[c-nsp] Using L3 switches as CPE

[Anton Kapela]

On Mar 25, 2010, at 9:58 AM, Steve Bertrand wrote:

> - trunk vlan 768 through gi0/1 back to my PE router
> - configure an int vlan768 to contain the /30 ptp IP

fwiw, you can use /31's today on IOS, Junos, others.

> - configure a second vlan (eg: 5) and apply one of the client's IP
> addresses on it (which will act as their default gw)

fine for a single customer, but somewhere around 12.2(SE)46 and later "ip unnumbered subinterfaces" began to work on the box, which is quite a treat if you ever get into mtu/mdu places -- or any situation in which folks all need to get numbered out of a /26 or something, but where they should **not** have shared L2 access (should Jon see Toms DAAP shares on his l2 uplink? probably not). 

in short:

int vlan XXX
ip unnumbered loopback N

int loopback N
ip address x.x.x.x y.y.y.y

toss dhcp server on the same 3550, or for extra points, helper-addresses on the subints to a "real" dhcpd elsewhere.

because of this and other features, 3550 has become my favorite edge all-purpose metro cpe/mtu/mdu/lower-speed agg box. Also, be sure to read up on ingress policer support, as you'll want to rate limit crap that could busy up the slightly-anemic processor inside it. Folks have suggested that the ME3400 fast-e stuff has quite a robust control-plane, and it's dual AC or DC ps -- also cheap as heck (for what you get). Not as low cost as 3550 is today, but has v4/6 and code support for a while to come. 

read more here: "VLANs over IP Unnumbered Subinterfaces"

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtunvlan.html

The 12.3t is BS, it's on far, far, far more stuff than the text claims.

> - configure the fa interfaces as access ports for vlan 5

if you only need a single customer /29 or something adjacent (i.e. eth drop to their suite, etc), a 'no switchport' config is fine, also easier for when/if you expect to do egress and ingress ACL or QOS/policing. 

-Tk