I'm working on setting up a l2vpn connection from a Cisco CMTS UBR 10012 to Juniper EX 9000.
I'm trying to avoid MPLS, and using the dot1q xconnect from the 10012.
cable l2-vpn-service xconnect nsi dot1q interface gigabitethernet 3/0/2
cable dot1q-vc-map 18:9c:27:96:29:af GigabitEthernet0/2 90
18:9c:27:96:29:af being device with static IP 192.168.1.2/30.
I've connected 3/0/2 directly to ge-0/1/8 on Juniper EX 9200, I'm struggling with how to handle this on the Juniper EX 9200, does anybody have any examples of how to configure this on the Juniper side, do I need special L2 config, or can I just handle it like normal ethernet and handle tag 90?
ge-0/1/8
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 90;
}
}
}
irb.90
family inet
address 192.168.1.1/30
Trying to PING from 192.168.1.1 to 192.168.1.2 and vice versa, no luck yet, can't find much documentation on this as far as the dot1q encapsulation type on the CMTS for the x-connect.
Is 18:9c:27:96:29:af the CM MAC (correct), or the CPE MAC (incorrect) ?
There are a few different ways of implementing L2VPN.
You are setting up Cisco Transparent LAN Services (TLS).
The the correct syntax for TLS is :
cable l2-vpn-service xconnect nsi dot1q
cable dot1q-vc-map cm_mac nsi_interface vlan_id [description]
You can view the L2VPN info like this :
show cable l2-vpn xconnect dot1q-vc-map
To ensure ARP traffic doesnt leak into the L2VPN, the CM config file should contain
DUTFiltering
{
DUTControl 1;
}
And yes, it will look like a normal dot1q VLANn on upstream router/switch.
You can assign it to a routed interface, or you could create a bridge.
On your juniper did you remember to map the vlan to the irb interface?
vlans TEST vlan-id 90 l3-interface irb.90
Ok, thanks for the reply, just trying to get this to work with the TLS, then I'll go after the CM config file setup. With the TLS on the CLI you can only do one VLAN per CM, my understanding is when using the config file I can assign multiple CM's to the same VM, which will allow me to use a generic config file for people I want to be redirected out the tunnel.
Each VLAN can must be unique
You cannot reuse the same VLAN across multiple modems
Oh, hrm, must have misread the Cisco docs on that. On to the next attempt I guess, option-82 filter? Need a way to identify CPE's that are assinged IP's from a specific pool, somehow tie these together, so those CPE's are marked and I can assign them out of a specific pool (so I can redirect DNS with a ACL).
The each VLAN must be unique is specific to Cisco 10Ks, newer BSOD services definitely allow more than one modem per VLAN....
On a cisco UBR10k / DHCPD you can do this: Have a separate DHCP server for modems, and for clients.
On the modems DHCP server, you have two subnets one for authorized modems one for un authorized modems. then the same thing on the DHCP server for CPE except you have 2 shared networks one with modem subnet for authed modems (no pools) and CPE subnet, and the other with unauthed modem subnet + cpe subnet for unauthed typically non-routeable.
When a modem comes up it will get an ip from one or the other pool, and after it gets its IP, CPE requests will come from same interface/subinterface the modem came up on.
more details here:
https://docsis.org/forums/docsis-chat/ubr-subinterfaces