MPLS VPN Workbook Volume I

Hi Experts,

I was doing MPLS VPN Work book Volume I. after the initial setup of IP addresses and Subinterfaces associated to different VRFs, in the first question, I could not ping from SW1, "SW1#ping vrf VPN_B 172.16.7.7 source loopback 102" and also I coould not ping VPN_B from R6 with this command " R6#ping vrf VPN_B 155.1.76.7". After furthur troubleshooting, I found out "Vlan 76" associated to "VPN_B" is showing down,down. I tried to delete vlan 76 and recreate it as the solution guide says "Interface VLan 76, IP VRF Forwarding VPN_B, IP address 155.1.76.7 255.255.255.0" but VLan 76 stays "down, down".

Towards the end of that configuration in solution guide, it also says "SW1, Sw2, SW3, SW4 : Vlan 76". I dont know if it means to create VLan 76 in all the switches but the question does not says that. I have just created Vlan 76 on SW1 and stayed Down, Down and I could not solve it. Could you please advice if I am missing anything.

Thank you

Comments

  • Yes. Vlan 76 has to be added to all switches in order to make this work. 

    Sent from my iPhone

    On Aug 26, 2012, at 11:43 PM, Ellie <[email protected]> wrote:

    Hi Experts,

    I was doing MPLS VPN Work book Volume I. after the initial setup of IP addresses and Subinterfaces associated to different VRFs, in the first question, I could not ping from SW1, "SW1#ping vrf VPN_B 172.16.7.7 source loopback 102" and also I coould not ping VPN_B from R6 with this command " R6#ping vrf VPN_B 155.1.76.7". After furthur troubleshooting, I found out "Vlan 76" associated to "VPN_B" is showing down,down. I tried to delete vlan 76 and recreate it as the solution guide says "Interface VLan 76, IP VRF Forwarding VPN_B, IP address 155.1.76.7 255.255.255.0" but VLan 76 stays "down, down".

    Towards the end of that configuration in solution guide, it also says "SW1, Sw2, SW3, SW4 : Vlan 76". I dont know if it means to create VLan 76 in all the switches but the question does not says that. I have just created Vlan 76 on SW1 and stayed Down, Down and I could not solve it. Could you please advice if I am missing anything.

    Thank you




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • I was confused long time ago since I solved this ticket....... now I remember why.

  • Thank you for your feedback. Now, it makes sense why I could not ping.

    If I want to add VLAN 76 to all other switches, what would be the IP address of this vlan for the other switches. should I increment the IP address by one with the same subnet. Should I also add Vlan 76 to VPN_B as well meaning the same commands that ran on SW1 should be also added to other switches with just different IP addresses.

    Thank you

     

  • No, you should be able to just add it to the other switches as a simple layer 2 vlan. 

    Sent from my iPhone

    On Aug 27, 2012, at 12:23 PM, Ellie <[email protected]> wrote:

    Thank you for your feedback. Now, it makes sense why I could not ping.

    If I want to add VLAN 76 to all other switches, what would be the IP address of this vlan for the other switches. should I increment the IP address by one with the same subnet. Should I also add Vlan 76 to VPN_B as well meaning the same commands that ran on SW1 should be also added to other switches with just different IP addresses.

    Thank you

     




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • Thank you. I tried that tonight and it resolved the issue. I still dont know the logic behind of it as why we needed to have layer two vlan 76 created on other switches. the reason is because the excerise was referring to VPN Setup between Sw1 and R6 which in the diagram, they are directly connected without any of other devices between them. why would we need to have layer two vlan 76 created on other switches in differnt part of diagram inorder ping work?

    I also have a few more questions. on that same excerise, in Router6, when it asks to assign the sub interface to VPN, for interface fa0/0.67, There is no "encapsulation dot1q 76" associated. however, for interface0/0.76, first, it uses "encapsulation dot1q 76" before assigning "IP VRF Forwarding VPN_B". when I dont use "encapsulation dot1q" and directly assign the interface to VPN using "IP VRF Forwarding VPN_B", it gives me an error indicating that the sub interface should assign to DOT1Q first before it can be allocated to VRF. I dont know why solution guide has used one sub interface with "encapsulation Dot1q" and the other interface without this command.

    Also in the second part of this excercise (14.2 MPLS LDP), It refers to MPLS LDP Exchange and password. I used " mpls ldp password required" as it was stated in the solution guide and did the exact thing mentioned in solution guide. However, in Router4: I got this error mesage poping up in the log file "MD5 Protection is required for peer 150.6.5.5 no password configured". However, in the solution guide, this Peer has not listed as LDP neighbor. on R6, i also recieved similar message saying "MD5 protection is required for peer 150.6.4.4 " which this peer IP address had not been defined on Solution guide. as the result of that, when I get to verification part and used "R4#show mpls ldp neighbor "there was no neighbor listed". R4#show mpls ldp neighbor password" also did not list any password. I have used all the steps listed in solution guide for part two. Part one was successful and I could verify everything but section 14.2 had problems mentioned above. However, when I used "R6#show mpls forwarding-table" on R6,R4 and R5, output was good matching with solution guide. Then when I tried to do MPLS Advertise filtering, the output from my routers did not match with Solutin guide.

