Avaya Solution & Interoperability Test Lab

Configuring VPN Routing and Forwarding (VRF) on Juniper J4300 router and Cisco 3550 Catalyst Multi-layer Switch to support Avaya IP Telephony - Issue 1.0

Abstract
These Application Notes describes a procedure for configuring Multi-VRF (aka VRF-Lite) for the purpose of maintaining separate, independent virtual routing tables, one dedicated to voice traffic and another one dedicated to data traffic. The configuration described in these Application Notes implement Multi-VRF between a Juniper J4300 enterprise router at a main site and a Cisco Catalyst 3550 multi-layer switch at a branch site. These application notes were requested by a customer for a proof of concept.

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

1 of 23 vrf_jun-cis.doc

1. Introduction and Scope
Multiprotocol Label Switching (MPLS) based networks implementing IP-VPN services must maintain multiple, independent routing tables per VPN instance. The VPN Routing and Forwarding (VRF) feature of the Provider Edge (PE) router accomplishes this by logically splitting the router into multiple virtual routers, where each virtual router contains its own set of interfaces, routing table, and forwarding table. A VRF is associated with the following components: • • • • IP routing table Derived forwarding table Set of interfaces; physical or virtual Set of routing protocols and routing peers that inject information into the VRF

VRF functionally was initially reserved only for MPLS PE routers. A subset of the PE VRF functionality, known as "Multi-VRF" or "VRF-Lite", was later made available for non-PE routers. Some of the highlights of a Multi-VRF router are: • • • VRF functionality with out using MPLS labels Multiprotocol BGP not required Detailed routing scenarios can be implemented without being connected to an MPLS VPN network via PE.

A key requirement for implementing any converged voice and data network is to be able to identify, segment and prioritize traffic types. At Layer 2, 802.1Q VLANs are used for this by implementing a separate Voice VLAN and Data VLAN with appropriate prioritization however a common routing table is used for both of these traffic types at Layer 3. Multi-VRF enables separately routed (virtual) networks with distinct routing tables and potentially overlapping address space to co-exist on the same router. Multi-VRF provides an option to further segment data and voice traffic by maintain separate virtual routing instances providing Layer 3 segmentation, complimenting Layer 2 VLAN segmentation. The configuration described in these Application Notes implement Multi-VRF between a Juniper J4300 enterprise router at a main site and a Cisco Catalyst 3550 multi-layer switch at a branch site. Two VRF tables, “vrf Voice” and “vrf Data” are configured on each router. The Open Shortest Path First (OSPF) routing protocol is used by the VRF tables. Two OSPF instances are configured for each VRF table. These Application Notes focus on the VRF configuration of the Juniper J4300 Router and Cisco 3550 Multi-layer switch providing full configurations for each.

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

2 of 23 vrf_jun-cis.doc

Figure 1 provides a high-level overview of the network used to verify these Application Notes.

Figure 1: Network Overview

2. Equipment and Software Validated
Table 1 lists the equipment and software/firmware versions used in the sample configuration provided. Network Component Avaya S8700 Media Servers Avaya G650 Media Gateway TN2312BP IPSI TN799DP C-LAN TN2302AP IP Media Processor Avaya G700 Media Gateway Avaya 2420 Series Digital Telephones Juniper J4300 Cisco Catalyst 3550 Version Information Avaya Communication Manager R3.0.1 (R013x.00.1.346.0) (HV6) FW12 (HV1) FW12 (HV12) FW95 23.17.0 JunOS 7.4R1.7 IOS 12.3(25)

Table 1 – Equipment Version Information

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

3 of 23 vrf_jun-cis.doc

3. Configurations
3.1. Cisco Catalyst 3550 Layer 2/3 switch configuration – Branch Site

Global Configuration
no service pad service timestamps debug uptime service timestamps log uptime ! ! ip subnet-zero ip routing mls qos mls qos map cos-dscp 0 8 16 26 32 46 48 56

Description

Enable IP routing.

