Security for Metro Ethernet over Fiber
Is metro-ethernet over fiber (point-to-point) link secure ? Can someone sniff into the network (and see unencrypted data) over Metro-ethernet point-to-point link ?
You might want to read this:
http://www.cisco.com/en/US/solutions/collateral/ns341/ns522/ns3/metro_ethernet_white_paper.pdf
Similar Messages
-
Hello Gurus,
I would like to know a bit more about this tecnologie (Metro Ethernet over Docsis).
I work for a cable companie and we would like to know the implicationd of implementing such a technologie.
If we go for a CPE based aproach we only have to configure a CPE like the Cisco 1805 in each costumer end-point?
Which configurations does the CMTS and backbone require?
What are the maximum speed we can offer with this technologie running on HFC?
Any help would be much appreciated.
Thanks in advance.You might want to read this:
http://www.cisco.com/en/US/solutions/collateral/ns341/ns522/ns3/metro_ethernet_white_paper.pdf -
Alerts for metro ethernet link
Hi,
Kindly let me know " How to enable alerts for metro ethernet link"
Thanks..Hello Gureshi,
they are probably referring to OAM, CFM and other mechanisms to detect link or service failure in metro ethernet scenarios
see
http://www.cisco.com/en/US/docs/switches/metro/me3400e/software/release/12.2_52_se/configuration/guide/swoam.html
Hope to help
Giuseppe -
Customer Equipment for Metro Ethernet Link
Hi All
It has been some time since I utilised Cisco network kit to provide private circuit point to point connectivity and I wonder if someone could give me a little guidence.
The customer is shortly to implement a new 100Mb Metro Ethernet link to connect two of their branches. They initially intend to use the link for data only traffic but eventually will want to route VOIP traffic across the link so bandwidth management and QoS will be essential components. It is unlikely that further links will be added to this link so built in expansion of the chosen routers may not be required.
Budget will be an issue on this so I would appreciate any advice or recomendations.
Thanks
J.Hello James,
I think it would be better to get in touch with your Cisco Account Team as this question cannot be answered on a forum post.
Thanks,
Karim -
Can Ethernet over fiber used as fiberchannel cards to connect to a5x00 ?
Or I got wrong cards ?
A5000 is FC-AL only, 1 GB speed only.
If your cards could do that then it might work. -
Sample Configuration For Ethernet over MPLS.
I am looking for a sample configuration and scenario for the Ethernet over MPLS.I would appreciate if I get some explaination with it.How the LDP is configured for the directed sessions (as per Martini draft) and the auto discovery (as per kompella draft) with respect to Ethernet over MPLS.Cam anyone help me in this ?
Here's a sample EoMPLS configuration on the PE routers:
R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface Ethernet0/0.10
encapsulation dot1Q 10
! 10 = vcid must match the vcid configured on the other side
mpls l2transport route 2.2.2.2 10
R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
interface Ethernet0/0.10
encapsulation dot1Q 10
mpls l2transport route 1.1.1.1 10
The LDP directed session will be setup automatically by the router when the xconnect statement is configured.
Cisco IOS doesn't support the Kompella Draft.
For more information, see the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/atomt/ftatomtb.htm
Hope this helps, -
Folks,
I have 6500's at the core and want to use the 3750 at the PE. My question is the following:
1) 3750 would do Q-IN-Q.
2) Once the packet reaches the 6500(sup 720) running MPLS. What happens to the frame. Do i use xconnect to transfer the frame to the appropriate PE?
Just confussed about how does the PE use the Q-IN-Q information to direct it to the appropriate PE?
Sample config would be highly appreciated.
ThanksWell.. its about product features .. you gotta compare products with your requirments at various layer of your network and to come out with justification of your requirments . Any ways below is snippet for you to have some justification between two products
===============================================
What is the difference between the Cisco Catalyst 3750 Metro Series and the Cisco Catalyst 3750 Series?
