Cisco Systems OL-10729-01 Up-E, N-Pe, Comments, Appendix A Sample Configlets, deny any host

Configlets

UP-E

N-PE

system mtu 1522

vlan 775

!

exit

vlan 775

!

exit

interface FastEthernet8/17

!

switchport trunk allowed vlan

system mtu 1522

1,451,653,659,766-768,772,773-775,878

!

!

vlan 775

interface Vlan775

exit

no ip address

!

description L2VPN EWS

interface FastEthernet1/0/19

xconnect 99.99.8.99 89029 encapsulation

no cdp enable

mpls

no keepalive

no shutdown

switchport

switchport access vlan 775

switchport mode dot1q-tunnel

switchport nonegotiate

switchport port-security maximum 34

switchport port-security aging time 32

switchport port-security violation shutdown

switchport port-security

l2protocol-tunnel cdp

l2protocol-tunnel stp

l2protocol-tunnel vtp

l2protocol-tunnel shutdown-threshold cdp 88

l2protocol-tunnel shutdown-threshold stp 99

l2protocol-tunnel shutdown-threshold vtp 56

l2protocol-tunnel drop-threshold cdp 56

l2protocol-tunnel drop-threshold stp 64

l2protocol-tunnel drop-threshold vtp 34

storm-control unicast level 34.0

storm-control broadcast level 23.0

storm-control multicast level 12.0

spanning-tree portfast

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet1/0/19 in

interface FastEthernet1/0/23

no ip address

switchport trunk allowed vlan

774-775,787-788

!

mac access-list extended

ISC-FastEthernet1/0/19

no permit any any

deny any host 3456.3456.1234

permit any any

Comments

• The N-PE is a 7600 with an OSM or SIP-600 module. Provisioning is the same as the ERS example.

• The U-PE is a generic Metro Ethernet (ME) switch.

• PACL with one user-defined entry.

• BPDUs (CDP, STP and VTP) are tunneled through the MPLS core.

• Storm control is enabled for unicast, multicast, and broadcast.

A-8

OL-10729-01