Example: Enabling MPLS
This example shows how to enable MPLS for packet-based processing. It also shows how to enable the MPLS family and MPLS process on all of the transit interfaces in the network.
 | Note: When MPLS is enabled, all flow-based security features are deactivated and the device performs packet-based processing. Flow-based services, such as security policies, zones, NAT, ALGs, chassis clustering, screens, firewall authentication, IP Packets and IPsec VPNs, are unavailable on the device. Before changing from flow mode to packet mode, you must remove all security policies remaining under flow mode. To prevent management connection loss, you must bind the management interface to zones and enable host-inbound traffic to prevent the device from losing connectivity. For information about configuring zones, see Security Zones and Interfaces Feature Guide for Security Devices. |
Requirements
Before you begin, delete all configured security services. See Example: Deleting Security Services.
Overview
The instructions in this topic describe how to enable MPLS on the device. You must enable MPLS on the device before including a device running Junos OS in an MPLS network.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.
To enable MPLS:
- Enable MPLS for packet-based processing.[edit security forwarding-options]user@host# set family mpls mode packet-based
- Enable the MPLS family on each transit interface that
you want to include in the MPLS network.[edit interfaces]user@host# set interfaces ge-1/0/0 unit 0 family mpls
- Enable the MPLS process on all of the transit interfaces
in the MPLS network.[edit protocols mpls]user@host# set interface ge-1/0/0 unit 0
Results
From configuration mode, confirm your configuration by entering the show security forwarding-options command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
| Note: If you enable MPLS for packet-based processing by using the command set security forward-option family mpls mode packet, the mode will not change immediately and the system will display the following messages: warning: Reboot may required when try reset flow inet mode warning: Reboot may required when try reset mpls flow mode please check security flow status for detail. You need to reboot your device for the configuration to take effect. |
 | Caution: If you disable MPLS and switch back to using the security services (flow-based processing), the mode will not change immediately and the system will display warning messages instructing you to restart your device. You must reboot your device for the configuration to take effect. This will also result in management sessions being reset and transit traffic getting interrupted. |
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying MPLS Is Enabled at the Protocols Level
Purpose
Verify that MPLS is enabled at the protocols level.
Action
From operational mode, enter the show protocols command.
Verifying MPLS Is Enabled at the Interfaces Level
Purpose
Verify that MPLS is enabled at the interfaces level.
Action
From operational mode, enter the show interfaces command.
