vrf-lite for ethernet routing switch 8600 / 8800 technical
Post on 07-Jan-2022
15 Views
Preview:
TRANSCRIPT
VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical Configuration Guide
Avaya Data Solutions Document Date: April 2011 Document Number: NN48500-570 Document Version: 2.0
Ethernet Routing Switch
8600 / 8800
Engineering
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 2 April 2011
avaya.com
© 2010 Avaya Inc. All Rights Reserved.
Notices While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.
Documentation disclaimer Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of this documentation unless such modifications, additions, or deletions were performed by Avaya. End User agree to indemnify and hold harmless Avaya, Avaya‟s agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation, to the extent made by End User.
Link disclaimer Avaya is not responsible for the contents or reliability of any linked Web sites referenced within this site or documentation(s) provided by Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages.
Warranty Avaya provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya‟s standard warranty language, as well as information regarding support for this product, while under warranty, is available to Avaya customers and other parties through the Avaya Support Web site: http://www.avaya.com/support Please note that if you acquired the product from an authorized reseller, the warranty is provided to you by said reseller and not by Avaya.
Licenses THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN AVAYA AUTHORIZED RESELLER, AND AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS "YOU" AND "END USER"), AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE ("AVAYA").
Copyright Except where expressly stated otherwise, no use should be made of the Documentation(s) and Product(s) provided by Avaya. All content in this documentation(s) and the product(s) provided by Avaya including the selection, arrangement and design of the content is owned either by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in whole or in part, including any code and software. Unauthorized reproduction, transmission, dissemination, storage, and or use without the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law.
Third Party Components Certain software programs or portions thereof included in the Product may contain software distributed under third party agreements ("Third Party Components"), which may contain terms that expand or limit rights to use certain portions of the Product ("Third Party Terms"). Information regarding distributed Linux OS source code (for those Products that have distributed the Linux OS source code), and identifying the copyright holders of the Third Party Components and the Third Party Terms that apply to them is available on the Avaya Support Web site: http://support.avaya.com/Copyright.
Trademarks The trademarks, logos and service marks ("Marks") displayed in this site, the documentation(s) and product(s) provided by Avaya are the registered or unregistered Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the documentation(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-Avaya trademarks are the property of their respective owners.
Downloading documents For the most current versions of documentation, see the Avaya Support. Web site: http://www.avaya.com/support
Contact Avaya Support Avaya provides a telephone number for you to use to report problems or to ask questions about your product. The support telephone number is 1-800-242-2121 in the United States. For additional support telephone numbers, see the Avaya Web site: http://www.avaya.com/support
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 3 April 2011
avaya.com
Abstract
This Technical Configuration Guide provides a brief summary for the configuration of VRF-Lite for the Avaya Ethernet Routing Switch 8600/8800.
Acronym Key
AS : Autonomous System
EDM : Enterprise Device Manager
GRT : Global Route Table
IPVPN : IP Virtual Private Network
IST : Inter Switch Trunk (Avaya SMLT Clustering)
JDM : Java Device Manager
LACP : Link Aggregation Control Protocol
LLDP : Link Layer Discovery Protocol; IEEE 802.1AB
LSDB : Link State Data Base
MAC : Media Access Control
MLT : Multi Link Trunk
MPLS : Multiprotocol Label Switching
MVR : Multicast VLAN Registration
PIM : Protocol Independent Multicast
PIM-SM : Protocol Independent Multicast – Sparse Mode
PIM-SSM : Protocol Independent Multicast – Source Specfic Multicast
SNMP : Simple Network Management Protocol
SMLT : Split MLT (Avaya Clustering)
SPB : Shortest Path Bridging
SPBM : Shortest Path Bridging MAC
VID : VLAN identifier
VLACP : Virtual LACP
VLAN : Virtual LAN
VPN : Virtual Private Network
VRF : Virtual Routing and Forwarding
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 4 April 2011
avaya.com
Revision Control
No Date Version Revised by Remarks
1 1/23/2008 1.0 JVE Initial release
2 7/4/2008 1.1 JVE Updates
3 4/28/2011 2.0 PRMGT Updates
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 5 April 2011
avaya.com
Table of Contents
Figures ......................................................................................................................................................... 6
Document Updates ..................................................................................................................................... 7
Conventions ................................................................................................................................................ 7
1. Overview: VRF-Lite ............................................................................................................................. 8
2. Base Scenario: .................................................................................................................................. 16
2.1 Assumptions: ............................................................................................................................... 16
2.2 VRF-Lite Configuration ................................................................................................................ 16
2.3 Basic VRF-Lite Configuration Steps ........................................................................................... 17
3. VRF-Lite Configuration Example ..................................................................................................... 27
3.1 Configuration – Adding VRF Instance ......................................................................................... 28
3.2 Verification ................................................................................................................................... 40
4. Routing between VRF’s .................................................................................................................... 47
4.1 Configuration – Leaking Routes between VRF Instances .......................................................... 47
5. Software Baseline: ............................................................................................................................ 52
6. Reference Documentation: .............................................................................................................. 52
7. Customer service .............................................................................................................................. 53
7.1 Getting technical documentation ................................................................................................. 53
7.2 Getting product training ............................................................................................................... 53
7.3 Getting help from a distributor or reseller .................................................................................... 53
7.4 Getting technical support from the Avaya Web site .................................................................... 53
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 6 April 2011
avaya.com
Figures
Figure 1: VRF-Lite Overview ......................................................................................................................... 8
Figure 2: IP-VPN VRF between Switches ................................................................................................... 11
Figure 3: VRRP and VRF in SMLT topology ............................................................................................... 11
Figure 4: Router Redundacy for multiple routing instances (RSMLT) ........................................................ 12
Figure 5: MPLS IP-VPN PE Combined with IP-VRF .................................................................................. 12
Figure 6: IP-VPN VRF-Lite Interactions ...................................................................................................... 13
Figure 7: SPBM L3 VSN ............................................................................................................................. 13
Figure 8: Internal Multicast Virtualization for VRF-Lite ............................................................................... 14
Figure 9: MVR for VRF-Lite......................................................................................................................... 15
Figure 10: VF-Lite Configuration Example .................................................................................................. 27
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 7 April 2011
avaya.com
Document Updates
April 2011
Conventions
This section describes the text, image, and command conventions used in this document.
Symbols
Tip – Highlights a configuration or technical tip.
Note – Highlights important information to the reader.
Warning – Highlights important information about an action that may result in equipment damage, configuration or data loss.
Text
Bold text indicates emphasis.
Italic text in a Courier New font indicates text the user must enter or select in a menu item, button or command:
ERS8600:5# show config
Output examples from Avaya devices are displayed in a Lucida Console font:
ERS8600:5# show config
Preparing to Display Configuration...
