Layer 2 Virtual Private Network (L2VPN) Interworking allows you to connect disparate attachment circuits. This feature module explains how to configure the following L2VPN Interworking features:
Ethernet/VLAN to ATM AAL5 Interworking
Ethernet/VLAN to Frame Relay Interworking
Ethernet/VLAN to PPP Interworking
Ethernet to VLAN Interworking
Frame Relay to ATM AAL5 Interworking
Frame Relay to PPP Interworking
Ethernet/VLAN to ATM virtual channel identifier (VPI) and virtual channel identifier (VCI) Interworking
L2VPN Interworking: VLAN Enable/Disable Option for AToM
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for L2VPN Interworking
Before you configure L2VPN Interworking on a router:
You must enable Cisco Express Forwarding.
On the Cisco 12000 series Internet router, before you configure Layer 2 Tunnel Protocol version 3 (L2TPv3) for L2VPN Interworking on an IP Services Engine (ISE/Engine 3) or Engine 5 interface, you must also enable the L2VPN feature bundle on the line card.
To enable the feature bundle, enter the hw-moduleslotnpmodefeature command in global configuration mode as follows:
This section lists general restrictions that apply to L2VPN Interworking. Other restrictions that are platform-specific or device-specific are listed in the following sections.
The interworking type on one provider edge (PE) router must match the interworking type on the peer PE router.
The following quality of service (QoS) features are supported with L2VPN Interworking:
Static IP type of service (ToS) or Multiprotocol Label Switching (MPLS) experimental bit (EXP) setting in tunnel header
IP ToS reflection in tunnel header (Layer 2 Tunnel Protocol Version 3 (L2TPv3) only)
One-to-one mapping of VLAN priority bits to MPLS EXP bits
Only ATM AAL5 VC mode is supported; ATM VP and port mode are not supported.
In Cisco IOS Release 12.2(52)SE and Cisco IOS Release 12.2(33)SRE, the encapsulation command supports only the mpls keyword. The l2tpv3 keyword is not supported. The interworking command supports only the ethernet and vlan keywords. The ip keyword is not supported.
Cisco 7600 Series Routers Restrictions
The following line cards are supported on the Cisco 7600 series router. The first table below shows the line cards that are supported on the WAN (ATM, Frame Relay, or PPP) side of the interworking link. The second table below shows the line cards that are supported on the Ethernet side of the interworking link. For more details on the Cisco 7600 routers supported shared port adapters and line cards, see the following document:
ES20 SIP-600 and SIP-400 with Gigabit Ethernet (GE) SPA
IP (routed)
PFC-based
Catalyst LAN SIP-600
Note:PFC-based mode is not supported with routed interworking in Cisco IOS Release 12.2(33)SRD. Use SVI, Scalable, or Ethernet virtual connection (EVC) based Ethernet over MPLS (EoMPLS) instead.
Catalyst LAN SIP-600
Note: PFC-based mode is not supported with routed interworking in Cisco IOS Release 12.2(33)SRD. Use SVI, Scalable, or EVC-based EoMPLS instead.
The following restrictions apply to the Cisco 7600 series routers and L2VPN Interworking:
OAM Emulation is not required with L2VPN Interworking on the SIP-200, SIP-400, and Flexwan2 line cards.
Cisco 7600 series routers support the L2VPN Interworking: VLAN Enable/Disable Option for AToM feature starting in Cisco IOS Release 12.2(33)SRE. This feature has the following restrictions:
PFC-based EoMPLS is not supported.
Scalable and SVI-based EoMPLS are supported with the SIP-400 line card.
The Cisco 7600 series routers do not support L2VPN Interworking over L2TPv3.
Cisco 7600 series routers support only the following interworking types:
Ethernet/VLAN to Frame Relay (IP and Ethernet modes)
Ethernet/VLAN to ATM AAL5SNAP (IP and Ethernet modes)
Ethernet/VLAN to PPP (IP only)
Ethernet to VLAN Interworking
Cisco 7600 series routers do not support the following interworking types:
Ethernet/VLAN to ATM AAL5MUX
Frame Relay to PPP Interworking
Frame Relay to ATM AAL5 Interworking
Both ends of the interworking link must be configured with the same encapsulation and interworking type:
If you use Ethernet encapsulation, you must use the Ethernet (bridged) interworking type. If you are not using Ethernet encapsulation, you can use a bridging mechanism, such as routed bridge encapsulation (RBE).
If you use an IP encapsulation (such as ATM or Frame Relay), you must use the IP (routed) interworking type. The PE routers negotiate the process for learning and resolving addresses.
You must use the same MTU size on the attachment circuits at each end of the pseudowire.
