H3C Metro WAN Campus Configuration

Summary


In the configuration example, there is a remote site connected to the center via the point-to-point MPLS VPN structure provided by the service provider (Ulaknet).
The configuration of the backbone switch and remote campus switch will be described in order for this campus network to be able to receive service from the central Antikor Firewall when it is online.

Prior Knowledge


MPLS (Multi Protocol Label Switching):
It can be described as switching in OSI 2nd layer and integrating routing in OSI 3rd layer. MPLS technology performs routing operations faster.

Metro Ethernet MPLS can be configured in two ways:

Virtual Lease Line(VLL):
Metro ethernet is the structure that provides point-to-point connection to each ID via the MPLS network.

Virtual Private LAN Service(VPLS):
Metro Ethernet is a structure that provides multi-point to multi-point communication over the MPLS network.

VPLS allows remote locations to share the same broadcast domains.

Thanks to the Metro Ethernet structure, the service provider can differentiate its customers’ networks with VPN(Virtual Private Network).
In such a structure, the Ethernet switches on the receiving side must have 802.1q VLAN support and must have a fiberoptic port suitable for receiving the service of the service provider.

Network Topology

image

Configuration

Ulakbim configurations on the Metro Ethernet Switch comes ready to service. It is shown as an example.

Ulakbim Switch

#
 version 7.1.059, Alpha 7159
#
sysname ULAKBIM
#
ip route
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
 lldp global enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
Vlan1
#
Vlan 10
#
Vlan 100
#
Vlan 200
#
interface NULL0
#
interface Ethernet1/0/1
 description campuses_uplink
 port hybrid vlan 100,200 tagged (We are entering the extreme points we want to move. There is no limit.)
#
interface Ethernet1/0/2
 description university_wan_port
 port access vlan 10
#
interface Ethernet1/0/3
 description uc_nokta
 port access vlan 200
#
interface Vlan-interface1
 no ip address
 shutdown
#
interface Vlan-interface10
 mac-address 00d0.bcaa.9e01
 ip address 172.168.2.1 255.255.255.0
#
user-group system
#
return

Spine Switch

#
 version 7.1.059, Alpha 7159
#
sysname OMURGA
#
ip route
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
 lldp global enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
spanning-tree mode pvst
#
Vlan1
#
Vlan100
#
Vlan 200 to 201
#
interface NULL0
#
interface Ethernet1/0/1
 description ulakbim_port
 port hybrid vlan 100,200 tagged
 port link-type hybrid
#
interface Ethernet1/0/2
 description antikor_port
 port hybrid vlan 100,200 to 201 tagged
 port link-type hybrid
#
interface GigabitEthernet1/0/22
#
interface Vlan-interface1
 no ip address
 shutdown
#
interface Vlan-interface100
 mac-address 0001.43ee.0b01
 ip address 192.168.2.1 255.255.255.0
#
interface Vlan-interface200
 mac-address 0001.43ee.0b02
 ip address 10.2.1.1 255.255.255.0
#
interface Vlan-interface201
 description omurga_antikor
 mac-address 0001.43ee.0b03
 ip address 192.168.201.1 255.255.255.0
#
undo xrn-fabric authentication-mode
#
ip route-static 0.0.0.0 0.0.0.0 192.168.2.2 preference 60(From Spine Switch to Antikor it is made forwarded.)
#
user-group system
#
return

End-Point Switch

Note: Depending on demand, more endpoints can be carried as many times as desired.

#             
sysname SWITCH
#
ip route
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
#
 lldp global enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
spanning-tree mode pvst
#
Vlan1
#
Vlan 200
#
interface NULL0
#
interface Ethernet1/0/1
 port access vlan 200
#
interface Ethernet1/0/2
 port access vlan 200
#
interface Vlan-interface1
 no ip address
 shutdown
#
interface Vlan-interface200
 mac-address 0060.3e63.b301
 ip address 10.2.1.2 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 10.2.1.1 preference 60
#
user-group system
#
return

Antikor

The necessary VLANs and Routing it is made on the Antikor side.

Testing

The ping test between Antikor and End Point was successful for two ways.

Troubleshooting

Executing Command Error Message Solution Proposal
ping 10.2.1.2 — Ping statistics for 10.0.0.1 — 5 packets transmitted, 0 packets received, 100.0% packet loss Check the status of the ports.
    Review VLAN settings.

ePati Cyber Security Co.

Mersin Üniversitesi Çiftlikköy Kampüsü
Teknopark İdari Binası Kat:4 No: 411
Posta Kodu: 33343
Yenişehir / Mersin / TURKEY

Web: www.epati.com.tr
e-Mail: info@epati.com.tr
Tel: +90 324 361 02 33
Fax: +90 324 361 02 39