cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4976
Views
0
Helpful
4
Replies

Problem of L2VPN setup between Cisco3945 and Juniper J2320 (method l2circuit)

jerry.z.fan
Level 1
Level 1

I have to setup L2VPN between Cisco and Juniper routers. It is for the internal products testing in my company. But VC is always down there. I searched many documents, but didn't work. I really need help. Thank you..

 

Jerry FAN

 

J2320 is running on 11.4R5.5; Cisco3945 is running on 15.2(4)M2 with MPLS function activated.

 

root@Router_MPS_TEST_A# show

## Last changed: 2012-11-22 11:17:01 UTC

version 11.4R5.5;

system {

    host-name Router_MPS_TEST_A;

    root-authentication {

        encrypted-password "$1$xS88ja0F$cjZBwBjP6hIxrdGDEsE7r1"; ## SECRET-DATA

    }

    services;

    syslog {

        user * {

            any emergency;

        }

        file messages {

            any any;

            authorization info;

        }

        file interactive-commands {

            interactive-commands any;

        }

    }

    license {

        autoupdate {

            url https://ae1.juniper.net/junos/key_retrieval;

        }                               

    }

}

interfaces {

    ge-0/0/0 {

        unit 0 {

            family inet {

                address 192.168.12.1/24;

            }

            family mpls;

        }

    }

    ge-0/0/1 {

        vlan-tagging;

        encapsulation vlan-ccc;

        unit 0 {

            vlan-id 1;

        }

        unit 121 {

            vlan-id 121;

        }

    }

    lo0 {

        unit 0 {                        

            family inet {

                address 1.1.1.1/32;

            }

        }

    }

}

routing-options {

    static {

        route 2.2.2.2/32 next-hop 192.168.12.2;

    }

}

protocols {

    mpls {

        interface ge-0/0/0.0;

        interface lo0.0;

    }

    ldp {

        interface all;

    }

    l2circuit {

        neighbor 2.2.2.2 {

            interface ge-0/0/1.121 {

                virtual-circuit-id 100;

                encapsulation-type ethernet-vlan;

                ignore-encapsulation-mismatch;

                ignore-mtu-mismatch;

            }

        }

    }

}

security {

    policies {

        from-zone trust to-zone trust {

            policy default-permit {

                match {

                    source-address any;

                    destination-address any;

                    application any;

                }

                then {

                    permit;

                }

            }

        }

    }

    zones {                             

        security-zone trust {

            tcp-rst;

            interfaces {

                ge-0/0/0.0 {

                    host-inbound-traffic {

                        system-services {

                            any-service;

                        }

                    }

                }

                lo0.0 {

                    host-inbound-traffic {

                        system-services {

                            any-service;

                        }

                    }

                }

                ge-0/0/1.0 {

                    host-inbound-traffic {

                        system-services {

                            any-service;

                        }

                    }                   

                }

                ge-0/0/1.121 {

                    host-inbound-traffic {

                        system-services {

                            any-service;

                        }

                    }

                }

            }

        }

    }

}

[edit]

root@Router_MPS_TEST_A#

 

=================================================================

 

Router_MPS_TEST_B#s run

Building configuration...

Current configuration : 1733 bytes

!

! Last configuration change at 06:22:03 UTC Thu Nov 22 2012

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router_MPS_TEST_B

!

boot-start-marker

boot system flash0 c3900-universalk9-mz.SPA.152-4.M2.bin

boot-end-marker

!

!

enable password cisco

!

no aaa new-model

!

ip cef

!

!

!         

!

!

!

!

!

no ip domain lookup

no ipv6 cef

multilink bundle-name authenticated

!

!

!

!

license udi pid C3900-SPE150/K9

!

!

!

redundancy

!

!

csdb tcp synwait-time 30

csdb tcp idle-time 3600

csdb tcp finwait-time 5

csdb tcp reassembly max-memory 1024

csdb tcp reassembly max-queue-length 16

csdb udp idle-time 30

csdb icmp idle-time 10

csdb session max-session 65535

!

!

!

!

interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 ip address 192.168.12.2 255.255.255.0

 duplex auto

 speed auto

 mpls ip

!         

interface GigabitEthernet0/1

 no ip address

 duplex auto

 speed auto

 no keepalive

!

interface GigabitEthernet0/1.121

 encapsulation dot1Q 121

 xconnect 1.1.1.1 100 encapsulation mpls

!

interface GigabitEthernet0/2

 no ip address

 shutdown

 duplex auto

 speed auto

!

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 1.1.1.1 255.255.255.255 192.168.12.1

!

!

!

!

control-plane

!

!