PFC-based EoMPLS is not supported on ES40 line cards. SVI and EVC/scalable EoMPLS are the alternative options.
PFC-based EoMPLS is not supported for Routed/IP interworking in Cisco IOS Release 12.2(33)SRD and later releases. The alternative Routed/IP interworking options are SVI and EVC or scalable EoMPLS. However, PFC-based EoMPLS is supported for Ethernet/Bridged interworking and for like-to-like over AToM.
For QOS support on the Cisco 12000 series routers, see Any Transport over MPLS (AToM): Layer 2 QoS (Quality of Service) for the Cisco 12000 Series Router
Frame Relay to PPP and High-Level Data Link Control Interworking
The Cisco 12000 series Internet router does not support L2VPN Interworking with PPP and high-level data link control (HDLC) transport types in Cisco IOS releases earlier than Cisco IOS Release 12.0(32)S.
In Cisco IOS Release 12.0(32)S and later releases, the Cisco 12000 series Internet router supports L2VPN interworking for Frame Relay over MPLS and PPP and HDLC over MPLS only on the following shared port adapters (SPAs):
ISE/Engine 3 SPAs:
SPA-2XCT3/DS0 (2-port channelized T3 to DS0)
SPA-4XCT3/DS0 (4-port channelized T3 to DS0)
Engine 5 SPAs:
SPA-1XCHSTM1/OC-3 (1-port channelized STM-1c/OC-3c to DS0)
SPA-8XCHT1/E1 (8-port channelized T1/E1)
SPA-2XOC-48-POS/RPR (2-port OC-48/STM16 POS/RPR)
SPA-OC-192POS-LR (1-port OC-192/STM64 POS/RPR)
SPA-OC-192POS-XFP (1-port OC-192/STM64 POS/RPR)
L2VPN Interworking over L2TPv3
On the Cisco 12000 series Internet router, Ethernet (bridged) interworking is not supported for L2TPv3. Only IP (routed) interworking is supported.
IP (routed) interworking is not supported in an L2TPv3 pseudowire that is configured for data sequencing (using the
sequencing command).
In Cisco IOS Release 12.0(32)SY and later releases, the Cisco 12000 series Internet router supports L2VPN Interworking over L2TPv3 tunnels in IP mode on ISE and Engine 5 line cards as follows:
On an ISE interface configured for L2TPv3 tunneling, the following Layer 2 encapsulations are supported:
ATM adaptation layer type-5 (AAL5)
Ethernet
802.1q (VLAN)
Frame Relay DLCI
On an Engine 5 interface configured for L2TPv3 tunneling, the following Layer 2 encapsulations are supported:
Ethernet
802.1q (VLAN)
Frame Relay DLCI
For more information, refer to Layer 2 Tunnel Protocol Version 3.
The only frame format supported for L2TPv3 interworking on Engine 5 Ethernet SPAs is Ethernet Version 2 (also known as Ethernet II) with the Ether type 0x0800 value set as Internet Protocol Payload and (optionally) 802.1q VLAN. Ethernet packets with other Ethernet frame formats are dropped.
Remote Ethernet Port Shutdown Support
The Cisco Remote Ethernet Port Shutdown feature (which minimizes potential data loss after a remote link failure) is supported only on the following Engine 5 Ethernet SPAs:
SPA-8XFE (8-port Fast Ethernet)
SPA-2X1GE (2-port Gigabit Ethernet)
SPA-5X1GE (5-port Gigabit Ethernet)
SPA-10X1GE (10-port Gigabit Ethernet)
SPA-1X10GE (1-port 10-Gigabit Ethernet)
For more information about this feature, refer to Any Transport over MPLS (AToM): Remote Ethernet Port Shutdown.
L2VPN Any-to-Any Interworking on Engine 5 Line Cards
The table below shows the different combinations of transport types supported for L2VPN interworking on Engine 3 and Engine 5 SPA interfaces connected through an attachment circuit over MPLS or L2TPv3.
