MAC Address Security
You can configure MAC address security at the interfaces and at the bridge access ports (subinterfaces) levels.
However, MAC security configured under an interface takes precedence to MAC security configured at the
bridge domain level. When a MAC address is first learned, on an EFP that is configured with MAC security
and then, the same MAC address is learned on another EFP, these events occur:
• the packet is dropped
• the second EFP is shutdown
• the packet is learned and the MAC from the original EFP is flushed
MAC Address Move and Unicast Traffic Counters
MAC Address Move and Unicast Traffic counters are introduced on the VPLS bridge ports on the ASR9K
platform. These counters essentially are L2VPN bridge port stats counters. MAC move and unicast traffic
counters are introduced for troubleshooting. Cisco ASR 9000 High Density 100GE Ethernet Line Cards and
Cisco ASR 9000 Enhanced Ethernet Line Cards support these counters.
For more information, on MAC Move and Unicast Traffic counters, use the show l2vpn bridge-domain
command with the detail keyword on an AC Bridge, PW Bridge, PBB Edge, and VXLAN Bridge Ports.
If the bridge port traffic is forwarded, either completely or partially to ASR 9000 Ethernet line cards, MAC
Address Move and Unicast Traffic counters may not be accurate.
Note
LSP Ping over VPWS and VPLS
For Cisco IOS XR software, the existing support for the Label Switched Path (LSP) ping and traceroute
verification mechanisms for point-to-point pseudowires (signaled using LDP FEC128) is extended to cover
the pseudowires that are associated with the VFI (VPLS). Currently, the support for the LSP ping and traceroute
for LDP signalled FEC128 pseudowires is limited to manually configured VPLS pseudowires. In addition,
Cisco IOS XR software supports LSP ping for point-to-point single-segment pseudowires that are signalled
using LDP FEC129 AII-type 2 applicable to VPWS or signalled using LDP FEC129 AII-type 1 applicable
to VPLS. For information about Virtual Circuit Connection Verification (VCCV) support and the ping mpls
pseudowire command, see the MPLS Command Reference for Cisco ASR 9000 Series Routers.
Split Horizon Groups
An IOS XR bridge domain aggregates attachment circuits (ACs) and pseudowires (PWs) in one of three
groups called Split Horizon Groups. When applied to bridge domains, Split Horizon refers to the flooding
and forwarding behavior between members of a Split Horizon group. The following table describes how
frames received on one member of a split horizon group are treated and if the traffic is forwarded out to the
other members of the same split horizon group.
Bridge Domain traffic is either unicast or multicast.
Flooding traffic consists of unknown unicast destination MAC address frames; frames sent to Ethernet multicast
addresses (Spanning Tree BPDUs, etc.); Ethernet broadcast frames (MAC address FF-FF-FF-FF-FF-FF).
L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.3.x
215
Implementing Multipoint Layer 2 Services
MAC Address Security
To Next Page
Loading...
Need help?
General
