Cisco OL-21636-01 User Manual
Page 312
A-34
Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide, 6.0
OL-21636-01
Appendix A Sample Configlets
FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)
FlexUNI/EVC (VPLS Core Connectivity, UNI Port Security)
Configuration
•
Service: FlexUNI(EVC)/Metro Ethernet.
•
Feature: FlexUNI/EVC with VPLS core connectivity, with UNI port security.
•
Device configuration:
–
The N-PE is a Cisco 7600 with IOS 12.2(33) SRB3.
Interface(s): GI4/0/1.
–
The U-PE is a Cisco 3750ME with IOS 12.2(25) EY2. Port security is enabled.
Interface(s): FA1/14– FA3/23.
Configlets
Comments
•
UNI on U-PE.
•
The rewrite operation translates the incoming VLAN tag 500 to 222.
U-PE
N-PE
vlan 788
exit
!
interface FastEthernet3/23
no ip address
switchport trunk allowed vlan 783,787-788
!
interface FastEthernet1/14
no cdp enable
no keepalive
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan none
switchport trunk allowed vlan 788
switchport port-security
switchport nonegotiate
switchport port-security maximum 58
switchport port-security aging time 85
switchport port-security violation shutdown
switchport port-security mac-address
1252.1254.2544
spanning-tree bpdufilter enable
mac access-group ISC-FastEthernet3/23 in
!
mac access-list extended
ISC-FastEthernet3/31
deny any host 0100.0ccc.cccc
deny any host 0100.0ccc.cccd
deny any host 0100.0ccd.cdd0
deny any host 0180.c200.0000
deny any host 1234.3234.3432
permit any any
l2 vfi attest-226 manual
vpn id 226
neighbor 192.169.105.20 encapsulation mpls
vlan 200
bridge-domain 200 split-horizon
interface GigabitEtherne4/0/1
no shut
service instance 10 ethernet
encapsulation dot1q 500
rewrite ingress tag translate 1-to-1 dot1q
222 symmetric
Interface vlan 200
xconnect vfi attest-226