[c-nsp] Cisco ME3600X and Bridge-Domain Routing config question

Arie Vayner (avayner) avayner at cisco.com
Mon Nov 14 05:32:47 EST 2011


Reuben,

On the ME3600X you cannot have the same VLAN used as an SVI for Layer 3
bridge-domain on a service-instance, and at the same time also applied
as a regular allowed VLAN on a trunk or as the VLAN of an access port.

Check that VLAN780 is not allowed anywhere on the system (trunks and
access ports), and it is only used as "bridge-domain" on a single
service-instance EFP.

These restrictions are documented here (section name is "Bridge Domain
Routing"):
http://www.cisco.com/en/US/partner/docs/switches/metro/me3600x_3800x/sof
tware/release/12.2_52_ey/configuration/guide/swevc.html#wp1058131

You are most likely hitting these restrictions:
*There can be only one EFP in the bridge domain. (applies for routes
bridge-domains)
*You cannot have any Layer 2 switchports in the VLAN (bridge domain)
used for routing.


Arie


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Reuben Farrelly
Sent: Monday, November 14, 2011 11:37
To: c-nsp
Subject: [c-nsp] Cisco ME3600X and Bridge-Domain Routing config question

I've recently started to explore the more "interesting" features of the
ME3600X platform and one of the things I have been looking at is
starting to provision customers using EVC type configuration, so I can
do vlan tag remapping and other nice things in the coming months.

Previously I've been just using SVI's and trunk ports - which has worked
reasonably well, but has some limitations in terms of scalability and
features.

At the moment I'm starting off small and looking to set up just one
brand new access ethernet service for a customer for now to test out the
concept and familiarise myself with the configuration before I look to
deploy this across the board.  [NB: The service was meant to be ordered
as a trunk but was incorrectly provisioned and I've been told to get it
working ASAP, so for the meantime I'm stuck with it being an access
port, but it is almost certain it will become a trunk service in the
future and I have other trunk ports I can deploy with].

However I'm clearly missing something here, as the switch just won't let
me apply the config.

The old configuration which works is:

interface GigabitEthernet0/15
  description CUSTOMER - X
  port-type nni
  switchport access vlan 780
  spanning-tree portfast
!
interface Vlan780
  description CUSTOMER - X
  vrf forwarding CUSTOMER-VRF
  bandwidth 30000
  ip address XXX.XXX.96.69 255.255.255.252
  no ip proxy-arp
end

This is all good.

Now here is what I was proposing as the equivalent EVC config:

interface GigabitEthernet0/15
  description CUSTOMER - X
  port-type nni
  switchport trunk allowed vlan none
  switchport mode trunk
  service instance 780 ethernet
   encapsulation untagged
   bridge-domain 780
  !
interface Vlan780
  description CUSTOMER - X
  bandwidth 30000
  ip address XXX.XXX.96.69 255.255.255.252
  no ip proxy-arp
end

The interface config applies fine, but the SVI refuses to take an IP
address:

sw1.qld(config-if)# ip address XXX.XXX.96.69 255.255.255.252 %IP address
cannot be configured on bridge domain 780 EFP & Switchports or EFPs
sw1.qld(config-if)#

Ok, so let's go to the documentation, clearly I must be doing something
wrong.

http://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/software/re
lease/12.2_52_ey/configuration/guide/swevc.pdf

------------

This is an example of configuring bridge-domain routing with a single
tag EFP:
Switch (config)# interface gigabitethernet0/2 Switch (config)#
switchport mode trunk Switch (config)# switchport trunk allowed vlan
none Switch (config-if)# service instance 1 Ethernet Switch
(config-if-srv)# encapsulation dot1q 10 Switch (config-if-srv)# rewrite
ingress tag pop 1 symmetric Switch (config-if-srv)# bridge-domain 100
Switch (config)# interface vlan 100 Switch (config-if)# ip address
20.1.1.1 255.255.255.255

--------------

Hmm, not that different to what I was trying, but let's try the example
from the documentation - changing Gig0/2 to Gi0/5 as Gi0/2 is used on my
switch:

sw1.qld(config)#default interface gig0/5 Interface GigabitEthernet0/5
set to default configuration sw1.qld(config)#interface
gigabitethernet0/5 sw1.qld(config-if)#switchport mode trunk
sw1.qld(config-if)#switchport trunk allowed vlan none
sw1.qld(config-if)#service instance 1 Ethernet
sw1.qld(config-if-srv)#encapsulation dot1q 10 sw1.qld(config-if-srv)#
rewrite ingress tag pop 1 symmetric sw1.qld(config-if-srv)#
bridge-domain 100 sw1.qld(config-if-srv)#interface vlan 100
sw1.qld(config-if)#ip address 20.1.1.1 255.255.255.255 %IP address
cannot be configured on bridge domain 100 EFP & Switchports or EFPs
sw1.qld(config-if)#

Ok now I'm confused.  The documentation example doesn't work either. 
I'm not too sure where to look next.

What exactly am I doing wrong?

I'm running 12.2(52)EY3a on the switches and I cannot upgrade to
15.1(2)EY as the units will not link up ports with hardcoded speed and
duplex (CSCtr83418) and also won't switch IPv6 traffic through the
switch (CSCtr83500) either, even if configured only for IPv4, so we're
stuck on the old release until some code comes out which doesn't break
more than it fixes.  Is this doable in 15.1(2)EY though anyway?

Which reminds me, where -is- 15.1(2)EY rebuild which was planned for
September, then 30th October, and now it's mid November and it's still
MIA?  IPv6 anyone?

Reuben



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list