Threshold

                    (cdp/stp/vtp)    (cdp/stp/vtp)

------- ----------- ---------------- ---------------- ----------

Fa4/1   cdp --- --- ----/----/----   ----/----/----   up

Fa4/12  --- stp --- ----/----/----   ----/----/----   up

______________________________________________________________________

PE3#show l2protocol-tunnel summary

COS for Encapsulated Packets: 5

Drop Threshold for Encapsulated Packets: 0



Port    Protocol    Shutdown         Drop             Status

                    Threshold        Threshold

                    (cdp/stp/vtp)    (cdp/stp/vtp)

------- ----------- ---------------- ---------------- ----------

Fa2/1   cdp --- --- ----/----/----   ----/----/----   up

Fa2/12  --- stp --- ----/----/----   ----/----/----   up

CE1-A#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

CE2-A            Fas 0/0           132          R S       2611XM    Fas 0/0

CE3-A            Fas 0/0           170          R S       2621XM    Fas 0/0

______________________________________________________________________

CE2-A#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

CE3-A            Fas 0/0           130          R S       2621XM    Fas 0/0

CE1-A            Fas 0/0           158          R S       2621XM    Fas 0/0

u-PE23#show spanning-tree mst 1

###### MST01        vlans mapped:  200

Bridge      address 000b.fd2a.6b00 priority  32769 (32768 sysid 1)

Root        this switch for MST01



Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/2            Desg FWD 200000    128.2    P2p

Fa0/11           Desg FWD 200000    128.11   P2p

Fa0/12           Back BLK 200000    128.12   P2p

PE Configurations

Example 12-19 shows the configurations on the PE router.

Example 12-19. Configurations on PE Routers, PE1, PE2, PE3, and u-PE23

!PE1

hostname PE1

!

l2 vfi Cust_A manual

 vpn id 100

 neighbor 10.10.10.102 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

l2 vfi Cust_B manual

 vpn id 200

 neighbor 10.10.10.102 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

vlan internal allocation policy ascending

vlan dot1q tag native

!

!

interface Loopback0

 ip address 10.10.10.101 255.255.255.255

!

interface FastEthernet4/1

 description VPLS Customer A (CE1-A)

 no ip address

 switchport

 switchport access vlan 100

 switchport mode dot1q-tunnel

 l2protocol-tunnel cdp

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet4/2

 description VPLS Customer B (CE1-B)

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 200

 switchport mode trunk

!

interface Vlan20

 no ip address

xconnect vfi STP



interface Vlan100

 no ip address

xconnect vfi Cust_A

!

interface Vlan200

 no ip address

 no ip igmp snooping

 xconnect vfi Cust_B

______________________________________________________________________

!PE2

hostname PE2

!

l2 vfi Cust_A manual

 vpn id 100

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

l2 vfi Cust_B manual

 vpn id 200

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

l2 vfi STP manual

 vpn id 20

 neighbor 10.10.10.103 encapsulation mpls

!

interface FastEthernet4/1

 description VPLS Customer A

 no ip address

 switchport

 switchport access vlan 100

 switchport mode dot1q-tunnel

 l2protocol-tunnel cdp

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet4/12

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 20

 switchport trunk allowed vlan 20,200

 l2protocol-tunnel stp

 spanning-tree bpdufilter enable

!

interface Vlan20

 no ip address

xconnect vfi STP

!

interface Vlan100

 no ip address

xconnect vfi Cust_A

!

interface Vlan200

 no ip address

 no ip igmp snooping

 xconnect vfi Cust_B

______________________________________________________________________

!PE3

hostname PE3

!

l2 vfi Cust_A manual

 vpn id 100

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.102 encapsulation mpls

!

l2 vfi Cust_B manual

 vpn id 200

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.102 encapsulation mpls

!

l2 vfi STP manual

 vpn id 20

 neighbor 10.10.10.102 encapsulation mpls

!

interface FastEthernet2/1

 description VPLS Customer A

 no ip address

 switchport

 switchport access vlan 100

 switchport mode dot1q-tunnel

 l2protocol-tunnel cdp

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet2/2

 description VPLS Customer B

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 200

 switchport mode trunk

!

interface FastEthernet2/12

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 20

 switchport trunk allowed vlan 20,200

 l2protocol-tunnel stp

 spanning-tree bpdufilter enable

!

interface Vlan20

 no ip address

 no ip igmp snooping

 xconnect vfi STP

!

interface Vlan100

 no ip address

 xconnect vfi Cust_A

!

interface Vlan200

 no ip address

 xconnect vfi Cust_B

______________________________________________________________________

!u-PE2

hostname u-PE2

!

ip subnet-zero

!

vtp domain Cust_B

vtp mode transparent

!

spanning-tree mode mst

spanning-tree extend system-id

!

spanning-tree mst configuration

 name instance1

 revision 1

 instance 1 vlan 200

!

interface FastEthernet0/2

 description connected to CE2-B

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 200

 switchport mode trunk

 spanning-tree bpdufilter enable

!

interface FastEthernet0/11

 description connected to n-PE3

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 20

 switchport trunk allowed vlan 20,200

 switchport mode trunk

!

interface FastEthernet0/12

 description connected to n-PE2

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 20

 switchport trunk allowed vlan 20,200

 switchport mode trunk

CE Configurations for Customers A and B

Refer to Example 12-10 for configurations of Customer A's and B's CE devices.