Cisco OL-21636-01 User Manual
Page 314
A-36
Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide, 6.0
OL-21636-01
Appendix A Sample Configlets
FlexUNI/EVC (Local Connect Core Connectivity, UNI Port Security)
FlexUNI/EVC (Local Connect Core Connectivity, UNI Port
Security)
Configuration
•
Service: FlexUNI(EVC)/Metro Ethernet.
•
Feature: FlexUNI/EVC with local connect core connectivity, with UNI port security.
•
Device configuration:
–
The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3.
Interface(s):GI2/0/0.
–
The U-PE is a Cisco 3750ME with IOS 12.2(25) EY2. Port security is enabled.
Interface(s): FA1/14– FA3/23.
Configlets
Comments
•
UNI on U-PE.
•
Two tag matching operations are carried out.
U-PE
N-PE
vlan 788
exit
!
interface FastEthernet3/23
no ip address
switchport trunk allowed vlan 783,787-788
!
interface FastEthernet1/14
no cdp enable
no keepalive
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan none
switchport trunk allowed vlan 788
switchport port-security
switchport nonegotiate
switchport port-security maximum 45
switchport port-security aging time 34
switchport port-security violation shutdown
switchport port-security mac-address
4111.4545.1211
spanning-tree bpdufilter enable
mac access-group ISC-FastEthernet3/23 in
!
mac access-list extended
ISC-FastEthernet3/31
deny any host 0100.0ccc.cccc
deny any host 0100.0ccc.cccd
deny any host 0100.0ccd.cdd0
deny any host 0180.c200.0000
deny any host 1234.3234.3432
permit any any
Connect Customer_1 GigabitEthernet4/0/1 10
GigabitEthernet4/0/10 25
interface GigabitEtherne4/0/1
no shut
service instance 10 ethernet
encapsulation dot1q 500
rewrite ingress tag push dot1q 555
symmetric
interface GigabitEtherne4/0/10
no shut
service instance 25 ethernet
encapsulation dot1q 500 second-dot1q 501
rewrite ingress tag translate 2-to-1 dot1q
222 symmetric