#
# WED JAN 23 12:15:28 2008 UTC
# box type : ERS-8006
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 8 April 2011
avaya.com
1. Overview: VRF-Lite
Figure 1: VRF-Lite Overview
VRF-light provides multiple independent IPv4 routing and forwarding instances within the Ethernet Routing Switch 8600/8800. In addition to the global routing table (VRF0), up to 255 virtual route forwarding (VRF) instances are supported.
Each VRF-Lite instance supports the following features:
256 VPNs for each system
VRF routing protocols (OSPF, RIP, or BGP)
IPv4 only
Filtering support
VRRP, ARP, and DHCP Relay
Overlapping address space
Inter-VRF forwarding policies
SMLT and RSMLT support for VRFs
IEEE 802.3ad and MLT support
SMLT and RSMLT for CE connectivity
ECMP
VRF-based ping and traceroute
Interoperability with RFC2547/4364 layer 3 VPNs
256K total routes per switch; 256K routes in one VRF or spread among all VRF‟s
32K ARP table size shared between global route table and VRF
VLAN01 IP01
IP03
IP02
VLAN03
VLAN02
RIP0 OSPF0 VRF
0
VLAN11 IP11
IP13
IP12
VLAN13
VLAN12 RIP1
OSPF1
VRF1
Global Routing Table / VRF 0
Second Routing Instance / VRF 1
IP04
…
IP04
IPv6 R
Third Routing Instance / VRF 2
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 9 April 2011
avaya.com
Virtualized SNMP Management – restrict access at a VRF-Lite level using either SNMPv1/2 or SNMPv3 – applies to release 5.x
Starting in release 7.0, Enterprise Device Manager (EDM) can be used to configure VRF-Lite
VRF-Lite Multicast Support (software release ≥ 5.1):
PIM-SM, PIM-SSM, IGMPv1,v2,v3 protocols are virtualized and can be configure in non-zero VRF
PIM-SM / PIM-SSM support upto 64 instances
Max number of OSPF and RIP v1/v2 instances have also been increased to 64 in this release.
Virtualized multicast features support on MLT/SMLT/RSMLT related topologies
Partial HA support for virtualized multicast functionalities
The following multicast features are not virtualized: o PIM-DM o IGAP o DVMRP o PGM o PIM-MBR
Virtualization is supported only on R/RS modules and on 8692 CPU card
Multicast Virtualization is available only in „Premier‟ license
Multicast VLAN registration (software release ≥ 7.0)
Multicast VLAN Registration (MVR) allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs
MVR is based upon IGMP Snoop, but these 2 features can work independently of each other
When a multicast data stream is received to MVR vlan, it will be replicated to all receiver vlan associated/bind to MVR vlan
MVR functionality is virtualized, it means each vrf can have its own MVR vlan
Only one vlan can be configured as MVR vlan in a vrf
When a Report/Leave is received, it will be forwarded to mrouter port
IP-VPN‟s can be connected together in several ways across a core network using any of the following methods:
VRF
o Multiple VRF instances are used between ERS 8600/8800 switches as shown in figure 2, 3, and 4 below showing VRF support between switches, VRRP, RSMLT, and SMLT support
o For each VRF, a separate VLAN must be created between ERS 8600/8800 switches o VLAN tagging can be used between
MPLS
o MPLS network is used as a transport for IP-VPN‟s using RFC 4364 as shown in figure 5 below
IP VPN-Lite
o IP VPN-Lite can be used to build IP-VPN‟s across any routed IP core using MP-iBGP for VPN exchange as shown in figure 6 below
o Please refer to Technical Brief titled “Technical Brief for IP VPN-Lite for Ethernet Routing Switch 8600” for more details
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 10 April 2011
avaya.com
SPBM
o SPB L3 VSNs can be used to build IP-VPN‟s across an SPBM core using IPVSN Reachability TLV 184 to distribution IPVSN reachability between IS-IS peers as shown in figure 7 below
o A Backbone Service Instance Identifier (I-SID) is assigned at a Virtual Router (VRF) level
All VRFs that share the same I-SID can participate in the same VSN
o Please refer to Technical Configuration Guide titled “ Shortest Path Bridging (802.1aq) for ERS 8600 / 8800 Technical Configuration Guide” for more details
Multicast
o Multicast virtualization for VRF-Lite is supported and shown in figure 8 below in addition to support for MVR as illustrated in figure 9
Requirement for VRF support include the following:
Software release 5.0 or higher for VRF support
Software release 5.1 or higher for VRF multicast support
Software release 7.0 or higher for MVR support
R or RS Modules
8692SF with Super Mezzaine daughter card or an 8895SF
Premier software license
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 11 April 2011
avaya.com
Figure 2: IP-VPN VRF between Switches
Figure 3: VRRP and VRF in SMLT topology
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 12 April 2011
avaya.com
Figure 4: Router Redundacy for multiple routing instances (RSMLT)
Figure 5: MPLS IP-VPN PE Combined with IP-VRF
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 13 April 2011
avaya.com
Figure 6: IP-VPN VRF-Lite Interactions
Figure 7: SPBM L3 VSN
IP VPN-Lite
RIP/OSPF/Static
VLAN
SMLT/RSMLT/VRRP/ DHCP relay
VLAN
VRF-Lite (CE) VRF-Lite (CE) P L2
VRF1 VRF2 VRF3
VRF1 VRF2 VRF3
VRF1 VRF2 VRF3
VRF1 VRF2 VRF3
SMLT/RSMLT/VRRP/ DHCP relay
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 14 April 2011
avaya.com
Figure 8: Internal Multicast Virtualization for VRF-Lite
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 15 April 2011
avaya.com
Figure 9: MVR for VRF-Lite
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 16 April 2011
avaya.com
2. Base Scenario:
This technical brief covers configuration examples only pertaining to VRF-light for the ERS 8600/8800.
2.1 Assumptions:
It is assumed that general knowledge of routing and SMLT on Avaya switches is understood.
2.2 VRF-Lite Configuration
In the 5.0 software release or latter, the concept of global routing table and virtual routing table(s) is introduced. The global route table (GRT) is also referred to as VRF0 and refers to the main global routing table. For each virtual routing instance, it will be referred to by the instance number you assign to the VRF; for example VRF1 refers to virtual router instance 1. Overall, there is only one global routing table (VRF0) and up to 255 virtual routing tables (VRF1 up to VRF255). The VRF instance can be created using either CLI, SNMP (5.x), or EDM (≥7.0).
For each VRF-Lite instance that you create, you will need to specify the routing protocol or protocols that you wish to enable for this VRF instance. This can include OSPF, RIP, and/or BGP. As an option, you can also limit the number of routes allowed per VRF instance.
The order of VRF-Lite configuration is as follows:
1. Create VRF instance(s) 2. Enable IGP routing protocol you wish to enable per VRF, i.e. enable OSPF, RIP, and/or BGP per
VRF instance 3. As an option, configure the number of routes allowed for each VRF 4. Create the VRF VLAN(s) and add port members 5. If using JDM
a. At this stage, only if using Java Device Manager (JDM) for software release 5.x, you must select the VRF instance to further configure the VRF if you are a JDM Super User.
b. If you are a JDM VRF user, you must logon to the switch with the appropriate credentials (community string if SNMPv1/2 or USM user if SNMPv3).
c. Please see section titled JDM : VRF-Lite SNMP Access for ERS 8600 software release 5.x below for more details.
6. If using EDM, a. If using software release 7.0, you can select the VRF context at the EDM login screen b. If using software level 7.1 or higher, after loggin in via the global user credentials, you
can select the VRF context available via the left navigation plane VRF Context view c. Please see section titled EDM: VRF-Lite http Access for ERS 8800 software release 7.x
for more details 7. Add IP address and routing protocol(s) at a VLAN level for each VRF instance. 8. Add optional route policies if required. You can also use route policies if you wish to leak routes
between VRF instances or to the global route table.
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 17 April 2011
avaya.com
2.3 Basic VRF-Lite Configuration Steps
The following are the steps used to configure a VRF instance, adding an IP address, and enable a routing protocol using CLI, JDM (5.x), and EDM (≥7.0) .
2.3.1 Initial VRF Configuration
2.3.1.1 Logon to the ERS 8600/8800 switch using ether CLI, Java Device Manger (5.x), or EDM (7.0 or higher)
You can use either CLI, JDM, or EDM to configure the ERS 8600/8800 for VRF-Light.
2.3.1.2 Create VRF instances
By default, the maximum routes per VRF instance is set to 10,000 routes
By default, SNMP trap is enabled is the maximum route is reached
CLI Step 1 – Create VRF instance, add maximum routes (optional), and routing protocol
CLI
ERS8000-1:5# config ip vrf <name 1..64> create id <1-255>
ERS8000-1:5# config ip vrf <name 1..64> max-routes <0..250000>
ERS8000-1:5# config ip vrf <name 1..64> <rip|ospf|bgp> create
ERS8000-1:5# config ip vrf <name 1..64> <rip|ospf|bgp> enable
ACLI
ERS8000-1:5(config)# ip vrf <name 0-64> vrfid <1-255>
ERS8000-1:5(config)# ip vrf <name 0-64> max-routes <0..250000>
ERS8000-1:5(config)# router vrf <name 0-64>
ERS8000-1:5(router-vrf)# ip <rip|ospf|bgp>
ERS8000-1:5(router-vrf)# exit
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 18 April 2011
avaya.com
JDM (release 5.x) Step 1 – Create VRF instance. To to IP -> VRF -> Insert and select the routing protocol(s) and maximum routes (optional)
EDM (release ≥ 7.0) Step 1 – Create VRF instance. To to IP -> VRF -> Insert and select the routing protocol(s) and maximum routes (optional)
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 19 April 2011
avaya.com
2.3.1.3 Create VLANs
Create VLAN(s) and add port members
Once you have create the VLAN(s), you can add the VRF instance to the corresponding VLAN
CLI Step 1 – Assign VRF instance to VLAN
CLI
ERS8000-1:5# config vlan <1..4094> vrf <vrf name>
ACLI
ERS8000-1:5(config)# interface vlan <1..4094>
ERS8000-1:5(config-if)# vrf <vrf name>
ERS8000-1:5(config-if)# exit
JDM (release 5.x) Step 1 – Assign VRF instance to VLAN. After you have created the VLAN(s), via VLAN -> VLANs GloblRouter (vrf 0) -> Basic (click on corresponding VLAN id, click on Vrfid and select the VRF ID you wish to use for this VLAN
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 20 April 2011
avaya.com
EDM (release ≥ 7.0) Step 1 – Create VRF instance. After you have created the VLAN(s), via Configuration ->VLAN -> VLANs -> Basic (go to the corresponding VLAN id, click on Vrfid and enter the VRF ID you wish to use for this VLAN
2.3.2 VRF Context – User access to VRF context using SNMP / WEB Browser
Depending of the software release used, you can change the way a user can access VRF context.
In software release 5.x, SNMP is used to access a specific VRF instance or instances.
In software release 7.0, when logging into EDM, in addition to entering a user name and password, you will also have to enter a VRF Name. By default, a VRF name of GlobalRouter is used to access the Global Router view.
In software release 7.1, when logging into EDM the user is only offered the Global Router view. A user can select a specific VRF where a new browser tab will be opened for the selected VRF view. A user can choose to view and manipulate the different VRF view simultaneously.
2.3.2.1 JDM : VRF-Lite SNMP Access for ERS 8600 software release 5.x
As mentioned above, SNMP (release 5.x) can be used to allow 3rd
party or partner access to a specific VRF instance or instances. Please note that only SNMP can be used to visualize management access at a VRF level; CLI access at a VRF level is not supported at this time.
If you wish to enable SNMP at a VRF level, both SMNPv1/2 and SNMPv3 can be used. SNMPv3 access control at a VRF level is accomplished using the USM model. If SNMPv1/2 is used, access is controlled via community strings.
Overall, there are two types of users supported with VRF-light, Super Users and VRF users.
Super User
Has full access to switch using ether JDM or CLI
Has access to global route (GRT) and each VRF instance o The Super User must either select Global Router instance or a specific VRF instance
Configures all VLAN‟s (global and VRF) and assign‟s initial IP address for each VRF via the Global Router instance
The Super User must ether select the Global Router instance or a VRF instance o Cannot select both at the same time
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 21 April 2011
avaya.com
o If a VRF instance is selected, only the VFP specific fields and parameters will be configurable and displayed
o The Super User must select Global Router instance initially to configure the VRF instances, VRF VLAN(s), and routing protocols allowed for each VRF instance
At this stage, either the Super User or a VRF User can be used to continue the VRF configuration
If the Super User wishes to continue the VRF configuration, he/she must first select the VRF instance.
VRF User
Has access only at a VRF level
SMNP access only
VRF access level is configured by the Super User
SNMPv3 support via USM model
SNMPv1/2 support via community string o Default: public::x and private::x where x = 1 to 255 (VRF instance)
Only the Super User can add VLAN‟s, VRF instances
The VRF user can add IP addresses, routing protocols, and other IP parameters pertaining only to the VLANs configured by the Super User.
The VRF user can only view routes, arp, MAC addresses, etc for the VLANs configured by the Super User
2.3.2.1.1 SNMP Global Router and VRF Selection – Super User
Assuming you have already configured the VRF instance(s) and VRF VLAN(s), to select the VRF instance using Java Device Manager (JDM), go to IP -> VRF, select the VRF instance, and then click on Set Current VRF as shown below. From now on, only the fields pertaining to this VRF will be displayed.
ERS8600/8800 – VRF instance selection using Super User
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 22 April 2011
avaya.com
2.3.2.1.2 VRF User
After the Super User has either configured the SNMP community strings (SNMPv1/2) or SNMPv3 VRF USM users, a VRF user can access the VRF instance as shown below. If the SNMPv1/2 community strings have not been configured and only if SNMPv1/2 is enabled, the default community strings of public::x and private::x where x = 1 to 255 can be used.
ERS8600/8800 – VRF instance login using SNMPv1/2
ERS8600/8800 – VRF instance login using SNMPv3
2.3.3 EDM: VRF-Lite http Access for ERS 8800 software release 7.x
2.3.3.1 EDM - Using EDM for software release 7.0
ERS8600/8800 – Via the main EDM login page, after entering the WEB server global user name and password, enter the VRF context name you wish to work on via the VRF Name: window
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 23 April 2011
avaya.com
2.3.3.2 EDM – Using EDM for software release ≥ 7.1
ERS8600/8800 – Go to Configuration -> Set VRF Context view -> select VRF to switch context to -> Launch VRF Context view
ERS8600/8800 – Go to VRF tab
1. Select Set VRF Context view
2. Select the VRF to switch context to Context view
3. Click Launch VRF context view Context view
4. A new tab will be opened in the browser window that will host the selected VRF view
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 24 April 2011
avaya.com
2.3.4 VRF Configuration – Adding IP Related Parameters
2.3.4.1 If using SNMP only via JDM (release 5.x), either select VRF instance via Super User or log-in via a valid VRF user for the corresponding VRF instance
At this point, you can need to select the VRF instance where you wish to configure the IP related parameters. If you are using a VRF user interface to configure the VRF instance, you must open up a JDM connection using the correct user credentials that belong to the VRF instance. Either SNMPv1/2 or SNMPv3 can be used. If using SNMPv3, the Super User must first create the VRF SNMPv3 users.
Using JDM Step 1 – Super User, go to IP -> VRF and select the VRF instance
Using JDM Step 1 – VRFUser
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 25 April 2011
avaya.com
2.3.4.2 Add IP Address and Routing Protocol
CLI Step 1 –Add IP address to VRF VLAN
CLI
ERS8000-1:5# config vlan <1..4094> ip create <ipaddr/mask>
ERS8000-1:5# config vlan <1..4094> ip <ospf|rip> enable
ACLI
ERS8000-1:5(config)# interface vlan <1..4094>
ERS8000-1:5(config-if)# ip address <ipaddr> <mask>
ERS8000-1:5(config-if)# ip <ospf|rip> enable
ERS8000-1:5(config-if)# exit
JDM (release 5.x) Step 1 – Go to VLAN -> VLANs -> (click on corresponding VLAN id) -> IP -> Insert and add IP address and mask. After that, click on the corresponding routing protocol tab that you wish to enable, i.e. RIP or OSPF.
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 26 April 2011
avaya.com
EDM (release ≥ 7.0) Step 1 – Go to Configuration -> VLAN -> VLANs -> (click on corresponding VLAN id. Click on the IP icon and and via the IP Address tab, click on Insert and add IP address and mask. After that, click on the corresponding routing protocol tab that you wish to enable, i.e. RIP or OSPF.
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 27 April 2011
avaya.com
3. VRF-Lite Configuration Example
Figure 10: VF-Lite Configuration Example
For this configuration example, two IP-VRF instances will be added, VRF1 using a name of vrfone and VRF2 using a name of vrftwo. RSMLT will be enabled on both VRF instances along with the SLT ID, IP address and IGP protocols as shown in figure 5 above. For this example, we will only add the configuration for VLAN 601 to Switch-1 and VLAN 700 to Switch-2. Realistically, more than one router would normally be connected to each VRF instance in addition to the core configuration. However, the purpose of this example is to simply demonstrate how to configure VRF instances locally at an edge level using SMLT. In the core, either VRF, IP VPN-Lite, or MPLS can be deployed.
In addition, assuming ERS8000-1 and ERS8000-2 are using software level 5.x, we will configure three SNMPv3 USM users with the following user names:
vrf0user: Super User
vrfone: VRF1 user – to manage VRF1 only
vrftwo: VRF2 user – to manage VRF2 only
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 28 April 2011
avaya.com
3.1 Configuration – Adding VRF Instance
For this configuration example, we will configure ERS8000-1 using ACLI and ERS8000-2 using CLI.
3.1.1 Optional SNMP Configuration – Software release 5.x
Only complete this section if ERS8000-1 and 8600-2 have software level 5.x and only if you wish to use JDM to limit access to a specific VRF instance. Otherwise, please continue to the next section.
