In the configuration example, there is a remote site connected to the center via the point-to-point MPLS VPN structure provided by the service provider (Ulaknet).
The configuration of the backbone switch and remote campus switch will be described in order for this campus network to be able to receive service from the central Antikor Firewall when it is online.
MPLS (Multi Protocol Label Switching):
It can be described as switching in OSI 2nd layer and integrating routing in OSI 3rd layer. MPLS technology performs routing operations faster.
Metro Ethernet MPLS can be configured in two ways:
Virtual Lease Line(VLL):
Metro ethernet is the structure that provides point-to-point connection to each ID via the MPLS network.
Virtual Private LAN Service(VPLS):
Metro Ethernet is a structure that provides multi-point to multi-point communication over the MPLS network.
VPLS allows remote locations to share the same broadcast domains.
Thanks to the Metro Ethernet structure, the service provider can differentiate its customers’ networks with VPN(Virtual Private Network).
In such a structure, the Ethernet switches on the receiving side must have 802.1q VLAN support and must have a fiberoptic port suitable for receiving the service of the service provider.
Ulakbim configurations on the Metro Ethernet Switch comes ready to service. It is shown as an example.
Ulakbim Switch
Ulakbim_sw. show configuration snapshot
! Stack Manager :
! Chassis :
system name ULAKBIM
! Configuration:
! VLAN :
vlan 1 disable name "VLAN 1"
vlan 10 ip 172.168.2.1 255.255.255.0
vlan 10 mac 00:d0:bc:aa:9e:01
! VLAN SL:
! IP :
ip service all
! IPX :
! IPMS :
! AAA :
user password-size min 1
user password-history 0
! PARTM :
! AVLAN :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
! SNMP :
! RIP :
! IPv6 :
! IPRM :
! RIPng :
! Health monitor :
! Interface :
interfaces 1/1 hybrid FORCED-FIBER
interfaces 1/1 alias "kampuslerUplink"
interfaces 1/2 hybrid FORCED-FIBER
interfaces 1/2 alias "universiteWAN"
interfaces 1/3 hybrid FORCED-FIBER
interfaces 1/3 alias "ucNokta"
! Udld :
! Port Mapping :
! Link Aggregate :
! VLAN AGG:
! 802.1Q :
vlan 10 802.1q 1/1 "TAG PORT 1/1 VLAN 10"
vlan 100 802.1q 1/1 "TAG PORT 1/1 VLAN 100"
vlan 200 802.1q 1/1 "TAG PORT 1/1 VLAN 200"
vlan 200 802.1q 1/3 "TAG PORT 1/3 VLAN 200"
! Spanning tree :
bridge mode 1x1
! Bridging :
! Bridging :
! Port mirroring :
! UDP Relay :
! Server load balance :
! System service :
debug fscollect disable
! SSH :
! Web :
! AMAP :
! LLDP :
! Lan Power :
! NTP :
ntp client enable
! RDP :
! VLAN STACKING:
! Ethernet-OAM :
Spine Switch
Omurga_sw. show configuration snapshot
! Stack Manager :
! Chassis :
system name Spine
! Configuration:
! VLAN :
vlan 1 disable name "VLAN 1"
vlan 10 ip 172.168.2.1 255.255.255.0
vlan 10 mac 00:d0:bc:aa:9e:01
vlan 100 ip 192.168.2.1 255.255.255.0
vlan 100 mac 00:01:43:ee:0b:01
vlan 200 ip 10.2.1.1 255.255.255.0
vlan 200 mac 00:01:43:ee:0b:02
vlan 201 enable name "spineAntikor"
vlan 201 ip 192.168.201.1 255.255.255.0
vlan 201 mac 00:01:43:ee:0b:03
! VLAN SL:
! IP :
ip service all
! IPX :
! IPMS :
! AAA :
user password-size min 1
user password-history 0
! PARTM :
! AVLAN :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
! SNMP :
! RIP :
! IPv6 :
! IPRM :
ip static-route 0.0.0.0/0 gateway 192.168.2.2 metric 1 (From Spine Switch to Antikor it is made forwarded.)
! RIPng :
! Health monitor :
! Interface :
interfaces 1/1 hybrid FORCED-FIBER
interfaces 1/1 alias "UlakbimPort"
interfaces 1/2 hybrid FORCED-FIBER
interfaces 1/2 alias "AntikorPort"
! Udld :
! Port Mapping :
! Link Aggregate :
! VLAN AGG:
! 802.1Q :
vlan 100 802.1q 1/1 "TAG PORT 1/1 VLAN 100"
vlan 200 802.1q 1/1 "TAG PORT 1/1 VLAN 200"
vlan 100 802.1q 1/2 "TAG PORT 1/2 VLAN 100"
vlan 200 802.1q 1/2 "TAG port 1/2 vlan 200"
vlan 201 802.1q 1/2 "TAG port 1/2 vlan 201"
! Spanning tree :
bridge mode 1x1
! Bridging :
! Bridging :
! Port mirroring :
! UDP Relay :
! Server load balance :
! System service :
debug fscollect disable
! SSH :
! Web :
! AMAP :
! LLDP :
! Lan Power :
! NTP :
ntp client enable
! RDP :
! VLAN STACKING:
! Ethernet-OAM :
End-Point Switch
Note
: Depending on demand, more endpoints can be carried as many times as desired.
UcNokta_sw. show configuration snapshot
! Stack Manager :
! Chassis :
system name Endpoint
! Configuration:
! VLAN :
vlan 1 disable name "VLAN 1"
vlan 200 ip 10.2.1.2 255.255.255.0
vlan 200 mac 00:60:3e:63:b3:01
! VLAN SL:
! IP :
ip service all
! IPX :
! IPMS :
! AAA :
user password-size min 1
user password-history 0
! PARTM :
! AVLAN :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
! SNMP :
! RIP :
! IPv6 :
! IPRM :
ip static-route 0.0.0.0/0 gateway 10.2.1.1 metric 1
! RIPng :
! Health monitor :
! Interface :
interfaces 1/1 hybrid FORCED-FIBER
interfaces 1/2 hybrid FORCED-COPPER
! Udld :
! Port Mapping :
! Link Aggregate :
! VLAN AGG:
! 802.1Q :
vlan 200 802.1q 1/1 "TAG PORT 1/1 VLAN 200"
vlan 200 802.1q 1/2 "TAG PORT 1/2 VLAN 200"
! Spanning tree :
bridge mode 1x1
! Bridging :
! Bridging :
! Port mirroring :
! UDP Relay :
! Server load balance :
! System service :
debug fscollect disable
! SSH :
! Web :
! AMAP :
! LLDP :
! Lan Power :
! NTP :
ntp client enable
! RDP :
! VLAN STACKING:
! Ethernet-OAM :
Antikor
The necessary VLANs and Routing it is made on the Antikor side.
The ping test between Antikor and End Point was successful for two ways.
Executing Command | Error Message | Solution Proposal |
---|---|---|
ping 10.2.1.2 |
— Ping statistics for 10.0.0.1 — 5 packets transmitted, 0 packets received, 100.0% packet loss | Check the status of the port. |
Review VLAN settings. |
ePati Cyber Security Co.
Mersin Üniversitesi Çiftlikköy Kampüsü
Teknopark İdari Binası Kat:4 No: 411
Posta Kodu: 33343
Yenişehir / Mersin / TURKEY
Web: www.epati.com.tr
e-Mail: info@epati.com.tr
Tel: +90 324 361 02 33
Fax: +90 324 361 02 39