beautypg.com

Cisco OL-21636-01 User Manual

Page 96

background image

5-14

Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide, 6.0

OL-21636-01

Chapter 5 Creating a FlexUNI/EVC ATM-Ethernet Interworking Policy

Setting the Interface Attributes

This is the default. When you uncheck the check box, the port is treated as an uplink with no security
features, and the window dynamically changes to eliminate items related to port security.

Note

When the UNI is configured on an N-PE device running IOS XR, the Standard UNI Port attribute is not
supported. All the CLIs related to Standard UNI Port and UNI Port Security are ignored in this case.

Step 3

Check the UNI Shutdown check box if you want to leave the UNI port shut during service activation,
for example, when the service provider wants to deploy a service in the network but wants to activate it
at a later time.

Step 4

Check the Keep Alive check box to configure keepalives on the UNI port.

By default, this check box is unchecked, which causes the command no keepalive to be provisioned on
the UNI port. This prevents a CPE from sending keepalive packets to the U-PE, for security purposes.
This attribute is editable, in order to support modification on a per-service request basis.

Step 5

Enter a Link Speed (optional) of None, 10, 100, 1000, Auto, or nonegotiate.

Step 6

Enter a Link Duplex (optional) of None, Full, Half, or Auto.

Step 7

Check the Use Existing ACL Name check box if you want to assign your own named access list to the
port.

By default, this check box is not checked and ISC automatically assigns a MAC-based ACL on the
customer facing UNI port, based on values you enter in UNI MAC addresses (below).

Step 8

Enter a Port-Based ACL Name (if you checked the Use Existing ACL Name check box, as mentioned
in the previous step).

Note

ISC does not create this ACL automatically. The ACL must already exist on the device, or be
added as part of a template, before the service request is deployed. Otherwise, deployment will
fail.

Step 9

Enter one or more Ethernet MAC addresses in UNI MAC addresses.

This selection is present only if you uncheck the Use Existing ACL Name check box. Click the Edit
button to bring up a pop-up window in which you enter MAC addresses to be allowed or denied on the
port. You can also specify a range of addresses by setting a base MAC address and a filtered MAC
address.

Step 10

Check the UNI Port Security check box (see

Figure 5-6

) if you to want to provision port security-related

CLIs to the UNI port by controlling the MAC addresses that are allowed to go through the interface.

a.

For Maximum Number of MAC address, enter the number of MAC addresses allowed for port
security.

b.

For Aging, enter the length of time the MAC address can stay on the port security table.

c.

For Violation Action, choose what action will occur when a port security violation is detected:

PROTECT—Drops packets with unknown source addresses until a sufficient number of secure
MAC addresses are removed to drop below the maximum value.

RESTRICT—Drops packets with unknown source addresses until a sufficient number of secure
MAC addresses are removed to drop below the maximum value and causes the Security Violation
counter to increment.

SHUTDOWN—Puts the interface into the error-disabled state immediately and sends an SNMP
trap notification.