!

line con 0

 exec-timeout 0 0

 logging synchronous

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 password cisco

 logging synchronous

 login    

 transport input all

!

scheduler allocate 20000 1000

!

end

Router_MPS_TEST_B#

 

===============================================================

 

root@Router_MPS_TEST_A# run show l2circuit connections

Layer-2 Circuit Connections:

Legend for connection status (St)   

EI -- encapsulation invalid      NP -- interface h/w not present   

MM -- mtu mismatch               Dn -- down                       

EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down    

CM -- control-word mismatch      Up -- operational                

VM -- vlan id mismatch           CF -- Call admission control failure

OL -- no outgoing label          IB -- TDM incompatible bitrate

NC -- intf encaps not CCC/TCC    TM -- TDM misconfiguration

BK -- Backup Connection          ST -- Standby Connection

CB -- rcvd cell-bundle size bad  SP -- Static Pseudowire

LD -- local site signaled down   RS -- remote site standby

RD -- remote site signaled down  XX -- unknown

Legend for interface status  

Up -- operational            

Dn -- down                   

Neighbor: 2.2.2.2

    Interface                 Type  St     Time last up          # Up trans

    ge-0/0/1.121(vc 100)      rmt   NP   

[edit]

root@Router_MPS_TEST_A#

root@Router_MPS_TEST_A# run show mpls interface detail

Interface: ge-0/0/0.0

  State: Up

  Administrative group: <none>

  Maximum labels: 3

  Static protection revert time: 5 seconds

  Always mark connection protection tlv: Disabled

  Switch away lsps : Disabled

[edit]

root@Router_MPS_TEST_A#

 

=======================================================================

 

Router_MPS_TEST_B#sh mpls l2transport vc detail

Local interface: Gi0/1.121 up, line protocol up, Eth VLAN 121 up

  Destination address: 1.1.1.1, VC ID: 100, VC status: down

    Output interface: none, imposed label stack {}

    Preferred path: not configured  

    Default path: no route

    No adjacency

  Create time: 04:35:05, last status change time: 03:31:50

  Signaling protocol: LDP, peer unknown

    Targeted Hello: 2.2.2.2(LDP Id) -> 1.1.1.1

    Status TLV support (local/remote)   : enabled/unknown (no remote binding)

      Label/status state machine        : local standby, AC-ready, LnuRnd

      Last local dataplane   status rcvd: no fault

      Last local SSS circuit status rcvd: no fault

      Last local SSS circuit status sent: not sent

      Last local  LDP TLV    status sent: not sent

      Last remote LDP TLV    status rcvd: unknown (no remote binding)

    MPLS VC labels: local 16, remote unassigned

    Group ID: local 0, remote unknown

    MTU: local 1500, remote unknown

    Remote interface description:

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 0, send 0

    byte totals:   receive 0, send 0

    packet drops:  receive 0, seq error 0, send 0

Router_MPS_TEST_B#

4 Replies 4

shivjain
Cisco Employee
Cisco Employee

I could n't see mpls ip and mpls label protocol ldp command. Could you check it again. Also let us know what is the output of show mpls l2vpn citcuitid .....

I still remember by default Junipe doesn't peform PHP, that need to be enabled. Could you check that also.

regards

shivlu jain

www.mplsvpn.info

jerry.z.fan
Level 1
Level 1

Problem resolved. Changed forward-option to packet mode and add encapsulation vlan-ccc and vlan id on subinterface

in Junos as well.

hi

if possible could you highlight the changes you made or post the full configuration.

regards

shivlu jain

Here you go.

root@J2320> show configuration | no-more

## Last commit: 2012-11-27 10:44:17 UTC by root

version 11.4R5.5;

system {

    host-name J2320;

    root-authentication {

        encrypted-password "$1$xS88ja0F$cjZBwBjP6hIxrdGDEsE7r1"; ## SECRET-DATA

    }

    services;

    syslog {

        user * {

            any emergency;

        }

        file messages {

            any any;

            authorization info;

        }

        file interactive-commands {

            interactive-commands any;

        }

    }

    license {

        autoupdate {

            url https://ae1.juniper.net/junos/key_retrieval;

        }

    }

}

interfaces {

    ge-0/0/0 {

        unit 0 {

            family inet {

                address 192.168.12.1/24;

            }

            family mpls;

        }

    }

    ge-0/0/1 {

        vlan-tagging;

        encapsulation vlan-ccc;

        unit 0 {

            vlan-id 1;

        }

        unit 512 {

            encapsulation vlan-ccc;

            vlan-id 512;

        }

    }

    lo0 {

        unit 0 {

            family inet {

                address 1.1.1.1/32;

            }

        }

    }

}

routing-options {

    static {

        route 2.2.2.2/32 next-hop 192.168.12.2;

    }

}

protocols {

    mpls {

        interface ge-0/0/0.0;

        interface lo0.0;

    }

    ldp {

        interface all;

    }

    l2circuit {

        neighbor 2.2.2.2 {

            interface ge-0/0/1.512 {

                virtual-circuit-id 100;

                encapsulation-type ethernet-vlan;

                ignore-encapsulation-mismatch;

                ignore-mtu-mismatch;

            }

        }

    }

}

security {

    forwarding-options {

        family {

            mpls {

                mode packet-based;