Table 3
Engine 3 and Engine 5 Line Cards/SPAs Supported for L2VPN Interworking
Attachment Circuit 1 (AC1)
Attachment Circuit 2 (AC2)
Interworking Mode
AC1 Engine Type and Line Card/SPA
AC2 Engine Type and Line Card/SPA
Frame Relay
Frame Relay
IP
Engine 5 POS and channelized
Engine 3 ATM line cards
Frame Relay
ATM
Ethernet
Engine 5 POS and channelized
Engine 3 ATM line cards
Frame Relay
ATM
IP
Engine 5 POS and channelized
Engine 3 ATM line cards
Frame Relay
Ethernet
Ethernet
Engine 5 POS and channelized
Engine 5 Gigabit Ethernet
Frame Relay
Ethernet
IP
Engine 5 POS and channelized
Engine 5 Gigabit Ethernet
Frame Relay
VLAN
Ethernet
Engine 5 POS and channelized
Engine 5 Gigabit Ethernet
Frame Relay
VLAN
IP
Engine 5 POS and channelized
Engine 5 Gigabit Ethernet
Ethernet
Ethernet
Ethernet
Engine 5 Gigabit Ethernet
Engine 5 Gigabit Ethernet
Ethernet
Ethernet
IP
Engine 5 Gigabit Ethernet
Engine 5 Gigabit Ethernet
Ethernet
VLAN
Ethernet
Engine 5 Gigabit Ethernet
Engine 5 Gigabit Ethernet
Ethernet
VLAN
IP
Engine 5 Gigabit Ethernet
Engine 5 Gigabit Ethernet
ATM
Ethernet
Ethernet
Engine 3 ATM line cards
Engine 5 Gigabit Ethernet
ATM
Ethernet
IP
Engine 3 ATM line cards
Engine 5 Gigabit Ethernet
On the Cisco 12000 series Engine 3 line card, Network Layer Protocol ID (NLPID) encapsulation is not supported in routed mode; and neither NLPID nor AAL5MUX is supported in bridged mode.
On the Cisco 12000 series Internet router, Ethernet (bridged) interworking is not supported for L2TPv3.
In an L2VPN Interworking configuration, after you configure L2TPv3 tunnel encapsulation for a pseudowire using the
encapsulationl2tpv3command, you cannot enter the
interworkingethernet command.
On Ethernet SPAs on the Cisco 12000 series Internet router, the only frame format supported for L2TPv3 interworking is Ethernet Version 2 (also known as Ethernet II) with the Ether type 0x0800 value set as Internet Protocol Payload and [optionally] 802.1q VLAN.
Ethernet packets with other Ethernet frame formats are dropped.
ATM AAL5 Interworking Restrictions
The following restrictions apply to ATM AAL5 Interworking:
Switched virtual circuits (SVCs) are not supported.
Inverse Address Resolution Protocol (ARP) is not supported with IP interworking.
Customer edge (CE) routers must use point-to-point subinterfaces or static maps.
Both AAL5MUX and AAL5SNAP encapsulation are supported. In the case of AAL5MUX, no translation is needed.
In the Ethernet end-to-end over ATM scenario, the following translations are supported:
Ethernet without LAN frame check sequence (FCS) (AAAA030080C200070000)
Spanning tree (AAAA030080c2000E)
Everything else is dropped.
In the IP over ATM scenario, the IPv4 (AAAA030000000800) translation is supported. Everything else is dropped.
Operation, Administration, and Management (OAM) emulation for L2VPN Interworking is the same as like-to-like. The end-to-end F5 loopback cells are looped back on the PE router. When the pseudowire is down, an F5 end-to-end segment Alarm Indication Signal (AIS)/Remote Defect Identification (RDI) is sent from the PE router to the CE router.
Interim Local Management Interface (ILMI) can manage virtual circuits (VCs) and permanent virtual circuits (PVCs).
To enable ILMI management, configure ILMI PVC 0/16 on the PE router's ATM interface. If a PVC is provisioned or deleted, an ilmiVCCChange trap is sent to the CE router.
Only the user side of the User-Network Interface (UNI) is supported; the network side of the UNI is not supported.
Ethernet VLAN Interworking Restrictions
The following restrictions apply to Ethernet/VLAN interworking:
When you configure VLAN to Ethernet interworking, VLAN to Frame Relay (routed), or ATM using Ethernet (bridged) interworking, the PE router on the Ethernet side that receives a VLAN tagged frame from the CE router removes the VLAN tag. In the reverse direction, the PE router adds the VLAN tag to the frame before sending the frame to the CE router.
(If you enable the L2VPN Interworking: VLAN Enable/Disable Option for AToM feature with theinterworkingvlan command, VLAN ID is included as part of the Ethernet frame. See the
VLAN Interworking for more information. )
In bridged interworking from VLAN to Frame Relay, the Frame Relay PE router does not strip off VLAN tags from the Ethernet traffic it receives.
The Cisco 10720 Internet router supports Ethernet to VLAN Interworking Ethernet only over L2TPv3.
Ethernet interworking for a raw Ethernet port or a VLAN trunk is not supported. Traffic streams are not kept separate when traffic is sent between transport types.
In routed mode, only one CE router can be attached to an Ethernet PE router.
There must be a one-to-one relationship between an attachment circuit and the pseudowire. Point-to-multipoint or multipoint-to-point configurations are not supported.
Configure routing protocols for point-to-point operation on the CE routers when configuring an Ethernet to non-Ethernet setup.