The Cisco Catalyst 3750 Metro Series is built for Metro Ethernet access in a customer location, enabling the delivery of more differentiated Metro Ethernet services. These switches feature bidirectional hierarchical QoS and Traffic Shaping; intelligent 802.1Q tunneling with class-of-service (CoS) mutation; VLAN translation; MPLS, EoMPLS, and Hierarchical Virtual Private LAN Service (H-VPLS) support; and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs. With flexible software options, the Cisco Catalyst 3750 Metro Series offers a cost-effective path for meeting current and future service requirements from service providers.
The standard Cisco Catalyst 3750 Series is an innovative product line for midsize organizations and enterprise branch offices. Featuring Cisco Systems® StackWise technology, Cisco Catalyst 3750 Series products improve LAN operating efficiency by combining industry-leading ease of use and high resiliency for stackable switches.
What is the Metro Ethernet positioning of the Cisco Catalyst 3750 Metro Series, the Cisco Catalyst 3550 Series, and the Cisco Catalyst 2950 Series?
Cisco Catalyst 3750 Metro Series Switches
=========================================
Cisco Catalyst 3750 Metro Series switches are a new line of premier, customer-located switches that bring greater intelligence for Metro Ethernet access, enabling the delivery of more differentiated Metro Ethernet services. These fixed configuration switches feature bidirectional hierarchical QoS and Traffic Shaping; intelligent 802.1Q tunneling; VLAN translation; MPLS, EoMPLS, and H-VPLS support; and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs. With flexible software options, the Cisco Catalyst 3750 Metro Series offers a cost-effective path for meeting current and future service requirements from service providers.
Cisco Catalyst 3550 Series Switches
==================================
With a range of Fast Ethernet, Gigabit Ethernet, DC power, and fiber configurations, the Cisco Catalyst 3550 Series is an intelligent metro access switch for service providers serving the enterprise and small and medium-sized business markets. Featuring 802.1Q tunneling, high-performance IP routing, and subsecond Spanning Tree Protocol convergence, this line of powerful, cost-effective, fixed-configuration switches enables Metro Ethernet services such as Transparent LAN services and business-class Internet access.
Cisco Catalyst 2950 Series Switches
===================================
Ideal for Metro Ethernet access in residential markets, the Cisco Catalyst 2950 Series is an affordable line of fixed-configuration Fast Ethernet and Gigabit Ethernet switches. Featuring advanced rate limiting, voice VLAN support, and multicast management, these switches enable residential Metro Ethernet services such as Internet access, voice over IP (VoIP), and broadcast video.
Hope it helps
Ps rate this post if it helps u ..
Thanks and Regards
Raj -
Metro Ethernet in RAIL Transportation (MRTS) applications
Dear Sir,
I have a query related to Metro Ethernet technology.
We are into TRANSPORTATION SYSTEMS. We are coming up with a MRTS Project in Mumbai , India. We are at a planning stage at the moment. As per our experience, companies in RAIL MRTS Applications are using SDH technology (MUX and access multiplexers).
Could you please suggest , should we go for METRO ETHERNET of SDH Technology.
Are there any players/ any Metro Projects who have implemented Metro Ethernet ( instead of SDH).Hi Pankaj
What kinda applications you are going to use and what kinda bandwidth requirement you have in place ?
Also do revert back the number of locations and a bit more onto your topology which mite help to get back with our suggestions..
regds -
Traffic Shaping on 6880 between sites over metro ethernet
Hi
I have a new dual site setup with 6880s at the core at one side and 3650 stack at the other. We have a 200mbps ethernet solution from our service provider but on testing we are maxing at a bit over 100mbps, iperf tests directly on the link are giving 200mbps so I need to apply some shaping to get the full usage from the link. In the past I have used srr bandwidth on metro switches but the 6880s don't support this. So I assume I need to setup policy maps and apply to the physical interface? The interfaces are layer 2 trunks and we are stretching vlans between the sites. E.g. siteA has vlan20 and site B has vlan 20 over the metro ethernet service, site b is layer2 only and all routing and services are provided at siteA
Is it as simple as this? It seems too easy :) So I may be missing something. I just apply this on the physical interface at each side?
policy-map POLICY-S2S-200MB
class class-default
shape average 204800000
policy-map POLICY-S2S-200MB-IN
class class-default
police cir 204800000
conform-action transmit
exceed-action drop
~
int gi1/1/1
service-policy out POLICY-S2S-200MB-OUT out
service-policy out POLICY-S2S-200MB-IN in
Your input would due treaty appreciated!