3.1.1.1 Create VRF SNMP user using CLI
In this example, we will create three SNMPv3 users with the following characteristics:
VRF User Name
Context Name
Authentication Privacy
Protocol Password Protocol Password
VRF0 vrf0user MD5 User1234 AES userpriv
VRF1 vrfone vrf1 MD5 vrf1user AES vrf1priv
VRF2 vrftwo vrf2 MD5 vrf2user AES vrf2priv
ERS8000-1 Step 1 – Load the SNMPv3 AES encryption module
ERS8000-1:5(config)# load-encryption-module AES
ERS8000-2 Step 1 – Load the SNMPv3 AES encryption module
ERS8000-2:5# config load-encryption-module AES
ERS8000-1 Step 2 – Add SNMP-v3 Super User. For this example, we will add user ‘vrf0user’ to USM group named ‘group_1’
ERS8000-1:5(config)# snmp-server user vrf0user md5 user1234 aes userpriv
ERS8000-1:5(config)# snmp-server user vrf0user group group_1
ERS8000-1:5(config)# snmp-server group group_1 "" auth-priv read-view org write-view
org notify-view org
ERS8000-2 Step 2 – Add SNMP-v3 Super User. For this example, we will add user ‘vrf0user’ to USM group named ‘group_1’
ERS8000-2:5# config snmp-v3 usm create vrf0user md5 auth user1234 priv-prot aes priv
userpriv
ERS8000-2:5# config snmp-v3 group-member create vrf0user usm group_1
ERS8000-2:5# config snmp-v3 group-access create group_1 "" usm authPriv
ERS8000-2:5# config snmp-v3 group-access view group_1 "" usm authPriv read org write
org notify org
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 29 April 2011
avaya.com
ERS8000-1 Step 3 – Add SNMP-v3 VRF1 user. For this example, we will add user ‘vrfone’ to USM group named ‘vrf1_group’ and context name vrf1
ERS8000-1:5(config)# snmp-server user vrfone md5 vrf1user aes vrf1priv
ERS8000-1:5(config)# snmp-server user vrf1user group vrf1_group
ERS8000-1:5(config)# snmp-server group vrf1_group vrf1 auth-priv read-view vrf write-view vrf notify-view vrf
ERS8000-2 Step 3 – Add SNMP-v3 VRF1 user. For this example, we will add user ‘vrfone’ to USM group named ‘vrf1_group’ and context name vrf1
ERS8000-2:5# config snmp-v3 usm create vrfone md5 auth vrf1user priv-prot aes priv
vrf1priv
ERS8000-2:5# config snmp-v3 group-member create vrfone usm vrf1_group
ERS8000-2:5# config snmp-v3 group-access create vrf1_group vrf1 usm authPriv
ERS8000-2:5# config snmp-v3 group-access view vrf1_group vrf1 usm authPriv read vrf
write vrf notify vrf
ERS8000-1 Step 4 – Add SNMP-v3 VRF2 user. For this example, we will add user ‘vrftwo’ to USM group named ‘vrf2_group’ and context name vrf2
ERS8000-1:5(config)# snmp-server user vrftwo md5 vrf2user aes vrf2priv
ERS8000-1:5(config)# snmp-server user vrf2user group vrf2_group
ERS8000-1:5(config)# snmp-server group vrf2_group vrf2 auth-priv read-view vrf write-
view vrf notify-view vrf
ERS8000-2 Step 4 – Add SNMP-v3 VRF2 user. For this example, we will add user ‘vrftwo’ to USM group named ‘vrf2_group’ and context name vrf2
ERS8000-2:5# config snmp-v3 usm create vrftwo md5 auth vrf2user priv-prot aes priv
vrf2priv
ERS8000-2:5# config snmp-v3 group-member create vrftwo usm vrf2_group
ERS8000-2:5# config snmp-v3 group-access create vrf2_group vrf2 usm authPriv
ERS8000-2:5# config snmp-v3 group-access view vrf2_group vrf2 usm authPriv read vrf
write vrf notify vrf
3.1.1.2 Add SNMP Trap Receiver
ERS8000-1 Step 1 – Add an trap receiver using the name ‘taddr1’
ERS8000-1:5(config)# snmp-server host 172.30.30.50 port 162 v1 TAddr1
ERS8000-1 Step 1 – Add an trap receiver using the name ‘taddr1’
ERS8000-2:5# config snmp-v3 target-addr create taddr1 172.30.30.50:162 TparamV1
timeout 1500 retry 3 taglist trapTap mask 0xff:ff:00:00:00:00 mms 484
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 30 April 2011
avaya.com
3.1.2 IST Configuration
3.1.2.1 Create IST
ERS8000-1: Step 1 – Create VLAN 1900
ERS8000-1:5(config)# vlan create 1900 name IST type port 1
ERS8000-2: Step 1 – Create VLAN 1900
ERS8000-2:5# config vlan 1900 create byport 1 name IST
ERS8000-1: Step 2 – Create MLT 1 for IST
ERS8000-1:5(config)# mlt 1 enable name IST
ERS8000-1:5(config)# mlt 1 member 1/1,2/1
ERS8000-1:5(config)# mlt 1 encapsulation dot1q
ERS8000-1:5(config)# mlt 1
ERS8000-2: Step 2 – Create MLT 1 for IST
ERS8000-2:5# config mlt 1 create
ERS8000-2:5# config mlt 1 name IST
ERS8000-2:5# config mlt 1 add port 1/1,2/1
ERS8000-2:5# config vlan 1900 add-mlt 1
ERS8000-1: Step 2 – Create IST
ERS8000-1:5(config)# interface mlt 1
ERS8000-1:5(config-mlt)# ist peer-ip 2.1.1.1/30 vlan 1900
ERS8000-1:5(config-mlt)# ist enable
ERS8000-1:5(config-mlt)# exit
ERS8000-2: Step 2 – Create IST
ERS8000-2:5# config vlan 1900 ip create 2.1.1.2/30
ERS8000-2:5# config mlt 1 ist create ip 2.1.1.1 vlan-id 1900
ERS8000-2:5# config mlt 1 ist enable
ERS8000-1: Step 3 – Enable VLACP
ERS8000-1:5(config)# interface gigabitEthernet 1/1,2/1
ERS8000-1:5(config-if)# vlacp funcmac-addr 01:80:c2:00:00:0f
ERS8000-1:5(config-if)# vlacp enable
ERS8000-1:5(config-if)# exit
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 31 April 2011
avaya.com
ERS8000-2: Step 3 – Enable VLACP
ERS8000-2:5# ethernet 1/1,2/1 vlacp macaddress 01:80:c2:00:00:0f
ERS8000-2:5# ethernet 1/1,2/1 vlacp enable
ERS8000-2:5# config vlacp enable
3.1.3 VRF Instances – Initial Configuration
3.1.3.1 Create VRF Instances
ERS8000-1 Step 1 – Create VRF instances 1 and 2. Set maximum routes for VRF 1 to 1000 and maximum route to 500 for VRF 2.
ERS8000-1:5(config)# ip vrf vrfone vrfid 1
ERS8000-1:5(config)# ip vrf vrfone max-routes 1000
ERS8000-1:5(config)# ip vrf vrftwo vrfid 2
ERS8000-1:5(config)# ip vrf vrftwo max-routes 500
ERS8000-2 Step 1 – Create VRF instances 1 and 2. Set maximum routes for VRF 1 to 1000 and maximum route to 500 for VRF 2.