In the IP interworking mode, the IPv4 (0800) translation is supported. The PE router captures ARP (0806) packets and responds with its own MAC address (proxy ARP). Everything else is dropped.
The Ethernet or VLAN must contain only two IP devices: PE router and CE router. The PE router performs proxy ARP and responds to all ARP requests it receives. Therefore, only one CE and one PE router should be on the Ethernet or VLAN segment.
If the CE routers are doing static routing, you can perform the following tasks:
The PE router needs to learn the MAC address of the CE router to correctly forward traffic to it. The Ethernet PE router sends an Internet Control Message Protocol (ICMP) Router discovery protocol (RDP) solicitation message with the source IP address as zero. The Ethernet CE router responds to this solicitation message. To configure the Cisco CE router's Ethernet or VLAN interface to respond to the ICMP RDP solicitation message, issue theipirdpcommand in interface configuration mode. If you do not configure the CE router, traffic is dropped until the CE router sends traffic toward the PE router.
To disable the CE routers from running the router discovery protocol, issue the
ipirdpmaxadvertinterval0 command in interface mode.
This restriction applies if you configure interworking between Ethernet and VLAN with Catalyst switches as the CE routers. The spanning tree protocol is supported for Ethernet interworking. Ethernet interworking between an Ethernet port and a VLAN supports spanning tree protocol only on VLAN 1. Configure VLAN 1 as a nonnative VLAN.
When you change the interworking configuration on an Ethernet PE router, clear the ARP entry on the adjacent CE router so that it can learn the new MAC address. Otherwise, you might experience traffic drops.
Restrictions
The following restrictions apply to the L2VPN Interworking: VLAN Enable/Disable Option for AToM feature, which allows the VLAN ID to be included as part of the Ethernet frame:
The L2VPN Interworking: VLAN Enable/Disable Option for AToM feature is supported on the following releases:
Cisco IOS release 12.2(52)SE for the Cisco Catalyst 3750 Metro switches
Cisco IOS Release 12.2(33)SRE for the Cisco 7600 series routers
L2VPN Interworking: VLAN Enable/Disable Option for AToM is not supported with L2TPv3. You can configure the featue only with AToM.
If the interface on the PE router is a VLAN interface, it is not necessary to specify the
interworkingvlan command on that PE router.
The L2VPN Interworking: VLAN Enable/Disable Option for AToM feature works only with the following attachment circuit combinations:
Ethernet to Ethernet
Ethernet to VLAN
VLAN to VLAN
If you specify an interworking type on a PE router, that interworking type must be enforced. The interworking type must match on both PE routers. Otherwise, the VC may be in an incompatible state and remain in the down state. If the attachment circuit (AC) is VLAN, the PE router can negotiate (autosense) the VC type using Label Distribution Protocol (LDP).
For example, both PE1 and PE2 use Ethernet interfaces, and VLAN interworking is specified on PE1 only. PE2 is not configured with an interworking type and cannot autosense the interworking type. The result is an incompatible state where the VC remains in the down state.
On the other hand, if PE1 uses an Ethernet interface and VLAN interworking is enabled (which will enforce VLAN as the VC type), and PE2 uses a VLAN interface and interworking is not enabled (which causes PE2 to use Ethernet as its default VC type), PE2 can autosense and negotiate the interworking type and select VLAN as the VC type.
The table below summarizes shows the AC types, interworking options, and VC types after negotiation.
Table 4
Negotiating Ethernet and VLAN Interworking Types
PE1 AC Type
Interworking Option
PE2 AC Type
Interworking Option
VC Type after Negotiation
Ethernet
none
Ethernet
none
Ethernet
Vlan
none
Ethernet
none
Ethernet
Ethernet
none
Vlan
none
Ethernet
Vlan
none
Vlan
none
Ethernet
Ethernet
Vlan
Ethernet
none
Incompatible
Vlan
Vlan
Ethernet
none
Incompatible
Ethernet
Vlan
Vlan
none
Vlan
Vlan
Vlan
Vlan
none
Vlan
Ethernet
none
Ethernet
Vlan
Incompatible
Vlan
none
Ethernet
Vlan
Vlan
Ethernet
none
Vlan
Vlan
Incompatible
Vlan
none
Vlan
Vlan
Vlan
Ethernet
Vlan
Ethernet
Vlan
Vlan
Vlan
Vlan
Ethernet
Vlan
Vlan
Ethernet
Vlan
Vlan
Vlan
Vlan
Vlan
Vlan
Vlan
Vlan
Vlan
Frame Relay Interworking Restrictions
The following restrictions apply to Frame Relay interworking:
The attachment circuit maximum transmission unit (MTU) sizes must match when you connect them over MPLS. By default, the MTU size associated with a Frame Relay DLCI is the interface MTU. This may cause problems, for example, when connecting some DLCIs on a PoS interface (with a default MTU of 4470 bytes) to Ethernet or VLAN (with a default MTU of 1500 bytes) and other DLCIs on the same PoS interface to ATM (with a default MTU of 4470 bytes). To avoid reducing all the interface MTUs to the lowest common denominator (1500 bytes in this case), you can specify the MTU for individual DLCIs using the mtu command.