Thanks,
Aidan.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Ah, well that's great! (Hmm, now I wonder if same feature is available on 6500 with sup2T or 6807.)
In that case, your output policy might be just as simple as what's in your OP. Cisco isn't really clear whether all their shapers (or policers) are counting L2 and L3 or just L3. I suspect many just count L3. If that's true in this case, you may need to shape about 10 to 15% slower to allow for L2 overhead (this assuming your provider is providing 200 Mbps of "wire" bandwidth.
If you're able to shape on the other side, then there should be no need to also police the ingress. Also, assuming provider limits bandwidth, there's no reason to police ingress at CIR rate. -
Is Metro-ethernet Secured ? Compare with FR/ATM
Hi,
Just would like to understand if Metro-ethernet has the same security level as FR and ATM ? Metro-ethernet has broadcast nature and it seems mirroring ethernet frame is much more easier than FR and ATM . Is there any study onto the security issues presented in the Metro-ethernet technology ?
I see a lot of customers doing IPSec on the Metro-ethernet and they don't do this on the FR or ATM links ?
ThanksI have not seen any document, but my understanding is that FR and ATM networks do not have broadcast capability which is an inherent security feature. Sites can communicte only if a VC is configured between them. In metro ethernet, broadcasting is possible and the providers have to implement security to islolate customers by configuring some feature. Since the customers may not trust the level of security provided by the providers, they may choose to run IPSec over this type of access.
-
EIGRP with over 1000 neighbors using Metro Ethernet
No documentation about using EIGRP with what kind router can build a large network using Metro Ethernet. Cisco7600 become unstable unstable after applying over 600 eigrp neighbors.
Is there a reason you need EIGRP? If you're scaling to 1000 neighbors you should really use BGP. It's meant to be scalabale (I have routers that have 150,000 BGP routes in it). It's really designed for scalability, where as I find EIGRP is preferable in a low-neighbor routing environment.
-Mike
http://cs-mars.blogspot.com -
Ethernet Share for Proxy Media AND Fiber for Original Media
Ethernet Share for Proxy Media AND Fiber for Original Media...
Is that possible?
RyanOur system isn't installed yet but we are following that model. Fibre on all the mian editing systems and ethernet for the laptops. The guys will use the proxies to edit from home on the laptops and then upload project and finish them off on the main systems
-
Which sfp module add in Sg300-10 for connecting with 4503 switch over fiber?
Hello guys...
i need help in network design...
i have 2 cisco 4503 core switches with 48 port sfp that will use to connect at branches SG300-10 with 2 fiber that is single mode...
which module should use in Sg300-10 that will compatable with 4503 fiber module?
Please tell me if I will use the GLC-LH-SMD for WS-C4500 with fiber optic card WS-X4448-GB-SFP what type of SFP do we have to use for the small business switch SG300-10?
We could go for MGBLX1?
if i am ok please reply if not please provide the correct one solution for my design...!Hello guys...
i need help in network design...
i have 2 cisco 4503 core switches with 48 port sfp that will use to connect at branches SG300-10 with 2 fiber that is single mode...
which module should use in Sg300-10 that will compatable with 4503 fiber module?
Please tell me if I will use the GLC-LH-SMD for WS-C4500 with fiber optic card WS-X4448-GB-SFP what type of SFP do we have to use for the small business switch SG300-10?