ERS8000-2:5# config ip vrf vrfone create id 1
ERS8000-2:5# config ip vrf vrfone max-routes 1000
ERS8000-2:5# config ip vrf vrftwo create id 2
ERS8000-2:5# config ip vrf vrftwo max-routes 500
ERS8000-1 Step 2 – Add OSPF to VRF1 and RIP to VRF2
ERS8000-1:5(config)# router vrf vrfone
ERS8000-1:5(router-vrf)# ip ospf
ERS8000-1:5(router-vrf)# exit
ERS8000-1:5(config)# router vrf vrftwo
ERS8000-1:5(router-vrf)# ip rip enable
ERS8000-1:5(router-vrf)# exit
ERS8000-2 Step 2 – Add OSPF to VRF1 and RIP to VRF2
ERS8000-2:5# config ip vrf vrfone ospf create
ERS8000-2:5# config ip vrf vrfone ospf enable
ERS8000-2:5# config ip vrf vrftwo rip create
ERS8000-2:5# config ip vrf vrftwo rip enable
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 32 April 2011
avaya.com
3.1.3.2 Create VLANs for VRF
ERS8000-1 Step 1 – Create VLAN 601 for vrf1 and VLAN 700 for vrf2
ERS8000-1:5(config)# vlan create 601 name vrf1_two type port 1
ERS8000-1:5(config)# vlan members add 601 4/26
ERS8000-1:5(config)# interface vlan 601
ERS8000-1:5(config-if)# vrf vrfone
ERS8000-1:5(config-if)# exit
ERS8000-1:5(config)# vlan create 700 name vrf2_one type port 1
ERS8000-1:5(config)# vlan members add 700 4/23
ERS8000-1:5(config)# interface vlan 700
ERS8000-1:5(config-if)# vrf vrftwo
ERS8000-1:5(config-if)# exit
ERS8000-2 Step 2 – Create VLAN 601 for vrf1 and VLAN 700 for vrf2
ERS8000-2:5# config vlan 601 create byport 1
ERS8000-2:5# config vlan 601 name vrf1_two
ERS8000-2:5# config vlan 601 vrf vrfone
ERS8000-2:5# config vlan 601 ports add 4/26
ERS8000-2:5# config vlan 700 create byport 1
ERS8000-2:5# config vlan 700 name vrf2_one
ERS8000-2:5# config vlan 700 vrf vrftwo
ERS8000-2:5# config vlan 700 ports add 4/23
3.1.4 VRF1 Configuration
3.1.4.1 Add IP Address, Routing Protocol, and enable RSMLT for VRF 1
For the rest of this example, we will configure ERS8000-1 using CLI and configure ERS8000-2 using JDM.
For ERS8000-2, proceed to the following steps using JDM
ERS8000-1 Step 1 – Add IP address for VLAN 601 and enable OSPF
ERS8000-1:5(config)# interface vlan 601
ERS8000-1:5(config-if)# ip address 10.1.11.1 255.255.255.0
ERS8000-1:5(config-if)# ip ospf enable
ERS8000-1:5(config-if)# ip rsmlt
ERS8000-1:5(config-if)# ip rsmlt holdup-timer 60
ERS8000-1:5(config-if)# exit
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 33 April 2011
avaya.com
ERS8000-1 Step 2 – Enable OSPF globally for VRF 1
ERS8000-1:5(config)# router vrf vrfone
ERS8000-1:5(router-vrf)# ip ospf admin-state
ERS8000-1:5(router-vrf)# exit
ERS8000-2 Step 1 – Logon using JDM using the password credentials created above for vrf1
If Super User, via JDM go to IP -> VRF -> VRF and select VRF 1
Via VRF 1 user, enter the correct SNMP-v3 credentials
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 34 April 2011
avaya.com
ERS8000-2 Step 2 – Once logged on, you should only see the VLAN and VLAN port members activated for vrf1.
Please notice, as shown in the above Java Device Manager (JDM) snap-shot, only the VLAN and VLAN members as configured by the Super User are visible.
ERS8000-1 Step 3 – Add IP address for VLAN 601. Via JDM, go to VLAN -> VLANs -> Id 601 -> IP -> IP Address > Insert and then go to the OSPF tab and enable OSPF
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 35 April 2011
avaya.com
ERS8000-2 Step 4 – Enable OSPF globally for VRF 1. Via JDM, go to IP -> OSPF – vrfone (vrf 1) -> General
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 36 April 2011
avaya.com
3.1.5 VRF2 Configuration
3.1.5.1 Add IP Address, Routing Protocol, and enable RSMLT for VRF 2
For the rest of this example, we will configure ERS8000-1 using CLI and configure ERS8000-2 using JDM.
For ERS8000-2, proceed to the following steps using JDM.
ERS8000-1 Step 1 – Add IP address for VLAN 600, enable RIP and set the RSMLT hold-down timer to 180 seconds (assuming default RIP timers)
ERS8000-1:5(config)# interface vlan 700
ERS8000-1:5(config-if)# ip address 172.1.1.1 255.255.255.0
ERS8000-1:5(config-if)# ip rip enable
ERS8000-1:5(config-if)# ip rsmlt
ERS8000-1:5(config-if)# ip rsmlt holddown-timer 180
ERS8000-1:5(config-if)# exit
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 37 April 2011
avaya.com
ERS8000-2 Step 1 – Logon using JDM using the password credentials created above for vrf2
If Super User, via JDM go to IP -> VRF -> VRF and select VRF 1
Via VRF 2 user, enter the correct SNMP-v3 credentials
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 38 April 2011
avaya.com
ERS8000-1 Step 2 – Add IP address for VLAN 700. Via JDM, go to VLAN -> VLANs -> Id 700 -> IP -> Insert and then go to the RIP tab and enable RIP
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 39 April 2011
avaya.com
ERS8000-1 Step 2 – Enable RIP. Via JDM, go to VLAN -> VLANs -> Id 700 -> IP -> RIP and enable RIP
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 40 April 2011
avaya.com
3.2 Verification
With using the show command to view various VRF parameters, you can ether use the VRF name or VRF ID.
3.2.1 VRF:
3.2.1.1 Verify VRF IP information: Interfaces, Routes and ARP Entries
Step 1 –Verify the IP addresses using CLI, i.e. for VRF 1
ERS8000-1:5# show ip interface vrf vrfone
or
ERS8000-1:5# show ip interface vrfids 1
Result:
================================================================================
IP Interface - VRF vrfone
================================================================================
INTERFACE IP NET BCASTADDR REASM VLAN BROUTER
ADDRESS MASK FORMAT MAXSIZE ID PORT
--------------------------------------------------------------------------------
Vlan600 10.1.10.1 255.255.255.0 ones 1500 -- false
Vlan601 10.1.11.1 255.255.255.0 ones 1500 -- false
Step 1 – Verify the IP address using JDM, i.e. assuming Super User for VRF 1
Go to:
1. IP -> VRF -> Id 1 (vrfone) -> Set Currect VRF
2. IP -> IP – vrfone (vrf 1) -> Addresses.
Result:
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 41 April 2011
avaya.com
Step 2 –Verify the IP ARP table using CLI, i.e. for VRF 1
ERS8000-1:5# show ip arp vrf vrfone
or
ERS8000-1:5# show ip arp vrfids 1
Result:
=====================================================================
IP Arp - VRF vrfone
=====================================================================
IP_ADDRESS MAC_ADDRESS VLAN PORT TYPE TTL(10 Sec)
---------------------------------------------------------------------
10.1.10.1 00:01:81:28:86:11 600 - LOCAL 2160
10.1.10.255 ff:ff:ff:ff:ff:ff 600 - LOCAL 2160
10.1.11.1 00:01:81:28:86:12 601 - LOCAL 2160
10.1.11.255 ff:ff:ff:ff:ff:ff 601 - LOCAL 2160
10.1.10.2 00:00:15:2b:56:7c 600 4/27 DYNAMIC 2159
10.1.11.2 00:00:15:29:0f:d3 601 4/28 DYNAMIC 2159
Step 2 – Verify the IP ARP table using JDM, i.e. assuming Super User for VRF 1
Go to:
1. IP -> VRF -> Id 1 (vrfone) -> Set Currect VRF
2. IP -> IP – vrfone (vrf 1) -> ARP
Result:
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 42 April 2011
avaya.com
Step 3 –Verify the IP route table using CLI, i.e. for VRF 1
ERS8000-1:5# show ip route vrf vrfone
or
ERS8000-1:5# show ip route vrfids 1
Result:
================================================================================
IP Route - VRF vrfone
================================================================================
NH INTER
DST MASK NEXT VRF COST FACE PROT AGE TYPE PRF
--------------------------------------------------------------------------------
10.1.10.0 255.255.255.0 10.1.10.1 - 1 600 LOC 0 DB 0
10.1.11.0 255.255.255.0 10.1.11.1 - 1 601 LOC 0 DB 0
192.33.34.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.35.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.36.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.37.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.38.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.39.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.40.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.41.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.42.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.33.43.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120
192.168.1.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.2.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.3.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.4.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.5.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.6.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.7.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.8.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.9.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
192.168.10.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125
22 out of 22 Total Num of Route Entries, 22 Total Num of Dest Networks displayed
.
--------------------------------------------------------------------------------
TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Rout
e,
U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 43 April 2011
avaya.com
Step 3 – Verify the IP route table using JDM, i.e. assuming Super User for VRF 1,
Go to:
1. IP -> VRF -> Id 1 (vrfone) -> Set Currect VRF
2. IP -> IP – vrfone (vrf 1) -> Routes
Result:
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 44 April 2011
avaya.com
3.2.2 SNMP:
3.2.2.1 Verify SNMP Users
Step 1 –Verify the SNMP-v3 users
ERS8000-1:5# show snmp-server user
Result:
Engine ID = 80:00:08:E0:03:00:01:81:28:84:00
================================================================================
USM Configuration
================================================================================
User/Security Name Engine Id Protocol
--------------------------------------------------------------------------------
vrfone 0x80:00:08:E0:03:00:01:81:28:84:00 HMAC_MD5, AES PRIVACY,
vrftwo 0x80:00:08:E0:03:00:01:81:28:84:00 HMAC_MD5, AES PRIVACY,
initial 0x80:00:08:E0:03:00:01:81:28:84:00 NO AUTH, NO PRIVACY
vrf0user 0x80:00:08:E0:03:00:01:81:28:84:00 HMAC_MD5, AES PRIVACY,
4 out of 4 Total entries displayed
--------------------------------------------------------------------------------
Step 1 – Verify the SNMP-v3 users using JDM via Super User:
Go to:
1. Edit -> SNMPv3 -> USM Table
Result:
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 45 April 2011
avaya.com
3.2.2.2 Verify SNMP Group Member and Group Access
Step 1 –Verify the SNMP-v3 group-member
ERS8000-1:5# show snmp-server group
Result:
==================================================================
VACM Group Membership Configuration
==================================================================
Sec Model Security Name Group Name
------------------------------------------------------------------
snmpv1 readview readgrp
snmpv1 sBladeUser sBladeGrp
snmpv1 initialview v1v2grp
snmpv2c readview readgrp
snmpv2c sBladeUser sBladeGrp
snmpv2c initialview v1v2grp
usm vrfone vrf1_group
usm vrftwo vrf2_group
usm initial initial
usm vrf0user group_1
10 out of 10 Total entries displayed
------------------------------------------------------------------
Step 1 – Verify the SNMP-v3 users using JDM via Super User:
Go to:
1. Edit -> SNMPv3 -> VCAM Table -> Group Membership
Result:
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 46 April 2011
avaya.com
Step 2 –Verify the SNMP-v3 group access
ERS8000-1:5# show snmp-server group
Result:
================================================================================
VACM Group Access Configuration
================================================================================
Group Prefix Model Level ReadV WriteV NotifyV
--------------------------------------------------------------------------------
vrf1_group vrf1 usm authPriv vrf vrf vrf
vrf2_group vrf2 usm authPriv vrf vrf vrf
Step 2 – Verify the SNMP-v3 users using JDM via Super User:
Go to:
1. Edit -> SNMPv3 -> VCAM Table>Group Access Right
Result:
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 47 April 2011
avaya.com
4. Routing between VRF’s
4.1 Configuration – Leaking Routes between VRF Instances
There may be times where you may wish to inject routes between VRF‟s for various reasons. For example, you may have a case where there is service on a particulate VRF, i.e. VRF10, which you also would also like to use on other VRF‟s. Instead of duplicating the service on each VRF, you could inject the service routes from VRF 10 to the other VRF‟s that require the use of this service. In the other direction, you will also need to inject the routes from the other VRF‟s that require the service back to VRF10.
In this example, using the base configuration from the configuration example in section 3, we will enable the leaking of routes between VRF1 and VRF2. Overall, we will accomplish the following:
Enable re-distribution of direct interfaces between VRF1 and VRF2
Only re-distribute network 172.1.25.0/24 from VRF2 to VRF1
Only re-distribute network 192.33.34.0/24 from VRF1 to VRF2
4.1.1 ERS 8600/8800 Configuration
4.1.1.1 Enable ASBR
In order to re-distribute static routes, you must enable OSPF ASBR on vrf 1.
ERS8000-1 Step 1 – Enable OSPF ASBR for vrf 1
ERS8000-1:5(config)# router vrf vrfone
ERS8000-1:5(router-vrf)# ip ospf as-boundary-router enable
ERS8000-1:5(router-vrf)# exit
ERS8000-2 Step 1 – Enable OSPF ASBR for vrf 1
ERS8000-2:5# config ip vrf vrfone ospf as-boundary-router enable
4.1.1.2 Add static routes
ERS8000-1 Step 1 – Create Static route for vrf 1
ERS8000-1:5(config)# router vrf vrfone
ERS8000-1:5(router-vrf)# ip route 172.1.25.0 255.255.255.0 172.1.1.5 weight 1 next-
hop-vrf vrftwo
ERS8000-1:5(router-vrf)# exit
ERS8000-2 Step 1 – Create Static route for vrf 1
ERS8000-2:5# config ip vrf vrfone static-route create 172.1.25.0/24 next-hop 172.1.1.5
cost 1 next-hop-vrf vrftwo
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 48 April 2011
avaya.com
ERS8000-1 Step 2 – Create Static route for vrf 2
ERS8000-1:5(config)# router vrf vrftwo
ERS8000-1:5(router-vrf)# ip route 192.33.34.0 255.255.255.0 10.1.11.3 weight 1 next-
hop-vrf vrfone
ERS8000-1:5(router-vrf)# exit
ERS8000-2 Step 2 – Create Static route for vrf 2
ERS8000-2:5# config ip vrf vrftwo static-route create 192.33.34.0/24 next-hop
10.1.11.3 cost 1 next-hop-vrf vrfone
4.1.1.3 Enable Route Re-distribution
We will also have to re-distribute the direct interfaces in order for either Switch-1 or Switch-2 to get to the remote networks.