Only DLCI mode is supported. Port mode is not supported.
Configure Frame Relay switching to use DCE or Network-to-Network Interface (NNI). DTE mode does not report status in the Local Management Interface (LMI) process. If a Frame Relay over MPLS circuit goes down and the PE router is in DTE mode, the CE router is never informed of the disabled circuit. You must configure the frame-relayswitching command in global configuration mode in order to configure DCE or NNI.
Frame Relay policing is non-distributed on the Cisco 7500 series routers. If you enable Frame Relay policing, traffic is sent to the route switch processor for processing.
Inverse ARP is not supported with IP interworking. CE routers must use point-to-point subinterfaces or static maps.
The PE router automatically supports translation of both the Cisco encapsulations and the
Internet Engineering Task Force (IETF) encapsulations that come from the CE, but translates only to IETF when sending to the CE router. This is not a problem for the Cisco CE router, because it can handle IETF encapsulation on receipt even if it is configured to send Cisco encapsulation.
With Ethernet interworking, the following translations are supported:
Ethernet without LAN FCS (0300800080C20007 or 6558)
Spanning tree (0300800080C2000E or 4242)
All other translations are dropped.
With IP interworking, the IPv4 (03CC or 0800) translation is supported. All other translations are dropped.
PVC status signaling works the same way as in like-to-like case. The PE router reports the PVC status to the CE router, based on the availability of the pseudowire. PVC status detected by the PE router will also be reflected into the pseudowire. LMI to OAM interworking is supported when you connect Frame Relay to ATM.
PPP Interworking Restrictions
The following restrictions apply to PPP interworking:
There must be a one-to-one relationship between a PPP session and the pseudowire. Multiplexing of multiple PPP sessions over the pseudowire is not supported.
There must be a one-to-one relationship between a PPP session and a Frame Relay DLCI. Each Frame Relay PVC must have only one PPP session.
Only IP (IPv4 (0021) interworking is supported. Link Control Protocol (LCP) packets and Internet Protocol Control Protocol (IPCP) packets are terminated at the PE router. Everything else is dropped.
Proxy IPCP is automatically enabled on the PE router when IP interworking is configured on the pseudowire.
By default, the PE router assumes that the CE router knows the remote CE router's IP address.
Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP) authentication are supported.
Layer 2 transport over MPLS and IP already exists for like-to-like attachment circuits, such as Ethernet-to-Ethernet or PPP-to-PPP. L2VPN Interworking builds on this functionality by allowing disparate attachment circuits to be connected. An interworking function facilitates the translation between the different Layer 2 encapsulations. The figure below is an example of Layer 2 interworking, where ATM and Frame Relay packets travel over the MPLS cloud.
Figure 1
ATM to Frame Relay Interworking Example
The L2VPN Interworking feature supports Ethernet, 802.1Q (VLAN), Frame Relay, ATM AAL5, and PPP attachment circuits over MPLS and L2TPv3. The features and restrictions for like-to-like functionality also apply to L2VPN Interworking.
L2VPN Interworking Modes
L2VPN Interworking works in either Ethernet ("bridged") mode, IP ("routed"), or Ethernet VLAN mode. You specify the mode by issuing the interworking {ethernet | ip|vlan} command in pseudowire-class configuration mode.
The ethernet keyword causes Ethernet frames to be extracted from the attachment circuit and sent over the pseudowire. Ethernet end-to-end transmission is assumed. Attachment circuit frames that are not Ethernet are dropped. In the case of VLAN, the VLAN tag is removed, leaving an untagged Ethernet frame.
Ethernet Interworking is also called bridged interworking. Ethernet frames are bridged across the pseudowire. The CE routers could be natively bridging Ethernet or could be routing using a bridged encapsulation model, such as Bridge Virtual Interface (BVI) or RBE. The PE routers operate in Ethernet like-to-like mode.
This mode is used to offer the following services:
LAN services--An example is an enterprise that has several sites, where some sites have Ethernet connectivity to the service provider (SP) network and others have ATM connectivity. The enterprise wants LAN connectivity to all its sites. In this case, traffic from the Ethernet or VLAN of one site can be sent through the IP/MPLS network and encapsulated as bridged traffic over an ATM VC of another site.
