VPN SERVICE CONFIGURATIONS ARE REPETITIVE TASKS THAT ARE CRITICAL T...

Question

3. VPN service configurations are repetitive tasks that are critical to automate, including:c. Actual service activation, performed by VPNSC, where a VPN is created and CE sites and remote access sites are added to it.Note For VPNSC configuration, refer to the MPLS VPNSC documentation suite at https://traloihay.net.Configuring Cisco uBR7200 VHG/PE RoutersPerform the following steps to configure the Cisco uBR7200 VHG/PE routers and cable access routers at the CPE using SCM.Note This example is just one way of performing this configuration task.Step 1 Create a management VPN where three VPNs are established with “management” serving as the management VPN by entering the following IOS command lines:a. Router (config)# ip vrf managementb. Router (config-vrf)# rd 100:1c. Router (config-vrf)# route-target export 100:1d. Router (config-vrf)# route-target import 100:1e. Router (config-vrf)# route-target import 1000:1000f. Router (config)# ip vrf vpn2g. Router (config-vrf)# rd 200:1h. Router (config-vrf)# route-target export 200:200i. Router (config-vrf)# route-target export 1000:1000j. Router (config-vrf)# route-target import 200:200k. Router (config-vrf)# route-target import 100:1l. Router (config)# ip vrf vpn3m. Router (config-vrf)# rd 300:1n. Router (config-vrf)# route-target export 300:300o. Router (config-vrf)# route-target export 1000:1000p. Router (config-vrf)# route-target import 300:300q. Router (config-vrf)# route-target import 100:1The management VPN learns the routes from the other VRFs from the import statement. The other two VPNs (referred to as “vpn2” and “vpn3”) export their routes to the management VPN and import the management VPN’s routes. Refer to the “Sample VHG/PE Configuration File” section on page 5-8 for a complete sample Cisco uBR7246 configuration file featuring this type of VPN configuration.Note The management VPN exports and imports routes to and from each of the other VPNs. Nonmanagement VPNs do not exchange information with one another, however, thus preserving isolation between nonmanagement VPNs.Step 2 Configure the cable subinterfaces on the VHG/PE by entering the following IOS command lines.For provisioning and management:a. Router (config)# interface Cable3/0.1b. Router (config-if)# ip vrf forwarding managementc. Router (config-if)# cable dhcp-giaddr policyd. Router (config-if)# cable helper-address 24.25.1.18For VPN cable access router and VPN users subnetsa. Router (config)# interface Cable3/0.2b. Router (config-if)# ip vrf forwarding vpn2c. Router (config-if)# ip address 24.25.12.1 255.255.255.0 secondaryd. Router (config-if)# ip address 24.25.13.1 255.255.255.0e. Router (config-if)# cable dhcp-giaddr policyf. Router (config-if)# cable helper-address 24.25.1.18 cable-modemg. Router (config-if)# cable helper-address 10.15.20.1 hostFor non-VPN cable and users subnetsa. Router (config)# interface Cable3/0.3b. Router (config-if)# ip address 24.25.15.1 255.255.255.0 secondaryc. Router (config-if)# ip address 24.25.14.1 255.255.255.0d. Router (config-if)# cable dhcp-giaddr policye. Router (config-if)# cable helper-address 24.25.1.18 cable-modemf. Router (config-if)# cable helper-address 10.19.15.1 hostThe first subinterface is placed in the management VPN. It is configured with a cable helper-address that forwards all DHCP requests to a Cisco Network Register DHCP server. The CNR DHCP server is connected to a router interface within the management VPN, either on this router or on a remote router. Create cable subinterfaces for each VPN and for non-VPN users, if required. Create a primary and a secondary IP address for each subinterface. The primary IP address subnet is used by the cable access routers and the secondary IP address subnet is used by the hosts connected to the cable access router. The cable DHCP-GIADDR policy command instructs the VHG/PE to differentiate DHCP requests from a cable access router and a host behind the cable access router. If different IP addresses are listed by the cable helper-address for hosts and cable access routers, the request is sent to different DHCP servers.The DHCP-GIADDR command also causes the VHG/PE to set the GIADDR field of PC DHCP requests to that of the secondary interfaces IP address. This enhances the network administrators ability to define DHCP scopes on the Cisco Network Register (CNR) server.In this configuration, VPN users are connected to cable interface 3/0.2, and non-VPN users attach to

