Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems OL-10729-01 ERS Point-to-Point with UNI Port Security, Configuration Configlets

Models: OL-10729-01

1 20
Download 20 pages 10.12 Kb
Page 4
Image 4
Appendix A Sample Configlets

Appendix A Sample Configlets

ERS (Point-to-Point) with UNI Port Security

ERS (Point-to-Point) with UNI Port Security

Configuration

Configlets

Service: L2VPN/Metro Ethernet

Feature: ERS (point-to-point) with UNI port security

Device configuration:

The N-PE is a CISCO7600 with IOS 12.2(18)SXF, OSM

The U-PE is a CISCO3550 with IOS 12.2(25)SEC2. Port security is enabled.

L2VPN point-to-point

C3550ME (FA3/31– FA3/23) <–> C7600 (FA2/18)

UP-E

N-PE

vlan 788

vlan 788

exit

exit

!

!

interface FastEthernet3/23

interface FastEthernet2/18

no ip address

switchport trunk allowed vlan

switchport trunk allowed vlan 783,787-788

350,351,430,630,777,780,783,785-788

!

!

interface FastEthernet3/31

interface Vlan788

no cdp enable

no ip address

no keepalive

description L2VPN ERS with UNI port

no ip address

security

switchport

xconnect 99.99.5.99 89028 encapsulation

switchport trunk encapsulation dot1q

mpls

switchport mode trunk

no shutdown

switchport trunk allowed vlan none

 

switchport trunk allowed vlan 788

 

switchport port-security switchport nonegotiate switchport port-security maximum 45 switchport port-security aging time 34 switchport port-security violation shutdown switchport port-security mac-address 3456.3456.5678

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/31 in

!

mac access-list extended ISC-FastEthernet3/31

deny any host 0100.0ccc.cccc deny any host 0100.0ccc.cccd deny any host 0100.0ccd.cdd0 deny any host 0180.c200.0000 deny any host 1234.3234.3432 permit any any

Comments

The N-PE is a 7600 with an OSM or SIP-600 module.

 

The U-PE is a generic Metro Ethernet (ME) switch. The customer BPDUs are blocked by the PACL.

 

Various UNI port security commands are provisioned.

Cisco IP Solution Center Metro Ethernet and L2VPN User Guide, 4.2

 

A-4

OL-10729-01

 

 

 

Page 3 Page 5
Page 4
Image 4
Cisco Systems OL-10729-01 ERS Point-to-Point with UNI Port Security, Configuration Configlets, Up-E, N-Pe, Comments
Page 3 Page 5