1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. NCS 4200 Series
  6. Configuration manual

Cisco NCS 4200 Series Configuration Manual

Layer 2
Hide thumbs Also See for NCS 4200 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
Layer 2 Configuration Guide for Cisco NCS 4200 Series
First Published: 2016-07-29
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading

Related Manuals for Cisco NCS 4200 Series

Summary of Contents for Cisco NCS 4200 Series

  • Page 1 Layer 2 Configuration Guide for Cisco NCS 4200 Series First Published: 2016-07-29 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 © Cisco Systems, Inc. All rights reserved.
  • Page 3 Restrictions for Local Span and RSPAN Understanding Local SPAN and RSPAN Information About Local SPAN Session and RSPAN Session Local SPAN Session Local SPAN Traffic RSPAN Session RSPAN Traffic Destination Interface Source Interface Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 4 Configuring MAC Address Security on Service Instances and EVC Port Channels C H A P T E R 4 Prerequisites for MAC Address Security on Service Instances and EVC Port Channels Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 5 Displaying the Service Instances with MAC Security Enabled on a Specific Bridge Domain Showing the MAC Addresses of All Secured Service Instances Showing the MAC Addresses of a Specific Service Instance Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 6 Benefits of Static MAC Address Support on Service Instances Configuring a Static MAC Address on a Service Instance Example for Configuring a Static MAC Address on a Service Instance Verifying Configured Static MAC Addresses on a Service Instance Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 7 Example: Verifying Configured Static MAC Addresses on a Service Instance MAC Limiting C H A P T E R 6 Restrictions and Usage Guidelines Configuring MAC Limiting Example of Enabling Per-Bridge-Domain MAC Limiting Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 8 Contents Layer 2 Configuration Guide for Cisco NCS 4200 Series viii...

  • Page 9: Configuring Ethernet Dataplane Loopback

    • Port shaper cannot be bypassed in facility loopback. • Facility and terminal Ethernet data plane loopback (ELB) are not supported on dot1ad nni interface. • Internal loopback sessions configured must be within the 1 GB reserved bandwidth for Cisco ASR 900 Series RSP2 Module.

  • Page 10: Information On Ethernet Data Plane Loopback

    Dot1Q and 4 sessions are with Dot1Q and destination MAC address. This scale reduces if RSPAN or SADT is configured. This scale is supported on the Cisco ASR 900 Series RSP2 module. • Only one Ethernet loopback (terminal or facility) session can be active on an EFP at any instance.

  • Page 11: Qos Support For Ethernet Data Plane Loopback

    By default the session would be running for 300 seconds unless you explicitly specify and automatically stops after the session time expiry. enable configure terminal ethernet loopback start local interface gigabitEthernet 0/4/1 service instance 10 external Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 12: Stopping An Active Session

    Example: Configuring Terminal Loopback This example shows how to configure internal (terminal) loopback. Router(config)# interface gigabitEthernet 0/0/0 Router(config-if)# service instance 1 ethernet Router(config-if-srv)# encapsulation dot1q 120 Router(config-if-srv)# bridge-domain 120 Router(config-if-srv)# ethernet loopback permit internal Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 13: Verifying Ethernet Data Plane Loopback

    Total Active Session(s) Total Internal Session(s) Total External Session(s) • This example shows how to stop the sessions on the router. Router# ethernet loopback stop local interface GigabitEthernet 0/4/1 id 1 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 14: Use Cases Or Deployment Scenarios

    IfSt PtSt Domain ID Ingress MA Name Type Id SrvcInst EVC Name Local MEP Info -------------------------------------------------------------------------------- f078.1685.313f Gi0/0/0:(2.2.2.2, 880) XCON N/A MPID: 200 Domain: CCI MA: 800 Total Remote MEPs: 1 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 15: Configuring Switched Port Analyzer

    • RSPAN VLAN must be dedicated and entire Layer 2 devices in the network must be aware of the VLAN. • RSPAN source and destinations switches separated by the VPLS pseudowire must be aware of the RSPAN VLAN/ brige domain (BD). • Pseudowire must be dedicated for RSPAN traffic. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 16: Restrictions For Local Span And Rspan

    • SPAN monitoring of port-channel interfaces or port-channel member-links is not supported. • Combined Egress local SPAN bandwidth supported on Cisco ASR 900 Series RSP2 module is 1 GB. • Local SPAN is not supported on logical interfaces such as Vlans or EFPs.

  • Page 17: Understanding Local Span And Rspan

    • Do not have RSPAN bridge domain as part of RSPAN source interface. RSP3 module • RSPAN is not supported on the Cisco ASR 900 Series RSP3 module. Understanding Local SPAN and RSPAN Information About Local SPAN Session and RSPAN Session...

  • Page 18: Local Span Traffic

    The traffic from the source ports or Vlans are mirrored into the RSPAN Vlan and forwarded over Trunk or the EVC bridge domain (BD) ports carrying the RSPAN Vlan to a destination session monitoring the RSPAN Vlan. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 19: Destination Interface

    SPAN or RSPAN destination interface stops trunking on the interface. Source Interface A source interface is an interface monitored for network traffic analysis. An interface configured as a destination interface cannot be configured as a source interface. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 20: Traffic Directions

    (Untagged Traffic) - Source port RSPAN Vlan (BD) rewrite pop1 RSPAN Vlan (BD) rewrite pop1 rewrite tag symmetric tag symmetric no-rewrite RSPAN BD tag + packet RSPAN BD tag + packet pop1 tag pop2 tag Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 21 RSPAN BD tag + packet RSPAN BD tag + packet pop1 tag pop2 tag push1 tag (Single traffic)-Source port RSPAN Vlan (BD) rewrite pop1 RSPAN Vlan (BD) rewrite pop1 rewrite tag symmetric tag symmetric Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 22 RSPAN BD tag + source-outer-tag RSPAN BD tag + source-outer-tag + packet + packet pop1 tag pop2 tag push1 tag RSPAN BD tag + source-outer-tag RSPAN BD tag + source-outer-tag + packet + packet Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 23: Configuring Local Span And Rspan

    1 through 14. Router(config)# monitor session 1 type local Step 3 source interface interface_type slot/subslot/port Specifies the source interface and the traffic direction: [, | - | rx | tx | both] Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 24: Removing Sources Or Destinations From A Local Span Session

    Removing Sources or Destinations from a Local SPAN Session To remove sources or destinations from a local SPAN session, use the following commands beginning in EXEC mode: SUMMARY STEPS 1. enable 2. configure terminal 3. no monitor session session-number Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 25: Configuring Rspan Source Session

    5. destination remote vlan rspan_vlan_ID 6. no shutdown 7. end DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Example: Router> enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 26 EFP or port which carries the RSPANd traffic. Step 6 no shutdown Restarts the interface. Example: Router(config-mon-rspan-src)# no shutdown Step 7 Exists the configuration. Example: Router(config-mon-rspan-src)# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 27: Configuring Rspan Destination Session

    Associates the RSPAN destination session number with the destination port. Example: • single_interface —Specifies the Gigabit Ethernet or Ten Gigabit Ethernet interface. Router(config-mon-rspan-dst)# destination interface gigabitethernet 0/0/1 ◦slot/subslot/port—The location of the interface. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 28: Removing Sources Or Destinations From A Rspan Session

    Configures an RSPAN source session number and enters RSPAN source session configuration mode for the session. Example: • session_number—The valid sessions are 1 through 14. Router(config)# monitor session 1 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 29: Sample Configurations

    The following example shows how to configure local SPAN session 8 to monitor bidirectional traffic from source interface Gigabit Ethernet interface to destination: Router(config)# monitor session 8 type local Router(config)# source interface gigabitethernet 0/0/10 Router(config)# destination interface gigabitethernet 0/0/3 Router(config)# no shut Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 30: Configuration Example: Removing Sources Or Destinations From A Local Span Session

    Router# show monitor session 8 Session 8 --------- Type : Local Session Status : Admin Enabled Source Ports : TX Only : Gi0/0/10 Destination Ports : Gi0/0/3 MTU : 1464 Dest RSPAN VLAN : 100 Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 31 • The following example shows the RSPAN destination session with Gigabit Ethernet interface 0/0/1 as destination: Router# show monitor session 2 Session 2 --------- Type : Remote Destination Session Status : Admin Enabled Destination Ports : Gi0/0/1 : 1464 Source RSPAN VLAN : 100 Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 32 Configuring Switched Port Analyzer Verifying Local SPAN and RSPAN Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 33: Prerequisites For Layer 2 Access Control Lists On Evcs

    Restrictions for Layer 2 Access Control Lists on EVCs • A maximum of 512 access control entries (ACEs) are allowed for a given ACL, with the limitation that it does not exceed the maximum tcam entries. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 34: Evcs

