Cisco Systems OL-21636-01 FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)

A-34

Cisco IP Solution Center L2VPN and Ca rrier Ethernet User Guide, 6.0

OL-21636-01

Appendix A Sample Configlets

FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)

FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)

Configuration • Service: FlexUNI(EVC)/Metro Ethernet.

• Feature: FlexUNI/EVC with VPLS core connectivity, with UNI port security.

• Device configuration:

–

The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3 .

Interface(s): GI4/0/1.

–

The U-PE is a Cisco 3750ME with IOS 12.2( 25) EY2. Port security is enabled.

Interface(s): FA1/14– FA3/23.

Configlets

Comments • UNI on U-PE.

• The rewrite operation translates the incoming VLAN tag 500 to 222.

U-PE N-PE

vlan 788

exit

interface FastEthernet3/23

no ip address

switchport trunk allowed vlan 783,787-788

interface FastEthernet1/14

no cdp enable

no keepalive

no ip address

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan none

switchport trunk allowed vlan 788

switchport port-security

switchport nonegotiate

switchport port-security maximum 58

switchport port-security aging time 85

switchport port-security violation shutdown

switchport port-security mac-address

1252.1254.2544

spanning-tree bpdufilter enable

mac access-group ISC-FastEthernet3/23 in

mac access-list extended

ISC-FastEthernet3/31

deny any host 0100.0ccc.cccc

deny any host 0100.0ccc.cccd

deny any host 0100.0ccd.cdd0

deny any host 0180.c200.0000

deny any host 1234.3234.3432

permit any any

l2 vfi attest-226 manual

vpn id 226

neighbor 192.169.105.20 encapsulation mpls

vlan 200

bridge-domain 200 split-horizon

interface GigabitEtherne4/0/1

no shut

service instance 10 ethernet

encapsulation dot1q 500

rewrite ingress tag translate 1-to-1 dot1q

222 symmetric

Interface vlan 200

xconnect vfi attest-226