Globally enable QoS. Configures the CoS-to-DSCP map (maps CoS values in incoming packets to a DSCP value). Configures the buffer size of minimum reserve levels 5 – 8 to be used by the four egress queues. Level 1-4 can hold 100 packets (default) Level 5 can hold 170 packets Level 6 can hold 85 packets Level 7 can hold 51 packets Level 8 can hold 34 packets When the buffer specified for the minimum-reserve level is full, packets are dropped until space is available.

mls mls mls mls

qos qos qos qos

min-reserve min-reserve min-reserve min-reserve

5 6 7 8

170 85 51 34

no ip domain-lookup ! ip vrf Data rd 100:2 ! ip vrf Voice rd 100:1 Names the VRF table. vrf Data is the name of the routing table to be used for data traffic and vrf Voice is the name of the routing table to be used for voice traffic.. Route Distinguisher (RD) creates the VRF table and specifies the default routedistinguisher for a VPN. The RD is added to the beginning of the networks IPv4 prefixes to change them into globally unique VPN-IPv4 prefixes. The RD feature allows for use of private, overlapping IP address across different VPN networks. A RD is either an ASN, in which case it

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

4 of 23 vrf_jun-cis.doc

Global Configuration

Description
is composed of an autonomous system number and an arbitrary number, or it is an IP-address, in which case it is composed of an IP address and an arbitrary number. You can enter an RD in either of these formats: 16-bit AS number: your 32-bit number For example, 101:3 32-bit IP address: your 16-bit number For example, 192.168.122.15:1 We have chosen to use ASN format for this configuration.

no file verify auto spanning-tree mode pvst ! vlan internal allocation policy ascending ! ! interface Loopback1 no ip address ! interface Loopback2 no ip address ! interface FastEthernet0/1 description Avaya G700 MG switchport access vlan 20 switchport trunk encapsulation dot1q switchport mode trunk duplex full speed 100 mls qos trust dscp

Enables per-vlan spanning-tree. Sets the VLAN ID allocation direction for internally assigned VLAN’s starting with ID 4096.

Physical port connection to Avaya G700 MG.. Binds port to VLAN 20 (voice VLAN) and sets mode to support VLAN tagging using standard 802.1Q tags.

Configures port to trust DSCP value of ingress traffic. Physical port connection to IXIA data traffic generator. Binds port to VLAN 60 (data VLAN) and sets port to access mode. Configures port to trust DSCP value of ingress traffic.

interface FastEthernet0/13 switchport access vlan 60 switchport mode access duplex full speed 100 mls qos trust dscp auto qos voip trust wrr-queue bandwidth 20 20 5 80

Weighted Round Robin (WRR) is a mechanism used in output QoS scheduling on the 3550. WRR works between three or four queues (if there is no strict priority queue). The queues used in the WRR are emptied in a round robin fashion, and you can configure the

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

5 of 23 vrf_jun-cis.doc

Global Configuration

Description
weight for each queue. In our lab configuration, we’ve defined WRR so the 4 queues are served 20%, 20%, 5%, and 80% of the time.

wrr-queue wrr-queue wrr-queue wrr-queue

min-reserve min-reserve min-reserve min-reserve

1 2 3 4

5 6 7 8

Assigns one of the min-reserve values, specified earlier in this config with the mls qos min-reserve command, to each of four the queues.

Maps each of the eight possible CoS values to one of the four possible queues using the CoS to queue map command: wrr-queue wrr-queue wrr-queue wrr-queue cos-map cos-map cos-map cos-map 1 2 3 4 0 1 2 4 3 6 7 5 Places CoS values 0,1,2 in Q1 Places CoS values 4 in Q2 Places CoS values 3,6,7 in Q3 Places CoS values 5 in Q4

priority-queue out spanning-tree portfast interface FastEthernet0/24 switchport access vlan 38 switchport trunk encapsulation dot1q switchport mode trunk duplex full speed 10 mls qos trust dscp Physical port connection to Juniper J4300. Bind the port to specific VLAN and sets the mode to support VLAN tagging using standard 802.1q tags. Speed set to 10MB to simulate Metro Ethernet service uplink. Creates a Layer 3 switch virtual interface (SVI). Vlan20 = the Interface ID. Associates the interface with a VRF table and assigns the interface an ip address.