Connectivity services--An example is an enterprise that has different sites that are running an Internal Gateway Protocol (IGP) routing protocol, which has incompatible procedures on broadcast and nonbroadcast links. The enterprise has several sites that are running an IGP, such as Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS), between the sites. In this scenario, some of the procedures (such as route advertisement or designated router) depend on the underlying Layer 2 protocol and are different for a point-to-point ATM connection versus a broadcast Ethernet connection. Therefore, the bridged encapsulation over ATM can be used to achieve homogenous Ethernet connectivity between the CE routers running the IGP.
IP (Routed) Interworking
The ip keyword causes IP packets to be extracted from the attachment circuit and sent over the pseudowire. Attachment circuit frames that do not contain IPv4 packets are dropped.
IP Interworking is also called routed interworking. The CE routers encapsulate IP on the link between the CE and PE routers. A new VC type is used to signal the IP pseudowire in MPLS and L2TPv3. Translation between the Layer 2 and IP encapsulations across the pseudowire is required. Special consideration needs to be given to address resolution and routing protocol operation, because these are handled differently on different Layer 2 encapsulations.
This mode is used to provide IP connectivity between sites, regardless of the Layer 2 connectivity to these sites. It is different from a Layer 3 VPN because it is point-to-point in nature and the service provider does not maintain any customer routing information.
Address resolution is encapsulation dependent:
Ethernet uses ARP
Frame Relay and ATM use Inverse ARP
PPP uses IPCP
Therefore, address resolution must be terminated on the PE router. End-to-end address resolution is not supported. Routing protocols operate differently over broadcast and point-to-point media. For Ethernet, the CE routers must either use static routing or configure the routing protocols to treat the Ethernet side as a point-to-point network.
VLAN Interworking
Thevlan keyword allows the VLAN ID to be included as part of the Ethernet frame. In Cisco IOS Release 12.2(52)SE, you can configure Catalyst 3750 Metro switches to use Ethernet VLAN for Ethernet (bridged) interworking. You can specify the Ethernet VLAN (type 4) by issuing the interworkingvlan command in pseudowire-class configuration mode. This allows the VLAN ID to be included as part of the Ethernet frame. In releases previous to Cisco IOS Release 12.2(52)SE, the only way to achieve VLAN encapsulation is to ensure the CE router is connected to the PE router through an Ethernet VLAN interface/subinterface.
L2VPN Interworking Support Matrix
The supported L2VPN Interworking features are listed in the table below.
L2VPN Interworking: VLAN Enable/Disable Option for AToM
MPLS
Ethernet VLAN
Frame Relay to ATM AAL5
MPLS L2TPv3 (12000 series only)
IP
Frame Relay to Ethernet or VLAN
MPLS L2TPv3
IP Ethernet
Frame Relay to PPP
MPLS L2TPv3
IP
Note: On the Cisco 12000 series Internet router:
Ethernet (bridged) interworking is not supported for L2TPv3.
IP (routed) interworking is not supported in an L2TPv3 pseudowire configured for data sequencing (using the
sequencing command).
1 With the L2VPN Interworking: VLAN Enable/Disable Option for AToM feature, VLAN interworking can also be supported. For more information, see the "VLAN Interworking" section on page 14 .
Static IP Addresses for L2VPN Interworking for PPP
If the PE router needs to perform address resolution with the local CE router for PPP, you can configure the remote CE router's IP address on the PE router. Issue the pppipcpaddressproxy command with the remote CE router's IP address on the PE router's xconnect PPP interface. The following example shows a sample configuration:
You can also configure the remote CE router's IP address on the local CE router with thepeerdefaultipaddress command if the local CE router performs address resolution.
L2VPN Interworking allows you to connect disparate attachment circuits. Configuring the L2VPN Interworking feature requires that you add the
interworking command to the list of commands that make up the pseudowire. The steps for configuring the pseudowire for L2VPN Interworking are included in this section. You use the
interworkingcommand as part of the overall AToM or L2TPv3 configuration. For specific instructions on configuring AToM or L2TPv3, see the following documents:
Layer 2 Tunnel Protocol Version 3
Any Transport over MPLS
SUMMARY STEPS
1.enable
2.configureterminal
3.hw-moduleslotslot-numbernpmodefeature
4.pseudowire-classname
5.encapsulation {mpls |
l2tpv3}
6.interworking{ethernet|
ip} |
vlan}
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
hw-moduleslotslot-numbernpmodefeature
Example:
Router(config)# hw-module slot 3 np mode feature
(Optional) Enables L2VPN Interworking functionality on the Cisco 12000 series router.
Note
Enter this command only on a Cisco 12000 series Internet router if you use L2TPv3 for L2VPN Interworking on an ISE (Engine 3) or Engine 5 interface. In this case, you must first enable the L2VPN feature bundle on the line card by entering thehw-moduleslotslot-numbernpmodefeature command.
