Efps And Switchport Mac Addresses; Evc And Switchports; Switch (Config-If-Srv)# Bridge-Domain 100 - Cisco 3845 - Security Bundle Router Software Manual

Chapter 11 Configuring Ethernet Virtual Connections (EVCs)
Switch (config-if-srv)# encapsulation dot1q 10 second-dot1q 20
Switch (config-if-srv)# rewrite ingress tag pop 2 symmetric

Switch (config-if-srv)# bridge-domain 100

Switch (config)# interface vlan 100
Switch (config-if)# ip address 20.1.1.1 255.255.255.255

EFPs and Switchport MAC Addresses

Because forwarding can occur between EFPs and switchports, MAC address movement can occur on
learned addresses. Addresses learned on EFPs will have the format of interface + EFP ID, for example
gigabitethernet 0/1 + EFP 1. When an address moves between a non-secured EFP and a switchport, the
behavior is similar to that of moving between switchports.
To see MAC address information for VLANs 1 to 4094, use the show mac address-table vlan privileged
EXEC command. For VLANs 4096 to 8000, use the show mac address-table bridge-domain privileged
EXEC command. LAll other show mac address-table commands also support bridge domains as well
as VLANs.
When an EFP property changes (bridge domain, rewrite, encapsulation, split-horizon, secured or
unsecured, or a state change), the old dynamic MAC addresses are flushed from their existing tables.
This is to prevent old invalid entries from lingering.

EVC and Switchports

Bridging EFPs and switchports in the same switch is a typical configuration in the edge of the network
where network facing interfaces are switchports and user network interfaces are EVC ports where
various VLAN rewrites take place. The user-facing interfaces have EVC configuration because the
incoming VLANs are only significant on the ingress interface (customer VLANs), which requires VLAN
tagging modification. All the network -facing interfaces have VLAN tags, which are globally significant
in the provider network.
In order for EFPs and switchports to bridge frames to each other, they must belong to the same bridge
domain. For switchports, the bridge domain is set to the incoming VLAN tags. The ingress rewritten
VLAN tag at the customer interface would match the bridge domain ID, which represents an S-VLAN
for the service provider.
Network port configurations:
Switch (config)# interface gigabitethernet0/10 - gigabitethernet0/11
Switch (config-if)# switchport mode trunk
Switch (config-if)# switchport allowed vlan 20-30
Customer port configurations:
Switch (config)# interface gigabitethernet0/1
Switch (config-if)# switchport mode trunk
Switch (config-if)# switchport allowed vlan none
Switch (config-if)# service instance 1 Ethernet
Switch (config-if-srv)# encapsulation dot1q 2000
Switch (config-if-srv)# rewrite ingress tag pop 1 symmetric
Switch (config-if-srv)# bridge-domain 20
Switch (config-if-srv)# exit
Switch (config-if)# service instance 2 Ethernet
Switch (config-if-srv)# encapsulation dot1q 2001
Switch (config-if-srv)# rewrite ingress tag pop 1 symmetric
Switch (config-if-srv)# bridge-domain 30
OL-23400-01
Cisco ME 3800X and 3600X Switch Software Configuration Guide
Configuring Other Features on EFPs
11-25