interface Vlan20 ip vrf forwarding Voice ip address 172.28.20.1 255.255.255.0 ! interface Vlan38 ip vrf forwarding Data ip address 38.0.0.8 255.255.255.0 ! interface Vlan60 ip vrf forwarding Data ip address 172.28.60.1 255.255.255.0 ! interface Vlan80 ip vrf forwarding Voice ip address 80.0.0.8 255.255.255.0 router ospf 2 vrf Voice log-adjacency-changes network 80.0.0.0 0.0.0.255 area 0.0.0.0 network 172.28.20.0 0.0.0.255 area 0.0.0.0 ! router ospf 1 vrf Data

Enables OSPF routing for the specified VRF table, Defines the network address(s)/mask and area ID for OSPF to use per VRF instance.

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

6 of 23 vrf_jun-cis.doc

Global Configuration
log-adjacency-changes network 38.0.0.0 0.0.0.255 area 0.0.0.0 network 172.28.60.0 0.0.0.255 area 0.0.0.0 ! ip classless ip http server ip http secure-server ! ! snmp-server community public RW snmp-server community avaya RW ! control-plane ! ! line con 0 exec-timeout 0 0 privilege level 15 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco login line vty 5 15 login ! ! end

Description

3.2. Juniper J4300 Enterprise Router configuration – Main Site
system { host-name CE1; root-authentication { encrypted-password "$1$NsK8iEEW$4lnbpL1mdL8olJKLVcglh."; ## SECRET-DATA } login { user admin { uid 2001; class super-user; authentication { encrypted-password "$1$EHH3Zjx0$Ow4LkDfh0sCOWUIkNtATr0"; ## SECRETDATA } } }
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 7 of 23 vrf_jun-cis.doc

services { ssh; telnet; web-management { http; } } syslog { file messages { any any; } } }
-------------------------------------------------------------------------------------Configure FastEthernet physical interfaces fe-0/0/0 and fe-0/0/1. Assign Vlan ID’s and IP address to logical interfaces unit 2, unit 10, unit 38, unit 80 --------------------------------------------------------------------------------------

interfaces { fe-0/0/0 { description "Main 3550 L2"; per-unit-scheduler; vlan-tagging; unit 2 { vlan-id 2; family inet { address 172.25.2.1/24; } } unit 10 { vlan-id 10; family inet { address 172.28.10.1/24; } } } ls-0/0/0 { unit 1 { compression { rtp; } } } fe-0/0/1 { description "Remote Branch C3550 L2/L3 sw"; per-unit-scheduler; vlan-tagging;
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 8 of 23 vrf_jun-cis.doc

speed 10m; unit 38 { vlan-id 38; family inet { address 38.0.0.3/24; } } unit 80 { vlan-id 80; family inet { address 80.0.0.3/24; } } } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } forwarding-options { helpers { bootp { server 192.168.60.250; interface { fe-0/0/0; } } } } routing-options { router-id 1.1.1.5; autonomous-system 101; } policy-options { policy-statement data-export { term 1 { then { community add Data; accept; } } }
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 9 of 23 vrf_jun-cis.doc

policy-statement data-import { term 1 { from { protocol bgp; community Data; } then accept; } } policy-statement voice-export { term learn-ospf { from protocol ospf; then accept; } term learn-direct { from protocol direct; then accept; } term nothing-else { then reject; } } policy-statement voice-import { term learn-all-CE-route { from { protocol bgp; community Voice; } then accept; } term learn-no-more { then reject; } } community Data members target:10:1; community Voice members target:10:2; community externalce members target:101:1; community public-comm1 members target:1:111; }
-------------------------------------------------------------------------------------Create classifier rules to select traffic based on DSCP value. Use expeditedforwarding for DSCP 101110 (46) and assured-forwarding for DSCP 100010 (34) --------------------------------------------------------------------------------------