    ACL. • The show ethernet service instance id id interface type number detail command can be used to provide details about ACLs on service instances. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 35: Information About Layer 2 Access Control Lists On Evcs

    {{src-mac mask | any} {dest-mac mask | any} Allows forwarding of Layer 2 traffic if the conditions [protocol [vlan vlan] [cos value]]} are matched. Creates an ACE for the ACL. Example: Device(config-ext-macl)# permit 00aa.00bb.00cc 0.0.0 any Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 36: Applying A Layer 2 Acl To A Service Instance

    • number --Specifies the location of the interface. Step 4 service instance id ethernet Configures an Ethernet service instance on an interface and enters Ethernet service configuration mode. Example: Device(config-if)# service instance 100 ethernet Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 37: Configuring A Layer 2 Acl With Aces On A Service Instance

    9. interface type number 10. service instance id ethernet 11. encapsulation dot1q vlan-id 12. mac access-group access-list-name in DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 38 Prevents forwarding of Layer 2 traffic except for the allowed ACEs. Example: Device(config-ext-macl)# deny any any Step 8 Exits the current command mode and returns to global exit configuration mode. Example: Device(config-ext-macl)# exit Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 39: Verifying The Presence Of A Layer 2 Acl On A Service Instance

    2. show ethernet service instance id id interface type number detail DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Example: Device> enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 40: Configuration Examples For Layer 2 Access Control Lists On Evcs

    Example Applying a Layer 2 ACL to Three Service Instances on the Same Interface The following example shows how to apply a Layer 2 ACL called mac-07-acl to three service instances on the same interface: enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 41: Verifying The Presence Of A Layer 2 Acl On A Service Instance

    Step 2 show ethernet service instance id id interface type Displays detailed information about Ethernet customer number detail service instances. Example: Device# show ethernet service instance id 100 interface gigabitethernet 3/0/1 detail Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 42: Example Displaying The Details Of A Layer 2 Acl On A Service Instance

    The following sample output displays the details of a configured Layer 2 ACL. Device# show access-lists Extended IP access list ip-acl 10 permit ip any any Extended MAC access list mac-acl permit any any vlan 10 Device# Device#sh access-lists mac-acl Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 43 Layer 2 Access Control Lists on EVCs Example Displaying the Details of Configured Layer 2 ACL Extended MAC access list mac-acl permit any any vlan 10 Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 44 Layer 2 Access Control Lists on EVCs Example Displaying the Details of Configured Layer 2 ACL Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 45: Prerequisites For Mac Address Security On Service Instances And Evc Port Channels

    • An understanding of the concepts of MAC address limiting and how it is used for MAC security. • An understanding of how port channels and EtherChannels work in a network. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 46: Information About Mac Address Security On Service Instances And Evc Port Channels

    MAC Address Permit List A permit list is a set of MAC addresses that are permitted on a service instance. Permitted addresses permanently configured into the MAC address table of the service instance. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 47: Mac Address Deny List

    • If the address is already configured as a permitted address on the specific service instance or if the address has been learned and saved as a sticky address on the service instance, the configuration is rejected with an appropriate error message. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 48: Violation Response Configuration

    You are allowed to configure the desired response for a Type 1 and Type 2 violations on a service instance. For a Type 1 violation on a bridge domain (that is, if the learn attempt conforms to the policy configured on Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 49: Mac Address Aging Configuration

    The mac security sticky address mac-address command can configure a specific MAC address as a sticky MAC address. The use of this command is not recommended for the user because configuring a MAC address Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 50: Aging For Sticky Addresses

    Since MAC security is applicable only on service instances that are members of a bridge domain, removing a service instance from a bridge domain causes all the MAC security commands to be erased permanently. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 51: Service Instance Shut Down Due To Violation

    How to Configure MAC Address Limiting on Service Instances Bridge Domains and EVC Port Channels Enabling MAC Security on a Service Instance Perform this task to enable MAC address security on a service instance. Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 52 Device(config-if-srv)# encapsulation dot1q 100 Step 6 bridge-domain bridge-id Binds the service instance to a bridge- domain instance where bridge-id is the identifier for the bridge- domain instance. Example: Device(config-if-srv)# bridge-domain 200 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 53: Enabling Mac Security On An Evc Port Channel

