Ers (evpl) (point-to-point, uni port security) – Cisco OL-21636-01 User Manual
Page 283
A-5
Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide, 6.0
OL-21636-01
Appendix A Sample Configlets
ERS (EVPL) (Point-to-Point, UNI Port Security)
ERS (EVPL) (Point-to-Point, UNI Port Security)
Configuration
•
Service: L2VPN/Metro Ethernet.
•
Feature: ERS (EVPL) (point-to-point) with UNI port security.
•
Device configuration:
–
The N-PE is a Cisco 7600 with IOS 12.2(18)SXF, OSM.
Interface(s): FA2/18.
–
The U-PE is a Cisco 3550 with IOS 12.2(25)SEC2. Port security is enabled.
Interface(s): FA3/31– FA3/23.
–
L2VPN point-to-point.
Configlets
Comments
•
The N-PE is a 7600 with an OSM or SIP-600 module.
•
The U-PE is a generic Metro Ethernet (ME) switch. The customer BPDUs are blocked by the PACL.
U-PE
N-PE
vlan 788
exit
!
interface FastEthernet3/23
no ip address
switchport trunk allowed vlan 783,787-788
!
interface FastEthernet3/31
no cdp enable
no keepalive
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan none
switchport trunk allowed vlan 788
switchport port-security
switchport nonegotiate
switchport port-security maximum 45
switchport port-security aging time 34
switchport port-security violation shutdown
switchport port-security mac-address
3456.3456.5678
spanning-tree bpdufilter enable
mac access-group ISC-FastEthernet3/31 in
!
mac access-list extended
ISC-FastEthernet3/31
deny any host 0100.0ccc.cccc
deny any host 0100.0ccc.cccd
deny any host 0100.0ccd.cdd0
deny any host 0180.c200.0000
deny any host 1234.3234.3432
permit any any
vlan 788
exit
!
interface FastEthernet2/18
switchport trunk allowed vlan
350,351,430,630,777,780,783,785-788
!
interface Vlan788
no ip address
description L2VPN ERS with UNI port
security
xconnect 99.99.5.99 89028 encapsulation
mpls
no shutdown