9-35
Cisco IP Solution Center L2VPN and Carrier Ethernet User Guide, 6.0
OL-21636-01
Chapter 9 Creating a VPLS Policy
Defining an Ethernet/EMS (EP-LAN) Policy with a CE
The maximum transmission unit (MTU) size is configurable and optional. The default size is 9216, and
the range is 1500 to 9216. ISC does not perform an integrity check for this customized value. If a service
request goes to the Failed Deploy state because this size is not accepted, you must adjust the size until
the Service Request is deployed.
In ISC 6.0, different platforms support different ranges.
• For the 3750 and 3550 platforms, the MTU range is 1500-1546.
• For the 7600 ethernet port, the MTU size is always 9216. Even with the same platform and same
IOS release, different line cards support the MTU differently. For example, older line cards only take
an MTU size of 9216 and newer cards support 1500-9216. However, ISC 6.0 uses 9216 in both cases.
• For the 7600 SVI (interface VLAN), the MTU size is 1500-9216.
Step 17 Check the Use Existing ACL Name check box if you want assign your own named access list to the port.
By default, this is not checked and ISC automatically assigns a MAC-based ACL on the customer facing
UNI port, based on values you enter in UNI MAC addresses (below).
Step 18 Enter a Port-Based ACL Name (if you checked the Use Existing ACL Name check box, as mentioned
in the previous step).
Note ISC does not create this ACL automatically. The ACL must already exist on the device, or be
added as part of a template, before the service request is deployed. Otherwise, deployment will
fail.
Step 19 Check the Disable CDP check box if you want to disable the Cisco Discover Protocol (CDP) on the UNI
port.
Step 20 Check the UNI Port Security check box (see Figure 9-30) if you to want to provision port
security-related CLIs to the UNI port by controlling the MAC addresses that are allowed to go through
the interface.
a. For Maximum Number of MAC address, enter the number of MAC addresses allowed for port
security.
b. For Aging, enter the length of time the MAC address can stay on the port security table.
c. For Violation Action, choose what action will occur when a port security violation is detected:
• PROTECT—Drops packets with unknown source addresses until a sufficient number of secure
MAC addresses are removed to drop below the maximum value.
• RESTRICT—Drops packets with unknown source addresses until a sufficient number of secure
MAC addresses are removed to drop below the maximum value and causes the Security Violation
counter to increment.
• SHUTDOWN—Puts the interface into the error-disabled state immediately and sends an SNMP
trap notification.
d. In the Secure MAC Addresses field, enter one or more Ethernet MAC addresses.