class-of-service { classifiers { dscp avaya-voip {
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 10 of 23 vrf_jun-cis.doc

forwarding-class expedited-forwarding { loss-priority high code-points 101110; } forwarding-class assured-forwarding { loss-priority low code-points 100010; } } ieee-802.1 cos { forwarding-class expedited-forwarding { loss-priority high code-points 101; } } } drop-profiles { novoip { fill-level 90 drop-probability 100; } }
-------------------------------------------------------------------------------------Bind scheduler-map “voip” to associated interfaces and assign classifier “avaya-voip” to logical interfaces unit 10 and unit 80 to identify ingress traffic based on DSCP value. --------------------------------------------------------------------------------------

interfaces { fe-0/0/0 { unit 2 { scheduler-map voip; } unit 10 { scheduler-map voip; classifiers { dscp avaya-voip; } } } fe-0/0/1 { unit 38 { scheduler-map voip; } unit 80 { scheduler-map voip; classifiers { dscp avaya-voip; } } }
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 11 of 23 vrf_jun-cis.doc

}
-------------------------------------------------------------------------------------Create QoS scheduler-map “voip” and assign forwarding-class to each scheduler. --------------------------------------------------------------------------------------

scheduler-maps { voip { forwarding-class expedited-forwarding scheduler voip-ef; forwarding-class assured-forwarding scheduler voip-af; forwarding-class best-effort scheduler novoip; } }
-------------------------------------------------------------------------------------Assign priority value to each scheduler. --------------------------------------------------------------------------------------

schedulers { voip-ef { priority high; } voip-af { priority low; } novoip { drop-profile-map loss-priority high protocol any drop-profile novoip; } } }
-------------------------------------------------------------------------------------Routing-instances is were the VRF routing tables are defined with the associated interfaces and routing protocols. Two VRF tables are created, vrf Data and vrf Voice --------------------------------------------------------------------------------------

routing-instances { Data { instance-type vrf; interface fe-0/0/0.2; interface fe-0/0/1.38; route-distinguisher 10.0.0.1:1; vrf-import data-import; vrf-export data-export;

- Names VRF table - Defines it to be a VRF route table - Logical interfaces to be associated with this VRF table. - The RD is added to the beginning of the networksIPv4 prefixes to change it into globally unique VPN-IPv4 prefixes. The IP address format is used here.

protocols { ospf { area 0.0.0.0 { interface fe-0/0/0.2;
EMH; Reviewed: GAK 3/22/2006

- Enables OSPF routing for the specified VRF table - Defines the network address(s)/mask and area ID for OSPF to use per VRF instance

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

12 of 23 vrf_jun-cis.doc

interface fe-0/0/1.38; } } } } Voice { instance-type vrf; interface fe-0/0/0.10; interface fe-0/0/1.80; route-distinguisher 10.0.0.1:2; vrf-import voice-import; vrf-export voice-export; protocols { ospf { area 0.0.0.0 { interface fe-0/0/0.10; interface fe-0/0/1.80; } } } } }

4. Verification and Troubleshooting Commands
Several VRF specific commands are described here to assist in troubleshooting and configuring a Multi-VRF implementation. Several standard practice commands, such as ping, traceroute and telnet, require a VRF attribute in the syntax, as described below. .

show ip vrf
Shows a summary of all VRF tables present on the router and their associated routedistinguishers and interface(s). CE2# show ip vrf Name Data Voice Default RD 100:2 100:1 Interfaces Vlan38 Vlan60 Vlan20 Vlan80

show ip vrf detail
Shows detailed configurations about each VRF table present in the router.
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 13 of 23 vrf_jun-cis.doc

