COMPUTER TIPS

How to configure MPLS VPN using Cisco routers?

 

 

Normally VPN tunnel enables an encrypted connection between private networks over a public network such as the internet, but when using MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network.

Follow the network topology of provider routers and customers edge routers as in the given figure:

Configuration on Router R1

In global configuration Mode: 

R1(config)# interface Loopback0

R1(config)#ip address 10.1.1.1 255.255.255.255

R1(config)#router ospf 1

R1(config-router) # network 1.1.1.1 0.0.0.0 area 0

R1(config-router) #network 10.1.1.1 0.0.0.0 area 0

A (config-router) #end

Configuration on Router R2

In global configuration Mode: 

R2(config)# ip cef

R2(config)#mpls label protocol ldp

R2(config)# ip vrf site1

R2(config-vrf)#rd 1:1

R2(config-vrf)#route-target export 1:1

R2(config-vrf)#route-target import 1:1

R2(config)#interface Loopback0

R2(config)#ip address 20.1.1.1 255.255.255.255

R2(config)#interface Serial1/0

R2(config)# ip vrf forwarding site1

R2(config)#ip address 1.1.1.2 255.0.0.0

R2(config)#interface Serial1/1

R2(config)# mpls ip

R2(config)#ip address 2.1.1.1 255.0.0.0

R2(config)# router ospf 10 vrf site1

R2(config-router)# redistribute bgp 1 subnets

R2(config-router)# network 1.1.1.2 0.0.0.0 area 0

R2(config)# router ospf 1

R2(config-router)# network 2.1.1.1 0.0.0.0 area 0

R2(config-router)# network 20.1.1.1 0.0.0.0 area 0

R2(config)# router bgp 1

R2(config-router)# bgp router-id 20.1.1.1

R2(config-router)# neighbor 40.1.1.1 remote-as 1

R2(config-router)# neighbor 40.1.1.1 update-source Loopback0

R2(config-router)# address-family vpnv4

R2(config-router-af)# neighbor 40.1.1.1 activate

R2(config-router-af)# neighbor 40.1.1.1 send-community extended

R2(config-router-af)# exit

R2(config-router)# address-family ipv4 vrf site1

R2(config-router-af)# redistribute ospf 10 vrf site1 match internal external 1 external 2

R2(config-router-af)# end

Configuration on Router R3

In global configuration Mode: 

R3(config)# ip cef

R3(config)#mpls label protocol ldp

R3(config)#interface Loopback0

R3(config)#ip address 30.1.1.1 255.255.255.255

R3(config)#interface Serial1/0

R3(config)# mpls ip

R3(config)#ip address 2.1.1.2 255.0.0.0

R3(config)#interface Serial1/1

R3(config)# mpls ip

R3(config)#ip address 3.1.1.1 255.0.0.0

R3(config)# router ospf 1

R3(config-router)# network 2.1.1.2 0.0.0.0 area 0

R3(config-router)# network 3.1.1.3 0.0.0.0 area 0

R3(config-router)# network 30.1.1.1 0.0.0.0 area 0

R3 (config-router) #end

Configuration on Router R4

In global configuration Mode: 

R4(config)# ip cef

R4(config)#mpls label protocol ldp

R4(config)# ip vrf site1

R4(config-vrf)#rd 1:1

R4(config-vrf)#route-target export 1:1

R4(config-vrf)#route-target import 1:1

R4(config)#interface Loopback0

R4(config)#ip address 40.1.1.1 255.255.255.255

R4(config)#interface Serial1/1

R4(config)# ip vrf forwarding site1

R4(config)#ip address 4.1.1.1 255.0.0.0

R4(config)#interface Serial1/0

R4(config)# mpls ip

R4(config)#ip address 3.1.1.2 255.0.0.0

R4(config)# router ospf 10 vrf site1

R4(config-router)# redistribute bgp 1 subnets

R4(config-router)# network 4.1.1.2 0.0.0.0 area 0

R4(config)# router ospf 1

R4(config-router)# network 3.1.1.2 0.0.0.0 area 0

R4(config-router)# network 40.1.1.1 0.0.0.0 area 0

R4(config)# router bgp 1

R4(config-router)# bgp router-id 40.1.1.1

R4(config-router)# neighbor 40.1.1.1 remote-as 1

R4(config-router)# neighbor 40.1.1.1 update-source Loopback0

R4(config-router)# address-family vpnv4

R4(config-router-af)# neighbor 20.1.1.1 activate

R4(config-router-af)# neighbor 20.1.1.1 send-community extended

R4(config-router-af)# exit

R4(config-router)# address-family ipv4 vrf site1

R4(config-router-af)# redistribute ospf 10 vrf site1 match internal external 1 external 2

R4(config-router-af)# end

Configuration on Router R5

In global configuration Mode: 

R5(config)# interface Loopback0

R5(config)#ip address 50.1.1.1 255.255.255.255

R5(config)#router ospf 1

R5(config-router) # network 4.1.1.2 0.0.0.0 area 0

R5(config-router) #network 50.1.1.1 0.0.0.0 area 0

R5(config-router) #end

 

      

Suggested Reading

•  Break or recover the router password

•  Routing Information Protocol (RIP) Configuration

•  Point-To-Point Leased Line Implementation

•  How to configure Stub area in OSPF protocol?

•  Router basic Troubleshooting Tips

• How to protect EIGRP router from receiving unsigned routing updates?

 

• How to configure Totally Stub Area in OSPF protocol?

• How to configure BGP between two different autonomous systems? New

• How to configure virtual link between different areas in OSPF?

• How to perform unequal-cost load balancing using EIGRP? New

•  How to configure Site-to-Site IPsec VPN?

•  How configure EIGRP authentication to prevent unauthorized   access?

• How to configure BGP with weight attribute? New

•  How to configure OSPF step by step?

• How to perform configuration and convergence between RIP and IGRP protocols?

•  How to configure OSPF with multiple areas?

 

•  Interior Gateway Routing Protocol (IGRP) Configuration

•  Extended IP Access Control List

•  Enhanced Interior Gateway Routing Protocol (EIGRP) Configuration

•  Useful Router commands and configuration

•  Standard IP Access Control List

•  Common Frame Relay Configuration

•  Integrated Services Digital Network (ISDN)