Answer

3. VPN service configurations are repetitive tasks that are critical to automate, including:c. Actual service activation, performed by VPNSC, where a VPN is created and CE sites and remote access sites are added to it.Note For VPNSC configuration, refer to the MPLS VPNSC documentation suite at https://traloihay.net.Configuring Cisco uBR7200 VHG/PE RoutersPerform the following steps to configure the Cisco uBR7200 VHG/PE routers and cable access routers at the CPE using SCM.Note This example is just one way of performing this configuration task.Step 1 Create a management VPN where three VPNs are established with “management” serving as the management VPN by entering the following IOS command lines:a. Router (config)# ip vrf managementb. Router (config-vrf)# rd 100:1c. Router (config-vrf)# route-target export 100:1d. Router (config-vrf)# route-target import 100:1e. Router (config-vrf)# route-target import 1000:1000f. Router (config)# ip vrf vpn2g. Router (config-vrf)# rd 200:1h. Router (config-vrf)# route-target export 200:200i. Router (config-vrf)# route-target export 1000:1000j. Router (config-vrf)# route-target import 200:200k. Router (config-vrf)# route-target import 100:1l. Router (config)# ip vrf vpn3m. Router (config-vrf)# rd 300:1n. Router (config-vrf)# route-target export 300:300o. Router (config-vrf)# route-target export 1000:1000p. Router (config-vrf)# route-target import 300:300q. Router (config-vrf)# route-target import 100:1The management VPN learns the routes from the other VRFs from the import statement. The other two VPNs (referred to as “vpn2” and “vpn3”) export their routes to the management VPN and import the management VPN’s routes. Refer to the “Sample VHG/PE Configuration File” section on page 5-8 for a complete sample Cisco uBR7246 configuration file featuring this type of VPN configuration.Note The management VPN exports and imports routes to and from each of the other VPNs. Nonmanagement VPNs do not exchange information with one another, however, thus preserving isolation between nonmanagement VPNs.Step 2 Configure the cable subinterfaces on the VHG/PE by entering the following IOS command lines.For provisioning and management:a. Router (config)# interface Cable3/0.1b. Router (config-if)# ip vrf forwarding managementc. Router (config-if)# cable dhcp-giaddr policyd. Router (config-if)# cable helper-address 24.25.1.18For VPN cable access router and VPN users subnetsa. Router (config)# interface Cable3/0.2b. Router (config-if)# ip vrf forwarding vpn2c. Router (config-if)# ip address 24.25.12.1 255.255.255.0 secondaryd. Router (config-if)# ip address 24.25.13.1 255.255.255.0e. Router (config-if)# cable dhcp-giaddr policyf. Router (config-if)# cable helper-address 24.25.1.18 cable-modemg. Router (config-if)# cable helper-address 10.15.20.1 hostFor non-VPN cable and users subnetsa. Router (config)# interface Cable3/0.3b. Router (config-if)# ip address 24.25.15.1 255.255.255.0 secondaryc. Router (config-if)# ip address 24.25.14.1 255.255.255.0d. Router (config-if)# cable dhcp-giaddr policye. Router (config-if)# cable helper-address 24.25.1.18 cable-modemf. Router (config-if)# cable helper-address 10.19.15.1 hostThe first subinterface is placed in the management VPN. It is configured with a cable helper-address that forwards all DHCP requests to a Cisco Network Register DHCP server. The CNR DHCP server is connected to a router interface within the management VPN, either on this router or on a remote router. Create cable subinterfaces for each VPN and for non-VPN users, if required. Create a primary and a secondary IP address for each subinterface. The primary IP address subnet is used by the cable access routers and the secondary IP address subnet is used by the hosts connected to the cable access router. The cable DHCP-GIADDR policy command instructs the VHG/PE to differentiate DHCP requests from a cable access router and a host behind the cable access router. If different IP addresses are listed by the cable helper-address for hosts and cable access routers, the request is sent to different DHCP servers.The DHCP-GIADDR command also causes the VHG/PE to set the GIADDR field of PC DHCP requests to that of the secondary interfaces IP address. This enhances the network administrators ability to define DHCP scopes on the Cisco Network Register (CNR) server.In this configuration, VPN users are connected to cable interface 3/0.2, and non-VPN users attach to

VPN SERVICE CONFIGURATIONS ARE REPETITIVE TASKS THAT ARE CRITICAL T...

3. VPN service configurations are repetitive tasks that are critical to automate, including:

c. Actual service activation, performed by VPNSC, where a VPN is created and CE sites and

remote access sites are added to it.

Note For VPNSC configuration, refer to the MPLS VPNSC documentation suite at

https://traloihay.net.

Configuring Cisco uBR7200 VHG/PE Routers

Perform the following steps to configure the Cisco uBR7200 VHG/PE routers and cable access routers

at the CPE using SCM.

Note This example is just one way of performing this configuration task.

Step 1 Create a management VPN where three VPNs are established with “management” serving as the

management VPN by entering the following IOS command lines:

a.

b.

c.

d.

e.

f.

g.

h.

i.

j.

k.

l.

m.

n.

o.

p.

q.

The management VPN learns the routes from the other VRFs from the import statement. The other two

VPNs (referred to as “vpn2” and “vpn3”) export their routes to the management VPN and import the

management VPN’s routes. Refer to the “Sample VHG/PE Configuration File” section on page 5-8 for

a complete sample Cisco uBR7246 configuration file featuring this type of VPN configuration.

Note The management VPN exports and imports routes to and from each of the other VPNs.

Nonmanagement VPNs do not exchange information with one another, however, thus preserving

isolation between nonmanagement VPNs.

Step 2 Configure the cable subinterfaces on the VHG/PE by entering the following IOS command lines.

For provisioning and management:

a.

b.

c.

d.

For VPN cable access router and VPN users subnets

a.

b.

c.

d.

e.

f.

g.

For non-VPN cable and users subnets

a.

b.

c.

d.

e.

f.

The first subinterface is placed in the management VPN. It is configured with a cable helper-address that

forwards all DHCP requests to a Cisco Network Register DHCP server. The CNR DHCP server is

connected to a router interface within the management VPN, either on this router or on a remote router.

Create cable subinterfaces for each VPN and for non-VPN users, if required. Create a primary and a

secondary IP address for each subinterface. The primary IP address subnet is used by the cable access

routers and the secondary IP address subnet is used by the hosts connected to the cable access router.

The cable DHCP-GIADDR policy command instructs the VHG/PE to differentiate DHCP requests from

a cable access router and a host behind the cable access router. If different IP addresses are listed by the

cable helper-address for hosts and cable access routers, the request is sent to different DHCP servers.

The DHCP-GIADDR command also causes the VHG/PE to set the GIADDR field of PC DHCP requests

to that of the secondary interfaces IP address. This enhances the network administrators ability to define

DHCP scopes on the Cisco Network Register (CNR) server.

In this configuration, VPN users are connected to cable interface 3/0.2, and non-VPN users attach to

Bạn đang xem 3. - Cisco Remote Access to MPLS VPN Integration 0 Overview and Provisioning Guide