CE2# show ip vrf detail VRF Data; default RD 100:2; default VPNID <not set> VRF Table ID = 1 Interfaces: Vlan38 Vlan60 Connected addresses are not in global routing table No Export VPN route-target communities No Import VPN route-target communities No import route-map No export route-map VRF Voice; default RD 100:1; default VPNID <not set> VRF Table ID = 2 Interfaces: Vlan20 Vlan80 Connected addresses are not in global routing table No Export VPN route-target communities No Import VPN route-target communities No import route-map No export route-map

show ip vrf interfaces
Shows additional information on the interfaces associated with each VRF table. CE2# show ip vrf interfaces Interface Vlan38 Vlan60 Vlan20 Vlan80 IP-Address 38.0.0.8 172.28.60.1 172.28.20.1 80.0.0.8 VRF Data Data Voice Voice Protocol up up up down

show ip route vrf {vrf name}
Shows the routing table contents of a specific vrf table. CE2# show ip route vrf Data Routing Table: Data Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 14 of 23 vrf_jun-cis.doc

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 38.0.0.0/24 is subnetted, 1 subnets 38.0.0.0 is directly connected, Vlan38 172.25.0.0/24 is subnetted, 1 subnets 172.25.2.0 [110/2] via 38.0.0.3, 00:28:48, Vlan38 172.28.0.0/24 is subnetted, 1 subnets 172.28.60.0 is directly connected, Vlan60

C O C

CE2# show ip route vrf Voice Routing Table: Voice Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.28.0.0/24 is subnetted, 1 subnets 172.28.20.0 is directly connected, Vlan20

C

Ping vrf {vrf name} ip {ip address}
Operates same as standard ping command but requires a VRF table name to be specified. Ping vrf must be used when the route to the destination is associated with a VRF table. Using standard ping format to a destination address associated with a VRF table will fail as shown in the example below. Global routes can continue to use standard ping format. CE2# ping vrf Data ip 38.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 38.0.0.3, timeout is 2 seconds: !!!!!
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 15 of 23 vrf_jun-cis.doc

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms

CE2# ping ip 38.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 38.0.0.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)

Traceroute vrf {vrf name} ip {ip address}
Operates same as standard traceroute command but requires a VRF table name to be specified. Traceroute vrf must be used when the route to the destination is associated with a VRF table. Using standard traceroute format to a destination address associated with a VRF table will fail. Global routes can continue to use standard traceroute format. CE2# traceroute vrf Data ip 38.0.0.3 Type escape sequence to abort. Tracing the route to 38.0.0.3 1 38.0.0.3 12 msec 8 msec 12 msec

Telnet {ip address} /vrf {vrf name}
Operates same as standard telnet command but requires a VRF table name to be specified. Telnet vrf must be used when the route to the destination is associated with a VRF table. Using standard telnet format to a destination address associated with a VRF table will fail as show in the example below. Global routes can continue to use standard telnet format. CE2# telnet 38.0.0.3 /vrf Data Trying 38.0.0.3 ... Open CE1 (ttyp1) login: admin Password: --- JUNOS 7.4R1.7 built 2005-10-21 01:55:06 UTC
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 16 of 23 vrf_jun-cis.doc

admin@CE1> admin@CE1> exit [Connection to 38.0.0.3 closed by foreign host] CE2# CE2#

CE2# telnet 38.0.0.3 Trying 38.0.0.3 ... % Destination unreachable; gateway or host down CE2#

5. Conclusion
As illustrated in these Application Notes, implementing Multi-VRF provides an option for Layer 3 traffic segmentation. Several potential benefits exist by using Multi-VRF, in addition to traffic segmentation for customers interfacing with an MPLS VPN service provider. Multi-VRF connectivity between the Juniper and Cisco products depicted can be achieved by following the guidelines demonstrated in these Application Notes.

6. References
1. JUNOS 7.4 VPN Configuration Guide @ Juniper.com http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-vpns/html/
2.