            }

        }

    }

    zones {

        security-zone trust {

            tcp-rst;

            interfaces {

                ge-0/0/0.0 {

                    host-inbound-traffic {

                        system-services {

                            any-service;

                        }

                    }

                }

                lo0.0 {

                    host-inbound-traffic {

                        system-services {

                            any-service;

                        }

                    }

                }

                ge-0/0/1.512 {

                    host-inbound-traffic {

                        system-services {

                            any-service;

                        }

                    }

                }

            }

        }

    }

}

root@J2320>

root@J2320> show l2circuit connections extensive

Layer-2 Circuit Connections:

Legend for connection status (St)  

EI -- encapsulation invalid      NP -- interface h/w not present  

MM -- mtu mismatch               Dn -- down                      

EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down   

CM -- control-word mismatch      Up -- operational               

VM -- vlan id mismatch           CF -- Call admission control failure

OL -- no outgoing label          IB -- TDM incompatible bitrate

NC -- intf encaps not CCC/TCC    TM -- TDM misconfiguration

BK -- Backup Connection          ST -- Standby Connection

CB -- rcvd cell-bundle size bad  SP -- Static Pseudowire

LD -- local site signaled down   RS -- remote site standby

RD -- remote site signaled down  XX -- unknown

Legend for interface status 

Up -- operational           

Dn -- down                  

Neighbor: 2.2.2.2

    Interface                 Type  St     Time last up          # Up trans

    ge-0/0/1.512(vc 100)      rmt   Up     Nov 27 10:50:26 2012           1

      Remote PE: 2.2.2.2, Negotiated control-word: Yes (Null)

      Incoming label: 299808, Outgoing label: 17

      Negotiated PW status TLV: No     

      Local interface: ge-0/0/1.512, Status: Up, Encapsulation: VLAN

    Connection History:

        Nov 27 10:50:26 2012  status update timer 

        Nov 27 10:50:26 2012  PE route changed    

        Nov 27 10:50:26 2012  Out lbl Update                        17

        Nov 27 10:50:26 2012  In lbl Update                     299808

        Nov 27 10:50:26 2012  loc intf up                 ge-0/0/1.512

root@J2320>

===================================================================================

Router_MPS_TEST_B#sh run

Building configuration...

Current configuration : 1762 bytes

!

! Last configuration change at 10:04:06 UTC Tue Nov 27 2012

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router_MPS_TEST_B

!

boot-start-marker

boot system flash0 c3900-universalk9-mz.SPA.152-4.M2.bin

boot config flash0:/mpls.cfg

boot-end-marker

!

!

enable password cisco

!

no aaa new-model

!

ip cef

!

!        

!

!

!

!

!

!

no ip domain lookup

no ipv6 cef

multilink bundle-name authenticated

!

!

!

!

license udi pid C3900-SPE150/K9

!

!

!

redundancy

!

!

csdb tcp synwait-time 30

csdb tcp idle-time 3600

csdb tcp finwait-time 5

csdb tcp reassembly max-memory 1024

csdb tcp reassembly max-queue-length 16

csdb udp idle-time 30

csdb icmp idle-time 10

csdb session max-session 65535

!

!

!

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.12.2 255.255.255.0

duplex auto

speed auto

mpls ip 

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

no keepalive

!

interface GigabitEthernet0/1.512

encapsulation dot1Q 512

xconnect 1.1.1.1 100 encapsulation mpls

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!        

ip route 1.1.1.1 255.255.255.255 192.168.12.1

!

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password cisco

logging synchronous

login

transport input all

!

scheduler allocate 20000 1000

!

end

Router_MPS_TEST_B#                 

Router_MPS_TEST_B#sh mpls l2transport vc detail

Local interface: Gi0/1.512 up, line protocol up, Eth VLAN 512 up

  Destination address: 1.1.1.1, VC ID: 100, VC status: up

    Output interface: Gi0/0, imposed label stack {299808}

    Preferred path: not configured 

    Default path: active

    Next hop: 192.168.12.1

  Create time: 00:31:23, last status change time: 00:02:02

  Signaling protocol: LDP, peer 1.1.1.1:0 up

    Targeted Hello: 2.2.2.2(LDP Id) -> 1.1.1.1

    Status TLV support (local/remote)   : enabled/not supported

      Label/status state machine        : established, LruRru

      Last local dataplane   status rcvd: no fault

      Last local SSS circuit status rcvd: no fault

      Last local SSS circuit status sent: no fault

      Last local  LDP TLV    status sent: no fault

      Last remote LDP TLV    status rcvd: not sent

    MPLS VC labels: local 17, remote 299808

    Group ID: local 0, remote 0

    MTU: local 1500, remote 1500

    Remote interface description:

    Remote VLAN id: 512

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 1010, send 1013

    byte totals:   receive 118856, send 141334

    packet drops:  receive 0, seq error 0, send 0

Router_MPS_TEST_B#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: