Configuration Configlets, Up-E, N-Pe | Cisco Systems OL-10729-01

Appendix A Sample Configlets

ERS (Point-to-Point) with UNI Port Security

Configuration

Configlets

•Service: L2VPN/Metro Ethernet

•Feature: ERS (point-to-point) with UNI port security

•Device configuration:

–The N-PE is a CISCO7600 with IOS 12.2(18)SXF, OSM

–The U-PE is a CISCO3550 with IOS 12.2(25)SEC2. Port security is enabled.

–L2VPN point-to-point

–C3550ME (FA3/31– FA3/23) <–> C7600 (FA2/18)

UP-E	N-PE
vlan 788	vlan 788
exit	exit
!	!
interface FastEthernet3/23	interface FastEthernet2/18
no ip address	switchport trunk allowed vlan
switchport trunk allowed vlan 783,787-788	350,351,430,630,777,780,783,785-788
!	!
interface FastEthernet3/31	interface Vlan788
no cdp enable	no ip address
no keepalive	description L2VPN ERS with UNI port
no ip address	security
switchport	xconnect 99.99.5.99 89028 encapsulation
switchport trunk encapsulation dot1q	mpls
switchport mode trunk	no shutdown
switchport trunk allowed vlan none
switchport trunk allowed vlan 788

switchport port-security switchport nonegotiate switchport port-security maximum 45 switchport port-security aging time 34 switchport port-security violation shutdown switchport port-security mac-address 3456.3456.5678

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/31 in

mac access-list extended ISC-FastEthernet3/31

deny any host 0100.0ccc.cccc deny any host 0100.0ccc.cccd deny any host 0100.0ccd.cdd0 deny any host 0180.c200.0000 deny any host 1234.3234.3432 permit any any

Comments	•	The N-PE is a 7600 with an OSM or SIP-600 module.
	• The U-PE is a generic Metro Ethernet (ME) switch. The customer BPDUs are blocked by the PACL.
	•	Various UNI port security commands are provisioned.

Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2

	A-4	OL-10729-01