    Thank you all for your feedback

     

  • It has been quite a while since I did this particular lab but as I recall, r6 is physically connected to sw2 and sw4.  With that in mind, you will need to match the vlan config on all switches.  Secondly, the dot1q encapsulation is not included in the solution guide because it is already a part of the configuration.  Since vlan 76 is brand new to this lab, you have to set it up from scratch which includes the existing "router on a stick" configuration that matches vlan 67.

    As far as
    14.2 goes, I have to lab this one up to remember all the specifics.  But I seem to recall there being an issue with that " mpls ldp password required" command depending on the ios version being used.  I know I tried it and discovered it didn't work for the IOS I had on my gns3 but it worked on the INE pod.  The specific issues you mention are not clear though.  I see the references to "mpls ldp neighbor 150.x.5.5 password CISCO" on R4 and "mpls ldp neighbor 150.x.4.4 password CISCO" on R6.  So, I'm not sure what error you are referring to.  Like I said, I can grab an INE pod tomorrow and lab it up to see if I can simulate the problem you are having.  But please, clarify a bit more if you can.

    Thanks,
    Raliegh Anthony Jones

    From: Ellie <[email protected]>
    To: [email protected]
    Sent: Monday, August 27, 2012 11:35 PM
    Subject: Re: [CCIE R&S] MPLS VPN Workbook Volume I


    Thank you. I tried that tonight and it resolved the issue. I still dont know the logic behind of it as why we needed to have layer two vlan 76 created on other switches. the reason is because the excerise was referring to VPN Setup between Sw1 and R6 which in the diagram, they are directly connected without any of other devices between them. why would we need to have layer two vlan 76 created on other switches in differnt part of diagram inorder ping work?

    I also have a few more questions. on that same excerise, in Router6, when it asks to assign the sub interface to VPN, for interface fa0/0.67, There is no "encapsulation dot1q 76" associated. however, for interface0/0.76, first, it uses "encapsulation dot1q 76" before assigning "IP VRF Forwarding VPN_B". when I dont use "encapsulation dot1q" and directly assign the interface to VPN using "IP VRF Forwarding VPN_B", it gives me an error indicating that the sub interface should assign to DOT1Q first before it can be allocated to VRF. I dont know why solution guide has used one sub interface with "encapsulation Dot1q" and the other interface without this command.

    Also in the second part of this excercise (14.2 MPLS LDP), It refers to MPLS LDP Exchange and password. I used " mpls ldp password required" as it was stated in the solution guide and did the exact thing mentioned in solution guide. However, in Router4: I got this error mesage poping up in the log file "MD5 Protection is required for peer 150.6.5.5 no password configured". However, in the solution guide, this Peer has not listed as LDP neighbor. on R6, i also recieved similar message saying "MD5 protection is required for peer 150.6.4.4 " which this peer IP address had not been defined on Solution guide. as the result of that, when I get to verification part and used "R4#show mpls ldp neighbor "there was no neighbor listed". R4#show mpls ldp neighbor password" also did not list any password. I have used all the steps listed in solution guide for part two. Part one was successful and I could verify everything but section 14.2 had problems
    mentioned above. However, when I used "R6#show mpls forwarding-table" on R6,R4 and R5, output was good matching with solution guide. Then when I tried to do MPLS Advertise filtering, the output from my routers did not match with Solutin guide.

    Thank you all for your feedback

     



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • Great. Thank you for explanation.

    As for 14.2 section "MPLS LDP", I did all part of the exercise on INE Rack Rental so I know my IOS is good, I loaded the initial config and did section one and then section 14.2. I followed solution guide line by line. Then after creating all MPLS neighbors and password, the message automatically poped up Router4: I got this error mesage poping up in the log file "MD5 Protection is required for peer 150.6.5.5 no password configured". However, in the solution guide, this Peer has not listed as LDP neighbor. on R6, i also recieved similar message saying "MD5 protection is required for peer 150.6.4.4 " which this peer IP address had not been defined on Solution guide. I did not know what I need to do with the automatic error message keeps comming on both routers as it was not part of the solution guide so I ignored it.

    Then, as the result of that, when I get to verification part and used "R4#show mpls ldp neighbor "there was no neighbor listed". R4#show mpls ldp neighbor password" also did not list any output. I have used all the steps listed in solution guide for part section 14.2 "MPLS LDP". when I used "R6#show mpls forwarding-table" on R6,R4 and R5, output was good matching with solution guide but the other part of verification was not matching with solution guide as it was stated above. Then when I tried to do MPLS Advertise filtering, the output from my routers did not match with Solutin guide either.

    Thank you for your feedback

     

Sign In or Register to comment.