    3. interface port-channel channel-group 4. service instance id ethernet 5. encapsulation dot1q vlan-id 6. bridge-domain bridge-id 7. mac security 8. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 54 Example: Device(config-if-srv)# bridge-domain 200 Step 7 Enables MAC security on the service instance. mac security Example: Device(config-if-srv)# mac security Step 8 Returns to user EXEC mode. Example: Device(config-if-srv)# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 55: Configuring A Mac Address Permit List

    Device(config)# interface gigabitethernet2/0/1 Step 4 service instance id ethernet Creates a service instance (an instance of an EVC) on an interface and enters service instance configuration mode. Example: Device(config-if)# service instance 100 ethernet Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 56 Example: Device(config-if-srv)# mac security address permit a2aa.aaaa.aaae Step 12 mac security Enables MAC security on the service instance. Example: Device(config-if-srv)# mac security Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 57: Configuring A Mac Address Deny List

    Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Example: Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 58 Device(config-if-srv)# mac security address deny a2aa.aaaa.aaac Step 10 mac security address deny mac-address Adds the specified MAC address as a denied MAC address for the service instance. Example: Device(config-if-srv)# mac security address deny a2aa.aaaa.aaad Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 59: Configuring Mac Address Security On A Service Instance

    5. encapsulation dot1q vlan-id 6. bridge-domain bridge-id 7. mac security maximum addresses maximum-addresses 8. mac security 9. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 60 Note Default value for a service instance is '1'. Example: Device(config-if-srv)# mac security maximum addresses 500 Step 8 Enables MAC security on the service instance. mac security Example: Device(config-if-srv)# mac security Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 61: Configuring A Mac Address Violation

    Command or Action Purpose Step 1 enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Device> enable Step 2 Enters global configuration mode. configure terminal Example: Device# configure terminal Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 62 Example: Device(config-if-srv)# mac security violation protect Step 8 mac security Enables MAC security on the service instance. Example: Device(config-if-srv)# mac security Step 9 Returns to user EXEC mode. Example: Device(config-if-srv)# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 63: Configuring Mac Address Aging

    Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal Step 3 interface type number Specifies the interface type and number, and enters interface configuration mode. Example: Device(config)# interface gigabitethernet2/0/1 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 64: Configuring A Sticky Mac Address

    If sticky MAC addressing is configured on a secured service instance, MAC addresses that are learned dynamically on the service instance are retained during a link-down condition. Perform this task to configure sticky MAC addresses on a service instance. Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 65 Step 5 encapsulation dot1q vlan-id Defines the matching criteria to be used to map ingress dot1q frames on an interface to the appropriate service instance. Example: Device(config-if-srv)# encapsulation dot1q 100 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 66: Displaying The Mac Security Status Of A Specific Service Instance

    2. show ethernet service instance id id interface type number mac security 3. end DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Example: Device> enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 67: Displaying The Service Instances With Mac Security Enabled

    Displays all the service instances with MAC security show ethernet service instance mac security enabled. Example: Device# show ethernet service instance mac security Step 3 Returns to user EXEC mode. Example: Device# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 68: Displaying The Service Instances With Mac Security Enabled On A Specific Bridge Domain

    Example: Device# end Showing the MAC Addresses of All Secured Service Instances SUMMARY STEPS 1. enable 2. show ethernet service instance mac security address 3. show mac address-table secure 4. end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 69: Showing The Mac Addresses Of A Specific Service Instance

    2. show ethernet service instance id id interface type number mac security address 3. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Device> enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 70: Showing The Mac Addresses Of All Service Instances On A Specific Bridge Domain

    Displays the secured addresses of all the service instances on a specified bridge domain. Example: Device# show bridge-domain 100 mac security address Step 3 Returns to user EXEC mode. Example: Device# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 71: Showing The Mac Security Statistics Of A Specific Service Instance

    Showing the MAC Security Statistics of All Service Instances on a Specific Bridge Domain Perform this task to display the MAC security statistics of all the service instances on a specific bridge domain. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 72: Showing The Last Violation Recorded On Each Service Instance On A Specific Bridge Domain

    Perform this task to display the last violation recorded on each service instance on a specific bridge domain. Service instances on which there have been no violations are excluded from the output. SUMMARY STEPS 1. enable 2. show bridge-domain bridge-id mac security last violation 3. end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 73: Clearing All Dynamically Learned Secure Mac Addresses On A Service Instance

    2. clear ethernet service instance id id interface type number mac table 3. end DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Device> enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 74: Clearing All Dynamically Learned Mac Addresses On A Bridge Domain