Step 4
pseudowire-classname
Example:
Router(config)# pseudowire-class class1
Establishes a pseudowire class with a name that you specify and enters pseudowire class configuration mode.
Step 5
encapsulation {mpls |
l2tpv3}
Example:
Router(config-pw)# encapsulation mpls
Specifies the tunneling encapsulation, which is either
mpls or
l2tpv3.
Step 6
interworking{ethernet|
ip} |
vlan}
Example:
Router(config-pw)# interworking ip
Specifies the type of pseudowire and the type of traffic that can flow across it.
Note
On the Cisco 12000 series Internet router, Ethernet (bridged) interworking is not supported for L2TPv3. After you configure the L2TPv3 tunnel encapsulation for the pseudowire using the
encapsulationl2tpv3command, you cannot enter the
interworkingethernet command.
Verifying the L2VPN Interworking Configuration
To verify the L2VPN Interworking configuration, you can use the
following commands.
SUMMARY STEPS
1.enable
2.showl2tunsessionall(L2TPv3only)
3.showarp
4.ping
5.showl2tunsessioninterworking(L2TPv3only)
6.showmplsl2transportvcdetail(AToMonly)
DETAILED STEPS
Step 1
enable
Enables privileged EXEC mode. Enter your password if prompted.
Step 2
showl2tunsessionall(L2TPv3only)
For L2TPv3, you can verify the L2VPN Interworking configuration
using the
showl2tunsessionall command on the PE routers.
In the following example, the interworking type is shown in bold.
PE1
PE2
Router# showl2tunsessionall
Session Information Total tunnels 1 sessions 1
Session id 15736 is up, tunnel id 35411
Call serial number is 4035100045
Remote tunnel name is PE2
Internet address is 10.9.9.9
Session is L2TP signalled
Session state is established, time since change 1d22h
16 Packets sent, 16 received
1518 Bytes sent, 1230 received
Receive packets dropped:
out-of-order: 0
total: 0
Send packets dropped:
exceeded session MTU: 0
total: 0
Session vcid is 123
Session Layer 2 circuit, type is Ethernet, name is FastEthernet1/1/0
Circuit state is UP
Remote session id is 26570, remote tunnel id 46882
DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
No session cookie information available
FS cached header information:
encap size = 24 bytes
00000000 00000000 00000000 00000000
00000000 00000000
Sequencing is off
Router# showl2tunsessionall
Session Information Total tunnels 1 sessions 1
Session id 26570 is up, tunnel id 46882
Call serial number is 4035100045
Remote tunnel name is PE1
Internet address is 10.8.8.8
Session is L2TP signalled
Session state is established, time since change 1d22h
16 Packets sent, 16 received
1230 Bytes sent, 1230 received
Receive packets dropped:
out-of-order: 0
total: 0
Send packets dropped:
exceeded session MTU: 0
total: 0
Session vcid is 123
Session Layer 2 circuit, type is Ethernet Vlan, name is FastEthernet2/0.1:10
Circuit state is UP, interworkingtypeisEthernet
Remote session id is 15736, remote tunnel id 35411
DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
No session cookie information available
FS cached header information:
encap size = 24 bytes
00000000 00000000 00000000 00000000
00000000 00000000
Sequencing is off
Step 3
showarp
You can issue the
showarp command between the CE routers to ensure
that data is being sent:
Example:
Router# show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.5 134 0005.0032.0854 ARPA FastEthernet0/0
Internet 10.1.1.7 - 0005.0032.0000 ARPA FastEthernet0/0
Step 4
ping
You can issue the
ping command between the CE routers to
ensure that data is being sent:
Example:
Router# ping 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Step 5
showl2tunsessioninterworking(L2TPv3only)
For L2TPv3, you can verify that the interworking type is
correctly set using the
showl2tunsessioninterworking command. Enter the command on the
PE routers that are performing the interworking translation.
In Example 1, the PE router performs the raw Ethernet
translation. The command output displays the interworking type with a dash (-).
In Example 2, the PE router performs the Ethernet VLAN
translation. The command output displays the interworking type as ETH.
Command Output for Raw Ethernet Translation
Example:
Router# show l2tun session interworking
Session Information Total tunnels 1 sessions 1
LocID TunID Peer-address Type IWrk Username, Intf/Vcid, Circuit
15736 35411 10.9.9.9 ETH - 123, Fa1/1/0
Command Output for Ethernet VLAN Translation
Example:
Router# show l2tun session interworking
Session Information Total tunnels 1 sessions 1
LocID TunID Peer-address Type IWrk Username, Intf/Vcid, Circuit
26570 46882 10.8.8.8 VLAN ETH 123, Fa2/0.1:10
Step 6
showmplsl2transportvcdetail(AToMonly)
You can verify the AToM configuration by using the
showmplsl2transportvcdetail command. In the following example, the
interworking type is shown in bold.