We could go for MGBLX1?
if i am ok please reply if not please provide the correct one solution for my design...! -
Metro Ethernet Design question
Hello,
I was wondering how service providers guarantee their security protection in the Metro Ethernet model, especially when Internet is one of the applications used over the Metro network.
For example: The customer edge switch (3550) is connected directly to the service provider aggregation layer(either Cisco Catalyst 4500 and 6500 Series switches ) .
In the network core, Cisco 12000 or Cisco 7600 Series routers.
So where is the security devices in this architecture, where is the firewalls, the IDS/IPS, that protects the service provider core from any threats.
Providing the customer with Internet in Ethernet switching technology the service will put the provider in a vulnerable position.
Am I thinking wrong here?Hi
The CE will be hardened using storm control both multicast as well as broadcast on the ports where the end users are connected.
About the accesiability between the other users who are connected on the ports of same switches you have switchport security coded which will take care of the access violation part.
Also the maximum no of MAC address which can be permitted/allowed over the ports.
This inturn will send u a trap and can shut the port if theres any violation detected on those ports..
In the next layer where u say 6500 or 7600 u will have FWSM modules which will be taking care of filtering and other funtionalities which is very much similar to a standalone PIX firewall.
you can have redundandcy or even load balancing with
the FWSM modules over there in the 6500 switches.
And ofcourse the IP addressing schemes deployed would be in private scopes and will have either NAT pools or PAT enabled in the FWSM.
you got to have more n more ACLS on all the devices to mitigate the general known worms/virus or their variants in the network applied in applicable points.
regds -
Basic:Metro Ethernet and DWDM vs SONET question
Hey, my understanding is that in order to deliver Metro Ethernet solutions, one system must be based on DWDM.
SONET, for example, cannot deliver Metro Ethernetsince that is based on TDM (not Ethernet, duhhh).
If the above is right, so I want to confirm that there is no other technology out there besides DWDM which can deliver Metro Ethernet services for enterprise customers?Any number of underlying technologies can be used to deliver Metro Ethernet services - DWDM, SONET, pure play Ethernet over metro area fiber, etc.
It's more of an economic (what installed base does the carrier have or able to obtain the use of and at what cost) and efficiency (how much of the overall capacity can be feasibly broken into resellable Ethernet services without too much stranded or wasted capacity) question than a technological one. Some technologies lend themselves better to one or the other of those factors thus their dominance in certain markets.
The industry is very adept at achieving previously unthought-of solutions through the introduction of additional layers of abstraction (e., Ethernet over SONET, inverse multiplexing, etc.)
Maybe you are looking for
-
Applescript to automatically update the EyeTV DVB EPG program guide
For EyeTV users in Europe and Australia with DVB EPG access, you will all know that EyeTV will not keep that database automatically updated. So I wrote this bit of Applescript will update EyeTV's free to air DVB EPG database. Paste it into the Apples
-
How to created Freely Programmed F4 help in Select Options
hi,all I have a probelm about how to created a Freely Programmed F4 help in Select Options,and put help value into select options field Thanks and Best Regards
-
In VKM1 field VBKRED-KWKKE Credit value beyond the credit horizon is blank?
Hello, I see that note 728744 addresses this issue. We are on a later release that this note applies to and yet we are still having the issue of this field appearing blank in VKM1. Has anyone encountered this? Thanks, Kevin
-
Issue listeneing queue from Weblogic Cluster server with multiple managed server
Haveing issue listeneing queue from Weblogic Cluster server with multiple managed server. Weblogic Cluster structure is like Weblogic Cluster01 --ManagedServer01(http://server01.myhost.com:7001) --ManagedServer02(http://server02.myhost.com:7001)
-
2602i remove files from Flash / recover from rommon
hello all, I've got a particular question, not anwered in other foruns i've searched. My Cisco Aironet 2602i is in the rommon state ap: set IP_ADDR 10.2.104.152 set NETMASK 255.255.255.0 set DEFAULT_ROUTER 10.2.0.254 tftp_init ether_init flash_init t