NAT/VRF Inter-working Solutions for JUNOS @ Juniper.com http://www.juniper.net/solutions/literature/app_note/350035.pdf

3. Provisioning Multi-VRF CEs in VPN Solutions Center @ Cisco.com http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/vpnsc/mpls/2_2/prov_gd/pgm pls11.htm 4. Additional Avaya Application Notes and Resources are available @ Avaya.com http://avaya.com/gcm/master-usa/en-us/resource/
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 17 of 23 vrf_jun-cis.doc

7. Appendix A: Cisco Catalyst 3550 Layer 2 switch configuration – Main Site
no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname C3550-DHSS-main ! ! ip subnet-zero ! no ip domain-lookup vtp domain avaya vtp mode transparent mls qos map cos-dscp 0 8 16 26 32 46 48 56 mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34 mls qos ! spanning-tree mode pvst spanning-tree extend system-id ! ! ! ! vlan 2,10,20 ! ! interface FastEthernet0/1 description "eth0 S8710-2" switchport access vlan 10 switchport mode dynamic desirable speed 100 duplex full mls qos trust cos ! interface FastEthernet0/2 description "eth0 S8710-1" switchport access vlan 10 switchport mode dynamic desirable
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 18 of 23 vrf_jun-cis.doc

speed 100 duplex full mls qos trust cos ! interface FastEthernet0/3 description "G650 IPSI" switchport access vlan 10 switchport mode dynamic desirable speed 100 duplex full mls qos cos 3 mls qos trust cos no cdp enable ! interface FastEthernet0/4 description "G650 C-LAN" switchport access vlan 10 switchport trunk encapsulation dot1q switchport mode trunk speed 100 duplex full mls qos trust cos no cdp enable ! interface FastEthernet0/5 description "G650 MEDPRO" switchport access vlan 10 switchport trunk encapsulation dot1q switchport mode trunk speed 100 duplex full mls qos trust cos no cdp enable ! interface FastEthernet0/6 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/7 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/8 switchport mode dynamic desirable mls qos trust cos
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 19 of 23 vrf_jun-cis.doc

! interface FastEthernet0/9 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/10 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/11 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/12 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/13 description "IXIA Card 2 Port 8" switchport access vlan 2 switchport mode access speed 100 duplex full mls qos trust cos auto qos voip trust wrr-queue bandwidth 20 20 5 80 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 2 wrr-queue cos-map 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast spanning-tree bpdufilter enable ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access speed 100 duplex full mls qos trust cos spanning-tree portfast
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 20 of 23 vrf_jun-cis.doc

! interface FastEthernet0/15 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/16 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/17 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/18 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/19 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/20 switchport access vlan 60 switchport mode access mls qos trust cos ! interface FastEthernet0/21 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/22 switchport mode dynamic desirable mls qos trust cos ! interface FastEthernet0/23 switchport access vlan 10 switchport mode access speed 100 duplex full mls qos trust cos
EMH; Reviewed: GAK 3/22/2006 Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved. 21 of 23 vrf_jun-cis.doc

! interface FastEthernet0/24 description "Tagged Trunk to J4300" switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,10 switchport mode trunk speed 100 duplex full mls qos trust cos ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan10 ip address 172.28.10.10 255.255.255.0 no ip route-cache ! ip default-gateway 172.28.10.1 no ip classless ip route 0.0.0.0 0.0.0.0 172.28.10.1 ip http server ! ! line con 0 exec-timeout 0 0 privilege level 15 line vty 0 4 exec-timeout 0 0 privilege level 15 password cisco login line vty 5 15 login ! ! end

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

22 of 23 vrf_jun-cis.doc

©2006 Avaya Inc. All Rights Reserved.

Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by ® and ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. The information provided in these Application Notes is subject to change without notice. The configurations, technical data, and recommendations provided in these Application Notes are believed to be accurate and dependable, but are presented without express or implied warranty. Users are responsible for their application of any products specified in these Application Notes. Please e-mail any questions or comments pertaining to these Application Notes along with the full title name and filename, located in the lower right corner, directly to the Avaya Solution & Interoperability Test Lab at interoplabnotes@list.avaya.com

EMH; Reviewed: GAK 3/22/2006

Solution & Interoperability Test Lab Application Notes ©2006 Avaya Inc. All Rights Reserved.

23 of 23 vrf_jun-cis.doc