    Clears all dynamically learned MAC addresses on the specified bridge domain. Example: Device# clear bridge-domain 100 mac table Step 3 Returns to user EXEC mode. Example: Device# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 75: Configuration Examples For Mac Address Limiting On Service Instances And Bridge Domains And Evc Port Channels

    Device(config-if-srv)# mac security address permit a2aa.aaaa.aaaa Device(config-if-srv)# mac security address permit a2aa.aaaa.aaab Device(config-if-srv)# mac security address permit a2aa.aaaa.aaac Device(config-if-srv)# mac security address permit a2aa.aaaa.aaad Device(config-if-srv)# mac security address permit a2aa.aaaa.aaae Device(config-if-srv)# mac security Device(config-if-srv)# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 76: Example Configuring A Mac Address Deny List

    Device> enable Device# configure terminal Device(config)# interface gigabitethernet 4/0/1 Device(config-if)# service instance 100 ethernet Device(config-if-srv)# encapsulation dot1q 100 Device(config-if-srv)# bridge-domain 100 Device(config-if-srv)# mac security aging time 10 Device(config-if-srv)# mac security Device(config-if-srv)# end Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 77: Example Configuring A Sticky Mac Address

    Gi0/0/3 ServInst 10 0000.00ac.ef06 sticky Gi0/0/3 ServInst 10 0000.00ac.ef07 dynamic Gi0/0/3 ServInst 10 0000.00ac.ef08 dynamic Gi0/0/3 ServInst 10 0000.00ac.ef09 dynamic Gi0/0/3 ServInst 10 0000.00ac.ef0a dynamic Gi0/0/3 ServInst 10 0000.00ac.ef0b dynamic Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 78: Example Displaying The Mac Security Statistics Of All Service Instances

    0000.00ac.ef0a dynamic Gi0/0/3 ServInst 10 0000.00ac.ef0b dynamic Example Displaying the Secured Service Instances for a Specific Bridge Domain Router# show bridge-domain 10 mac security Gi0/0/3 ServInst 10 MAC Security enabled: yes Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 79: Prerequsites For Static Mac Address Support On Service Instances

    • Static MAC addresses are programmed only on switch processors (both active and standby). • The Static MAC address on Pseudowires is not supported on the Cisco ASR 900 Series Routers. Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 80: Information About Static Mac Address Support On Service Instances

    6. bridge-domain bridge-id [split-horizon[group group-id]] 7. mac static address mac-addr [auto-learn] 8. exit DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 81: Example For Configuring A Static Mac Address On A Service Instance

    Returns the CLI to privileged EXEC mode. Example: Router(config-if-srv)# exit Example for Configuring a Static MAC Address on a Service Instance Router> enable Router# configure terminal Router(config)# interface GigabitEthernet 0/2/1 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 82: Verifying Configured Static Mac Addresses On A Service Instance

    The sample output for the show bridge-domain command: Router# show bridge-domain 10 mac static address Bridge-Domain ID : 10 Static MAC count : System : 1, bridge-domain : 1 Port Address Action Gi0/3/7 ServInst 10 aaa1.123c.bc32 Layer 2 Configuration Guide for Cisco NCS 4200 Series...

  • Page 83: Restrictions And Usage Guidelines

    Mac address limiting per bridge-domain restricts the number of MAC addresses that the router learns in bridge-domain on an EFP, pseudowire or switchport. Local connect feature is not supported on the Cisco router. However, to simulate a local connect scenario, Note configure the connecting EFPs on the same bridge domain and disable the mac-learning on the bridge domain by setting the MAC limit to 0.

  • Page 84: Example Of Enabling Per-Bridge-Domain Mac Limiting

    (bdomain) to a disabled state. To restore the bridge-domain, disable and re-enable the mac-limiting feature. Warning is the default action when no action is configured. Note The functionality of automatic error recovery is not supported on the Cisco ASR 900 RSP2 module. Note Before You Begin SUMMARY STEPS 1.
  • Page 85 Router# configure terminal Router(config)# mac-address-table limit bdomain 10 maximum 100 action limit flood Router(config)# end Router#show mac-address-table limit bdomain 10 bdomain action flood maximum Total entries Current state -------------+----------+------------+------------+---------------+--------------- limit Disable Within Limit Layer 2 Configuration Guide for Cisco NCS 4200 Series...
  • Page 86 MAC Limiting Example of Enabling Per-Bridge-Domain MAC Limiting Layer 2 Configuration Guide for Cisco NCS 4200 Series...

Table of Contents