[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a Routing Policy for Layer 2 VPNs

If the routing instance uses a policy for accepting and rejecting packets instead of a route target, you must specify the import and export routing policies and the community on each PE Services Router.

To configure a Layer 2 VPN routing policy on a PE Services Router:

Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Perform the configuration tasks described in Table 72 and Table 73 on each PE router.
When you have finished configuring the network, commit the configuration.
To verify the configuration, see Verifying a VPN Configuration.

Table 72: Configuring an Import Routing Policy for Layer 2 VPNs

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the top of the configuration hierarchy and configure the import routing policy. (PE Services Router)	In the configuration editor hierarchy, select Policy options>Policy statement. In the Policy name box, type the policy name—for example, import_vpn.	From the top of the configuration hierarchy, enter edit policy-options policy-statement import-policy-name
Define the term for accepting packets. (PE Services Router)	Next to Term group, click Add new entry. In the Term name box, type a term name—for example, 10. Next to From, click Configure. Click Add new entry. Click Protocol and select bgp from the Value menu. Click OK. Next to Community, click Add new entry. Type the community-name in the Community Name box. Click OK. Next to Then, click Configure. From the Accept reject drop-down list, select accept. Click OK until you are at the Policy statement page.	Enter set termterm-name-accept from protocol bgp community community-name Enter set termterm-name-accept then accept
Define the term for rejecting packets. (PE Services Router)	Next to the Term group, click Add new entry. In the Term name box, type a term name—for example, 20. Next to Then, click Configure. From the Accept drop-down list, select reject. Click OK until you return to the Policy options page.	Enter set term term-name-reject then reject

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the top of the configuration hierarchy and configure the import routing policy.

(PE Services Router)

In the configuration editor hierarchy, select Policy options>Policy statement.
In the Policy name box, type the policy name—for example, import_vpn.

From the top of the configuration hierarchy, enter

edit policy-options policy-statement import-policy-name

Define the term for accepting packets.

(PE Services Router)

Next to Term group, click Add new entry.
In the Term name box, type a term name—for example, 10.
Next to From, click Configure.
Click Add new entry.
Click Protocol and select bgp from the Value menu.
Click OK.
Next to Community, click Add new entry.
Type the community-name in the Community Name box.
Click OK.
Next to Then, click Configure.
From the Accept reject drop-down list, select accept.
Click OK until you are at the Policy statement page.

Enter
set termterm-name-accept from protocol bgp community community-name
Enter
set termterm-name-accept then accept

Define the term for rejecting packets.

(PE Services Router)

Next to the Term group, click Add new entry.
In the Term name box, type a term name—for example, 20.
Next to Then, click Configure.
From the Accept drop-down list, select reject.
Click OK until you return to the Policy options page.

Enter

set term term-name-reject then reject

After configuring an import routing policy for a Layer 2 VPN, configure an export routing policy for the Layer 2 VPN. The export routing policy defines how routes are exported from the PE Services Router routing table. An export policy is applied to routes sent to other PE Services Routers in the VPN. The export policy must also evaluate all routes received over the routing protocol session with the CE Services Router. The export policy must also contain a second term for rejecting all other routes.

Table 73: Configuring an Export Routing Policy for Layer 2 VPNs

Task	J-Web Configuration Editor	CLI Configuration Editor
Configure the export routing policy. (PE Services Router)	Next to the Policy statement group, click Add new entry. In the Policy name box, type the policy name—for example, export_vpn.	From the top of the configuration hierarchy, enter edit policy-options policy-statement export-policy-name
Define the term for accepting packets. (PE Services Router)	Next to the Term group, click Add new entry. In the Term name box, type a term name—for example, 10. Next to From, click Configure. Next to Community, click Add new entry. Type the community-namein the Community Name box. Click OK. Next to Then, click Configure. From the Accept reject drop-down list, select accept. Click OK twice until you are at the Policy statement page.	Enter set termterm-name-accept from community add community-name Enter set termterm-name-accept then accept
Define the term for rejecting packets. (PE Services Router)	Next to the Term group, click Add new entry. In the Term name box, type a term name—for example, 20. Next to Then, click Configure. From the Accept reject drop-down list, select reject. Click OK until you return to the Policy options page.	Enter set termterm-name-reject from community add community-name Enter set termterm-name-reject then reject
Define the community. (PE Services Router)	In the Community group, click Add new entry. In the Community name box, type a community name—for example, VPN. In the Members group, click Add new entry. In the Value box, type target:community-id, where community-id is as-number:number or ip-address:number. Click OK until you return to the Policy options page.	Type the following commands: communitycommunity-nametarget:as-number or ip-address:number

[Contents] [Prev] [Next] [Index] [Report an Error]