After you have set the maximum number of secure MAC addresses on a port, you can configure port security
to include the secure addresses in the address table in one of these ways:
• Statically configure all secure MAC addresses by using the static-address command.
• Allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected
devices.
• Statically configure a number of addresses and allow the rest to be dynamically configured.
Dynamic Host Configuration Protocol Snooping
Dynamic Host Configuration Protocol (DHCP) snooping is a security feature that acts like a firewall between
untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs these activities:
• Validates DHCP messages received from untrusted sources and filters out invalid messages.
• Rate-limits DHCP traffic from trusted and untrusted sources.
• Builds and maintains the binding database of DHCP snooping, which contains information about untrusted
hosts with leased IP addresses.
• Utilizes the binding database of DHCP snooping to validate subsequent requests from untrusted hosts.
For additional information regarding DHCP, see the Cisco ASR 9000 Series Aggregation Services Router IP
Addresses and Services Configuration Guide.
G.8032 Ethernet Ring Protection
Ethernet Ring Protection (ERP) protocol, defined in ITU-T G.8032, provides protection for Ethernet traffic
in a ring topology, while ensuring that there are no loops within the ring at the Ethernet layer. The loops are
prevented by blocking either a pre-determined link or a failed link.
Overview
Each Ethernet ring node is connected to adjacent Ethernet ring nodes participating in the Ethernet ring using
two independent links. A ring link never allows formation of loops that affect the network. The Ethernet ring
uses a specific link to protect the entire Ethernet ring. This specific link is called the ring protection link (RPL).
A ring link is bound by two adjacent Ethernet ring nodes and a port for a ring link (also known as a ring port).
The minimum number of Ethernet ring nodes in an Ethernet ring is two.
Note
The fundamentals of ring protection switching are:
• the principle of loop avoidance
• the utilization of learning, forwarding, and Filtering Database (FDB) mechanisms
Loop avoidance in an Ethernet ring is achieved by ensuring that, at any time, traffic flows on all but one of
the ring links which is the RPL. Multiple nodes are used to form a ring:
• RPL owner—It is responsible for blocking traffic over the RPL so that no loops are formed in the Ethernet
traffic. There can be only one RPL owner in a ring.
L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.3.x
217
Implementing Multipoint Layer 2 Services
Dynamic Host Configuration Protocol Snooping
To Next Page
Loading...
Need help?
General