ERS8000-1 Step 1 – For vrf 1, enable OSPF re-distribution of static routes from VRF source of vrf 2
ERS8000-1:5(config)# router vrf vrfone
ERS8000-1:5(router-vrf)# ip ospf redistribute static vrf-src vrftwo
ERS8000-1:5(router-vrf)# ip ospf redistribute static enable vrf-src vrftwo
ERS8000-1:5(router-vrf)# ip ospf redistribute direct vrf-src vrftwo
ERS8000-1:5(router-vrf)# ip ospf redistribute direct enable vrf-src vrftwo
ERS8000-1:5(router-vrf)# exit
ERS8000-2 Step 1 – For vrf 1, enable OSPF re-distribution of static routes from VRF source of vrf 2
ERS8000-2:5# config ip vrf vrfone ospf redistribute static create vrf-src vrftwo
ERS8000-2:5# config ip vrf vrfone ospf redistribute static enable vrf-src vrftwo
ERS8000-2:5# config ip vrf vrfone ospf redistribute static apply vrf-src vrftwo
ERS8000-2:5# config ip vrf vrfone ospf redistribute direct create vrf-src vrftwo
ERS8000-2:5# config ip vrf vrfone ospf redistribute direct enable vrf-src vrftwo
ERS8000-2:5# config ip vrf vrfone ospf redistribute direct apply vrf-src vrftwo
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 49 April 2011
avaya.com
ERS8000-1 Step 2 – For vrf 2, enable RIP re-distribution of static routes from VRF source of vrf 1
ERS8000-1:5(config)# router vrf vrftwo
ERS8000-1:5(router-vrf)# ip rip redistribute static vrf-src vrfone
ERS8000-1:5(router-vrf)# ip rip redistribute static enable vrf-src vrfone
ERS8000-1:5(router-vrf)# ip rip redistribute direct vrf-src vrfone
ERS8000-1:5(router-vrf)# ip rip redistribute direct enable vrf-src vrfone
ERS8000-1:5(router-vrf)# exit
ERS8000-2 Step 2 – For vrf 2, enable RIP re-distribution of static routes from VRF source of vrf 1
ERS8000-2:5# config ip vrf vrftwo rip redistribute static create vrf-src vrfone
ERS8000-2:5# config ip vrf vrftwo rip redistribute static enable vrf-src vrfone
ERS8000-2:5# config ip vrf vrftwo rip redistribute static apply vrf-src vrfone
ERS8000-2:5# config ip vrf vrftwo rip redistribute direct create vrf-src vrfone
ERS8000-2:5# config ip vrf vrftwo rip redistribute direct enable vrf-src vrfone
ERS8000-2:5# config ip vrf vrftwo rip redistribute direct apply vrf-src vrfone
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 50 April 2011
avaya.com
4.1.2 Verification
4.1.2.1 Verify Static Routes
Step 1 –Verify the OSPF route redistribution configuration
ERS8000-1:5# show ip route static vrf vrfone
or
ERS8000-1:5# show ip route static vrfids 1
Result:
================================================================================
IP Static Route - VRF vrfone
================================================================================
DEST MASK NEXT NH-VRF COST PREF LCLNHOP STATUS ENABLE
--------------------------------------------------------------------------------
172.1.25.0 255.255.255.0 172.1.1.3 vrftwo 1 5 TRUE ACTIVE TRUE
4.1.2.2 Verify Route Policies
In order to re-distribute static routes, you must enable OSPF ASBR on vrf 1.
Step 1 –Verify the OSPF route redistribution configuration
ERS8000-1:5# show ip ospf redistribute vrf vrfone
or
ERS8000-1:5# show ip ospf redistribute vrfids 1
Result:
================================================================================
OSPF Redistribute List - VRF vrfone
================================================================================
SRC-VRF SRC MET MTYPE SUBNET ENABLE RPOLICY
--------------------------------------------------------------------------------
vrftwo STAT 0 type2 allow TRUE
vrftwo LCL 0 type2 allow TRUE
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 51 April 2011
avaya.com
4.1.2.3 Verify Route table
Step 1 –Verify the OSPF route redistribution configuration
ERS8000-1:5# show ip route vrf vrfone
or
ERS8000-1:5# show ip route vrfids 1
Result:
================================================================================
IP Route - VRF vrfone
================================================================================
NH INTER
DST MASK NEXT VRF COST FACE PROT AGE TYPE PRF
--------------------------------------------------------------------------------
10.1.11.0 255.255.255.0 10.1.11.1 - 1 601 LOC 0 DB 0
|
192.33.34.0 255.255.255.0 10.1.11.3 vrfo~ 20 601 OSPF 0 IB 20
|
172.1.1.0 255.255.255.0 10.1.11.2 vrfo~ 1 601 OSPF 0 IB 125
172.1.25.0 255.255.255.0 172.1.1.3 vrft~ 1 700 STAT 0 IB 5
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 52 April 2011
avaya.com
5. Software Baseline:
Software level used for this guide is based on 5.x or higher.
6. Reference Documentation:
Document Title Publication Number Description
IP VPN-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide
NN48500-562
Configuration – IP VPN NN46205-520
VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 53 April 2011
avaya.com
7. Customer service
Visit the Avaya Web site to access the complete range of services and support that Avaya provides. Go to www.avaya.com or go to one of the pages listed in the following sections.
7.1 Getting technical documentation
To download and print selected technical publications and release notes directly from the Internet,go to www.avaya.com/support.
7.2 Getting product training
Ongoing product training is available. For more information or to register, you can access the Web site at www.avaya.com/support. From this Web site, you can locate the Training contacts link on the left-hand navigation pane.
7.3 Getting help from a distributor or reseller
If you purchased a service contract for your Avaya product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance.
7.4 Getting technical support from the Avaya Web site
The easiest and most effective way to get technical support for Avaya products is from the Avaya Technical Support Web site at www.avaya.com/support.
top related