Dynamic Host Configuration Protocol Snooping; G.8032 Ethernet Ring Protection; Overview - Cisco ASR 9000 Series Configuration Manuallines
L2vpn and ethernet services configuration guide
Hide thumbs
Also See for ASR 9000 Series:
- Command reference manual (1138 pages) ,
- Routing configuration manual (702 pages) ,
- Reference manual (696 pages)
Table of Contents
Advertisement
Implementing Multipoint Layer 2 Services
After you have set the maximum number of secure MAC addresses on a port, you can configure port security
to include the secure addresses in the address table in one of these ways:
• Statically configure all secure MAC addresses by using the static-address command.
• Allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected
• Statically configure a number of addresses and allow the rest to be dynamically configured.
Dynamic Host Configuration Protocol Snooping
Dynamic Host Configuration Protocol (DHCP) snooping is a security feature that acts like a firewall between
untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs these activities:
• Validates DHCP messages received from untrusted sources and filters out invalid messages.
• Rate-limits DHCP traffic from trusted and untrusted sources.
• Builds and maintains the binding database of DHCP snooping, which contains information about untrusted
• Utilizes the binding database of DHCP snooping to validate subsequent requests from untrusted hosts.
For additional information regarding DHCP, see the Cisco ASR 9000 Series Aggregation Services Router IP
Addresses and Services Configuration Guide.
G.8032 Ethernet Ring Protection
Ethernet Ring Protection (ERP) protocol, defined in ITU-T G.8032, provides protection for Ethernet traffic
in a ring topology, while ensuring that there are no loops within the ring at the Ethernet layer. The loops are
prevented by blocking either a pre-determined link or a failed link.
Overview
Each Ethernet ring node is connected to adjacent Ethernet ring nodes participating in the Ethernet ring using
two independent links. A ring link never allows formation of loops that affect the network. The Ethernet ring
uses a specific link to protect the entire Ethernet ring. This specific link is called the ring protection link (RPL).
A ring link is bound by two adjacent Ethernet ring nodes and a port for a ring link (also known as a ring port).
Note
The minimum number of Ethernet ring nodes in an Ethernet ring is two.
The fundamentals of ring protection switching are:
• the principle of loop avoidance
• the utilization of learning, forwarding, and Filtering Database (FDB) mechanisms
Loop avoidance in an Ethernet ring is achieved by ensuring that, at any time, traffic flows on all but one of
the ring links which is the RPL. Multiple nodes are used to form a ring:
• RPL owner—It is responsible for blocking traffic over the RPL so that no loops are formed in the Ethernet
devices.
hosts with leased IP addresses.
traffic. There can be only one RPL owner in a ring.
L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.3.x
Dynamic Host Configuration Protocol Snooping
217
Advertisement
Table of Contents
