How does one implement VLANs in the NV5660 carrier class router? I have discovered that sub-interfaces are required for layer 3. After creating sub-interfaces, I've assigned IP addresses and used ce-vlan-id to identify Vlans. In the NV3458 and other routers/switches one would define a Vlan with an IP address as such:
interface vlan 127
description DMZ1 zone
ip address 192.168.127.1 255.255.255.0
ip access-policy DmzVlan127
no shutdown
That syntax is not available on the NV5660. Instead, I now have sub-interfaces, actually 3 sub interfaces, under a physical interface. Each sub handles a different Vlan as follows:
interface gigabit-eth 0/3
description Trunk Vlan 1 124
no shutdown
!
!
interface gigabit-eth 0/3.1
description LAN Vlan 1 Private subnet 125
ce-vlan-id 1
ip address 192.168.125.2 255.255.255.0
ip access-policy InsideVlan1
no awcp
media-gateway ip primary
no shutdown
!
interface gigabit-eth 0/3.2
description LAN Vlan 124 Guest subnet 124
ce-vlan-id 124
ip address 192.168.124.1 255.255.255.0
ip access-policy GuestVlan124
no awcp
media-gateway ip primary
no shutdown
!
interface gigabit-eth 0/3.3
description LAN Vlan 127 homer VPN
ce-vlan-id 127
no ip address
no awcp
no shutdown
!
Notice above there is no IP address on 0/3.3. The gateway IP address for Vlan 127 is on another interface (192.168.127.1).:
interface gigabit-eth 0/4.1
description DMZ1 Vlan 127 subnet 127
ce-vlan-id 127
ip address 192.168.127.1 255.255.255.0
ip access-policy DmzVlan127
no awcp
media-gateway ip primary
no shutdown
The above interface, 0/3.3, does not work. Everything else in my config seems to work. I want Vlan 127 traffic on the 0/3.3 interface to pass through the 192.168.127.1 gateway address. If I also place that IP address on the 0/3.3 sub-interface I get an error message. The NV5660 does not allow defining Vlan globally as in previous routers. It seems to only allow ce-vlan-id to be used. Clearly the idea of "carrier" router is different than standard NV routers. I'm wondering maybe the concept of EVC fits into this? How does one have one IP gateway address for a Vlan when the Vlan appears on two or more physical or sub interfaces? Where does a common "ip access-policy DmzVlan127" fit into the config?
Solution: Aggregate the interfaces of each VLAN external to the NV5660 or NV4660. This can easily be accomplished with a layer 2 switch.
Given the few ports on these routers, it actually makes practical sense to only bring each VLAN into the NV5660 router once. This is probably better use of router and switch resources.
I will mark this as solved. If anybody has another solution feel free to post.