Cisco Systems OL-10729-01 Up-E, N-Pe, Comments, Appendix A Sample Configlets, deny any host

Page 8
Configlets

Appendix A Sample Configlets

EWS (Point-to-Point) with UNI Port Security, BPDU Tunneling

Configlets

 

UP-E

N-PE

 

 

 

 

 

 

 

 

 

 

system mtu 1522

vlan 775

 

!

exit

 

 

vlan 775

!

 

 

 

exit

interface FastEthernet8/17

 

!

switchport trunk allowed vlan

 

 

system mtu 1522

1,451,653,659,766-768,772,773-775,878

 

 

!

!

 

 

 

vlan 775

interface Vlan775

 

 

exit

no ip address

 

!

description L2VPN EWS

 

 

interface FastEthernet1/0/19

xconnect 99.99.8.99 89029 encapsulation

 

 

no cdp enable

mpls

 

 

no keepalive

no shutdown

 

 

switchport

 

 

 

 

switchport access vlan 775

 

 

 

 

switchport mode dot1q-tunnel

 

 

 

 

switchport nonegotiate

 

 

 

 

switchport port-security maximum 34

 

 

 

 

switchport port-security aging time 32

 

 

 

 

switchport port-security violation shutdown

 

 

 

 

switchport port-security

 

 

 

 

l2protocol-tunnel cdp

 

 

 

 

l2protocol-tunnel stp

 

 

 

 

l2protocol-tunnel vtp

 

 

 

 

l2protocol-tunnel shutdown-threshold cdp 88

 

 

 

 

l2protocol-tunnel shutdown-threshold stp 99

 

 

 

 

l2protocol-tunnel shutdown-threshold vtp 56

 

 

 

 

l2protocol-tunnel drop-threshold cdp 56

 

 

 

 

l2protocol-tunnel drop-threshold stp 64

 

 

 

 

l2protocol-tunnel drop-threshold vtp 34

 

 

 

 

storm-control unicast level 34.0

 

 

 

 

storm-control broadcast level 23.0

 

 

 

 

storm-control multicast level 12.0

 

 

 

 

spanning-tree portfast

 

 

 

 

spanning-tree bpdufilter enable

 

 

 

 

mac access-group ISC-FastEthernet1/0/19 in

 

 

 

 

interface FastEthernet1/0/23

 

 

 

 

no ip address

 

 

 

 

switchport trunk allowed vlan

 

 

 

774-775,787-788

 

 

 

!

 

 

 

 

mac access-list extended

 

 

 

 

ISC-FastEthernet1/0/19

 

 

 

 

no permit any any

 

 

 

 

deny any host 3456.3456.1234

 

 

 

 

permit any any

 

 

 

 

 

 

 

 

 

 

 

 

Comments

 

The N-PE is a 7600 with an OSM or SIP-600 module. Provisioning is the same as the ERS example.

 

 

The U-PE is a generic Metro Ethernet (ME) switch.

 

 

PACL with one user-defined entry.

 

 

 

 

BPDUs (CDP, STP and VTP) are tunneled through the MPLS core.

 

 

Storm control is enabled for unicast, multicast, and broadcast.

Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2

 

A-8

OL-10729-01

 

 

 

Page 7 Page 9
Image 8
Page 7 Page 9
Contents A P P E N D I X A OverviewSample Configlets Page Configuration Configlets ERS Point-to-PointUP-E N-PEERS Point-to-Point with UNI Port Security ERS Point-to-Point with UNI Port SecurityAppendix A Sample Configlets A user-defined PACL entry is added to the default PACL Configuration Configlets Comments EWS Point-to-PointConfiguration EWS Point-to-Point with UNI Port Security, BPDU TunnelingConfiglets switchport port-security maximumswitchport port-security aging time switchport port-securityEWS Hybrid Service L2VPN/Metro EthernetFeature EWS hybrid. One side is EWS UNI the other side is ERS NNI Device configurationConfiglets EWS A-10Comments EWS HybridConfiglets ERS A-11VPLS Multipoint ERS A-12VPLS Multipoint EWS with BPDU Tunneling A-13ERS with 11 VLAN Translation A-14ERS with 21 VLAN Translation A-15ATM over MPLS VC Mode A-16ATM over MPLS VP Mode A-17Frame Relay over MPLS A-18Frame Relay DLCI Mode A-19A-20
Top Page Image Contents