Information About Mac Address Security On Service Instances And Evc Port Channels - Cisco NCS 4200 Series Configuration Manual

Information About MAC Address Security on Service Instances and EVC Port Channels

Information About MAC Address Security on Service Instances
and EVC Port Channels
Ethernet Virtual Circuits, Service Instances, and Bridge Domains
An Ethernet virtual circuit (EVC) as defined by the Metro Ethernet Forum is a port-level point-to-point or
multipoint-to-multipoint Layer 2 circuit. It is an end-to-end representation of a single instance of a Layer 2
service being offered by a provider to a customer. An EVC embodies the different parameters on which the
service is being offered. A service instance is the instantiation of an EVC on a given port.
Support for Ethernet bridging is an important Layer 2 service that is offered on a router as part of an EVC.
Ethernet bridging enables the association of a bridge domain with a service instance.
For information about the Metro Ethernet Forum standards, see the "Standards" table in the "Additional
References" section.
EVCs on Port Channels
An EtherChannel bundles individual Ethernet links into a single logical link that provides the aggregate
bandwidth of up to eight physical links. The Ethernet Virtual Connection Services (EVCS) EtherChannel
feature provides support for EtherChannels on service instances.
The MAC Address Security on EVC Port Channel services is supported only on bridge domains over
Note
Ethernet and is not supported on xconnect services.
EVCS uses the concepts of EVCs and service instances.
Load balancing is done on an Ethernet flow point (EFP) basis where a number of EFPs exclusively pass traffic
through member links.
MAC Security and MAC Addressing
MAC security is enabled on a service instance by configuring the mac security command. Various MAC
security elements can be configured or removed regardless of whether the mac security command is presently
configured, but these configurations become operational only when the mac security command is applied.
In this document, the term "secured service instance" is used to describe a service instance on which MAC
security is configured. The MAC addresses on a service instance on which MAC security is configured are
referred to as "secured MAC addresses." Secured MAC addresses can be either statically configured (as a
permit list) or dynamically learned.
MAC Address Permit List
A permit list is a set of MAC addresses that are permitted on a service instance. Permitted addresses permanently
configured into the MAC address table of the service instance.
Layer 2 Configuration Guide for Cisco NCS 4200 Series
38
Configuring MAC Address Security on Service Instances and EVC Port Channels