04-12-2017 08:03 PM - edited 03-08-2019 10:11 AM
On my day off, the commercial provider link went down. The remaining personnel could not log in to the edge router and decided to grab another, older router and swap them out. I came in quickly. They had already performed the physical swap and had a copy of the old config. The old router was a 3845, the new router is a 3825. This router is connected to the commercial provider DS3 link. At our remote site is another DS3 edge router connecting our two networks.
A previous admin configured the connections between the two sites. We have a few VLANs passed down to the Core router at my site, layer 2 pass down. I believe the previous admin passed those VLANs from one site to the other through MPLS/pseudowire. I don't really understand the config and much about this, at all. Reading Cisco's discussions of MPLS definitely do not help. I think my main problem is that not all of the config took because the IOS on the 3825 needs to be updated. I am waiting for approval on that. I keep getting an error to make sure MPLS is configured on router when I try to put in the xconnect command. I think that is because this IOS doesn't support full MPLS.
Is MPLS the best option for passing VLANs? Is it a secure option? How would you pass a layer 2 VLAN between remote sites?
This is what I am reading while I have time before the decision to upgrade comes back:
Cisco's write-ups are terrible to follow if you are not already well versed on a subject.
04-12-2017 10:10 PM
There is not enough information to answer this.
Is the 3845 actually dead? What happens if you power it up on your desk? Can you access it via the console port? If it is fine you can put it back into service.
It is possible the 3825 has different licencing, so even with an IOS upgrade it still may not work. I wouldn't be surprised if it needs a DATA licence. You can't buy a DATA licence anymore, it has been replaced by an AX licence.
psuedowire's usually require you have a DATA licence.
Do you need MPLS? Quite possibly not. Impossible to say without more information. L2TPv3 (which uses the xconnect command) allows VLAN extension and can happily run over any routed IP link.
04-13-2017 05:49 PM
I am not getting any response from the 3845 via console. The only time it shows life is when I put a 64MB card in; it responds saying lower 64 MB are missing. When I put the 128 in nothing happens. I tried cycling the power several times.
The IOS on the 3825 isn't even listed in tools.cisco.com; the file is 12.4-3g. I had our regional senior tech look at my config for the MPLS and everything checked out. I loaded 15.2 into the flash and I am waiting for approval to reboot. The second campus comes all the way up to our campus before it goes out to the internet, so taking the 3825 out of commission will kill internet for the entire second campus.
One good outcome is that we have proven our need for updated routers...at least for the DS3 links. They are getting emergency funds for two new routers.
I am still a little confused on passing layer 2 VLANs from one router to another via a commercial DS3 connection...and are these protocols secure like a GRE tunnel with IPSec? Also, most configs I read about are VPNs and what about passing other VLANs like our normal, internal VLANs? Previous admins were under the impression that the two campuses would be seperated at some point...so the VLANs are separate to each network. I would like to share VLANs to make life easier, in some cases.
04-14-2017 12:22 PM
GRE over IPSec is popular and barring any mis or poor configuration is secure.
04-13-2017 01:36 AM
Hello
It sounds like your using AtoM which is a P2P technology that can link the same or different kinds technology together between each site ( Any Technology over Mpls)
I would say another option could be VPLS which does the same thing but supports only Ethernet and can be either P2P or multipoint between sites.
Can you post your config if applicable?
res
Paul
04-13-2017 05:52 PM
I will pull that tomorrow. It was total chaos today. I am not familiar with VPLS. I was also thinking about a GRE tunnel with IPSec. A previous admin used that for trunked radio traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide