Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 736
  • Last Modified:

Configure Cisco L3 switches for PTP circuit

I need some guidance on configuring my cisco switches to support a new PTP circuit that will be provisioned between my corporate office and colocation facility. I have several vlans that will need to pass traffic between the sites.

Environment

Corporate office
WS-C2960S-48TD-L switches uplinked to a WS-C3750X-24T-E IP services

Colocation
WS-C2960S-48TD-L switches uplinked to a S-C4500X-16SFP+ IP Base

I have ordered a C3KX-NM-10G=/GLC-SX-MM SFP for the 3750 to support the corporate office connection and a GLC-LH-SM SFP to support the colocation connection. The SFP were chosen based on the information Cogent provided.

The circuit is a Cogent L2 PTP
Gig-E
Metro
On-Net
Access (Untagged) /Standard (PTP only)
200mbps

If someone could please provide me with the steps on configuring both devices to support this circuit and the traffic that will flow to and from each site.

Thank you in advance.

Ron
0
agcsupport
Asked:
agcsupport
  • 7
  • 4
  • 3
1 Solution
 
Don JohnstonCommented:
Did you tell the provider that you want to transport multiple VLANs? Because "Access (Untagged)" would seem to indicate that they are not expecting multiple VLANs.
0
 
agcsupportAuthor Commented:
I dont recall having that discussion with them. Should I have them change to VLAN tagging? Is this the better way of provisioning? I will send the provider a note requesting vlan tagging.

Can you tell me the steps to configure my equipment?

Thanks in advance.

Ron
0
 
SouljaCommented:
If in fact your ISP is QinQ'ing your traffic the only thing you need to do from a customer perspective is create a trunk  with dot1q encapsulation on your switch interface that connects to the ISP's circuit/equipment.  Make sure you tag ALL vlans, no native vlan traffic.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
agcsupportAuthor Commented:
I asked the ISP about vlan tagging and here is the response.

Technically, if you are internally routing between the office and the data center, the internal VLAN’s won’t pass, since TCP/IP would consider that an internal gateway and not in the same broadcast domain.  One of the benefits of routing internally, across point-to-point, and wide area links, is it allows some separation between broadcast domains, and directing traffic to specific networks/IP addresses.

If you had to pass VLAN information across your routed link, you would essentially be creating a VPN across, but if so, we could enable Q in Q out (you would then have to tag  your VLAN id’s and accept both ends on Trunked ports) so you can pass your VLAN id’s natively, but that places each end on the same broadcast domains be passed.
0
 
agcsupportAuthor Commented:
I spoke with the engineer and he will provision whichever method I want. Can you tell me what is the best way to configure this circuit?

Ron
0
 
SouljaCommented:
The second paragraph is pretty much what I stated. Now which option is up to you. Do you want both locations on the same L2 domain,ie. do you want networks in each location on same vlans? If not and normal network separation and routing between sites is fine then go with option 1. Option 2 if you want the span L2 between sites.
0
 
agcsupportAuthor Commented:
The networks/vlans at the corporate office are specific to that site and the same holds true for the colocation. So as an example 10.0.41.0/24 - 10.0.42.0/24 are networks that sit only at the corporate office and 10.0.1.0/24 - 10.0.8.0/24 are only at the colocation site. They only need to see each other.
0
 
SouljaCommented:
Okay, so you just want normal routing between the sites then.
0
 
agcsupportAuthor Commented:
Thats the way its looking. So knowing that can you provide me with the specific steps to configure each L3 switch at each end?

Also do I need to ensure that ISP is providing Q in Q out?

Ron
0
 
Don JohnstonCommented:
On the interface connecting to the provider, define the interface as layer 3 and assign an IP address.

interface g0/12
 no switchport
 ip address 192.168.1.1 255.255.255.252
 no shutdown 

Open in new window


Do the same config on the other end (different address, obviously).

You will also need routes on each switch to the other location.  I can't remember if the 2960's can do routing protocols or if they can, which ones.  But you could do static routes.

ip route 10.0.0.0 255.255.248.0 192.168.1.1 (IP address of switch at colo.)
ip route 10.0.8.0 255.255.255.0 192.168.1.1

Open in new window


Then create static routes on the other switch for the HQ site.
0
 
SouljaCommented:
Bah, Don beat me to it. :)
0
 
agcsupportAuthor Commented:
From the looks of it I was overthinking the setup :)

What about the QinQout peice with the ISP?
0
 
Don JohnstonCommented:
If you're not sending VLAN tags, Q-in-Q is irrelevant.  It's only a factor (for you) if you're doing trunks.
0
 
agcsupportAuthor Commented:
Thank you for all of the help.

Ron
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now