PE1
PE2
Router# showmplsl2transportvcdetail
Local interface: Fa1/1/0 up, line protocol up, Ethernet up
Destination address: 10.9.9.9, VC ID: 123, VC status: up
Create time: 00:00:26, last status change time: 00:00:06
Signaling protocol: LDP, peer 10.8.8.8:0 up
MPLS VC labels: local 20, remote 16
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 5, send 0
byte totals: receive 340, send 0
packet drops: receive 0, send 0
Configuring L2VPN Interworking: VLAN Enable-Disable Option for AToM
You can specify the Ethernet VLAN (type 4) by issuing the
interworkingvlan command in pseudowire-class configuration mode. This allows the VLAN ID to be included as part of the Ethernet frame. In releases previous to Cisco IOS Release 12.2(52)SE and Cisco IOS Release 12.2(33)SRE, the only way to achieve VLAN encapsulation is to ensure the CE router is connected to the PE router through an Ethernet link.
Before You Begin
For complete instructions on configuring AToM, see "Any Transport over MPLS".
When the pseudowire on an interface is different from the VC type, the interworking type is displayed in the
showmplsl2transportvcdetail command output. In the following example, the pseudowire is configured on an Ethernet port and VLAN interworking is configured in the pseudowire class. The relevant output is shown in bold:
PE1# show mpls l2 vc 34 detail
Local interface: Et0/1 up, line protocol up, Ethernet up
MPLS VC type is Ethernet, interworking type is Eth VLAN
Destination address: 10.1.1.2, VC ID: 34, VC status: down
Output interface: if-?(0), imposed label stack {}
Preferred path: not configured
Default path: no route
No adjacency
Create time: 00:00:13, last status change time: 00:00:13
Signaling protocol: LDP, peer unknown
Targeted Hello: 10.1.1.1(LDP Id) -> 10.1.1.2
Status TLV support (local/remote) : enabled/None (no remote binding)
LDP route watch : enabled
Label/status state machine : local standby, AC-ready, LnuRnd
Last local dataplane status rcvd: No fault
Last local SSS circuit status rcvd: No fault
Last local SSS circuit status sent: Not sent
Last local LDP TLV status sent: None
Last remote LDP TLV status rcvd: None (no remote binding)
Last remote LDP ADJ status rcvd: None (no remote binding)
MPLS VC labels: local 2003, remote unassigned
Group ID: local 0, remote unknown
MTU: local 1500, remote unknown
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 0, send 0
byte totals: receive 0, send 0
packet drops: receive 0, seq error 0, send 0
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
--
Technical Assistance
Description
Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
This feature allows disparate attachment circuits to be connected. An interworking function facilitates the translation between the different Layer 2 encapsulations.
This feature was introduced in Cisco IOS Release 12.0(26)S.
In Cisco IOS Release 12.0(30)S, support was added for Cisco 12000 series Internet routers.
In Cisco IOS Release 12.0(32)S, support was added on Engine 5 line cards (SIP-401, SIP-501, SIP-600, and SIP-601) in Cisco 12000 series routers for the following four transport types:
Ethernet/VLAN to Frame Relay Interworking
Ethernet/VLAN to ATM AAL5 Interworking
Ethernet to VLAN Interworking
Frame Relay to ATM AAL5 Interworking
On the Cisco 12000 series Internet router, support was added for IP Services Engine (ISE) and Engine 5 line cards that are configured for L2TPv3 tunneling.
In Cisco IOS Release 12.2(33)SRA, support was added for the Cisco 7600 series routers.
In Cisco IOS Release 12.4(11)T, support was added for the following transport types:
Ethernet to VLAN Interworking
Ethernet/VLAN to Frame Relay Interworking
This feature was integrated into Cisco IOS Release 12.2(33)SXH.
In Cisco IOS Release 12.2(33)SRD, support for routed and bridged interworking on SIP-400 was added for the Cisco 7600 series routers.
In Cisco IOS Release 12.2(52)SE, the L2VPN Internetworking: VLAN Enable/Disable option for AToM feature was added for the Cisco 3750 Metro switch.
In Cisco IOS Release 12.2(33)SRE, the L2VPN Internetworking: VLAN Enable/Disable option for AToM feature was added for the Cisco 7600 series router.
The following commands were introduced or modified:
interworking
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
1 With the L2VPN Interworking: VLAN Enable/Disable Option for AToM feature, VLAN interworking can also be supported. For more information, see the "VLAN Interworking" section on page 14 .