07-06-2009 09:26 AM - edited 03-04-2019 05:20 AM
I posted this in the ME section, but thought I would get some views here.
Can someone please help and give suggestions and possible configuration options for setting up metro ethernet in the following senario:
Will be setting up ME between headquarters and three remote branch offices. Each remote branch will be provisioned to 10MB, and the headquarters will have one link for the aggregate provisioned to 30MB.
My questions, we will have routers at the remotes, but how will this terminate at the headquarters? Do we connect the one ME aggregate connection to a router, or to a L3 switch? And how do you configure the headquarters devices to separate the traffic? Do you use sub interfaces like in frame relay? Please provide a sample config if possible.
Thanks
07-06-2009 09:51 AM
Brandon,
In a setup such as this one, I will use vrf lite for separation and use ME with L3 image.
I would trunk VLANs from each remote site and terminate as SVIs. each VLAN represents a service or Dept for example.
HTH
Sam
07-06-2009 09:58 AM
Hi Sam,
Thanks for your reply. So at the customer site (which I am the customer, not the provider) you would configure vrf lite?
Thanks
07-06-2009 10:27 AM
only if you need esparation of routing at remote sites, else HQ is enough.
Another solution would be to use PVLANs at HQ. So for ADMIN Vlans for exmaple, you would trunk same VLAN from HQ, and configure SVI. With PVLANs, no remote site can communicate with another at L2, all communication has to be at layer via SVI at HQ which gives you more control by using ACL. the config u need for this set up is one primary Vlan at HQ and secondary VLAN at remote sites.
I actually think, the latter is a simpler solution if separation is only required between sites and not at same site.
vlan 90
name VoIP-primary
private-vlan primary
private-vlan association 100
!
vlan 100
name VoIP-isolated
private-vlan isolated
!
interface Vlan90
description MGMT ### VoIP ###
ip address 10.157.2.1 255.255.254.0
private-vlan mapping 100
In this examaple, users on one site can talk to HQ, but not each other. PVLAN block communication at Layer 2 only, so u still need L3 ACLs at ur SVI on HQ to control.
HTH
Sam
07-06-2009 10:42 AM
Suggestions would depend on how your devices will "see" the Ethernet toplogy that connects all your sites. Assuming all four sites will see a "typical" Ethernet multipoint shared segment (E-LAN/VPLS), you may want to know what, if any, QoS support the MetroE vendor provides and/or have something "smarter" than a basic/LAN L2 or L3 switch connecting to MetroE connection. At 10 to 30 Mbps, ISR routers might be a suitable MetroE connected device, for higher speeds, you might want to consider a MetroE switch.
07-06-2009 11:25 AM
07-06-2009 03:29 PM
Since the hand-off is Ethernet, and if routing is only via the hub, I'm guessing there might be a VLAN trunk on the hub link with a VLAN per remote site. Whoever the MetroE vendor is, should be able to inform you further.
07-10-2009 05:13 PM
So if I have a "hub-and-spoke" ME setup and routers (not switches) at the hub and spoke locations will I have subinterfaces on the hub router with dot1q for each coresponding vlan and at the remotes the same type of setup?
Thanks
07-10-2009 07:38 PM
Normally, yes using dot1q subinterfaces on a router's routed interface is how they support VLAN trunks. (BTW, recall some of the older routers didn't support dot1q, and even for newer routers, you might need a non-base feature IOS image.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide