Cisco® ME 3400E Series Ethernet Access Switches are next-generation Layer 2 and Layer 3 customer-located devices for service providers. Their design is based on the widely deployed Cisco ME 3400 Series Ethernet Access Switches. The Cisco ME 3400E Series helps service providers deliver four key attributes that are essential to next-generation Carrier Ethernet service: availability, flexibility, manageability, and security.
With service-provider-friendly features, the Cisco ME 3400E Series is the second-generation Cisco access switch optimized for Ethernet-to-the-Business (ETTB) VPN services. It provides both high availability and service flexibility for Carrier Ethernet business access deployments. The Cisco ME 3400E Series comes by default with advanced Layer 2 VPN service features and the option to upgrade to Layer 3 VPN services, giving service providers an out-of-the-box business VPN solution that can be scaled to meet future needs.
The Cisco ME 3400E Series (Figure 1) includes the following configurations:
• Cisco ME 3400EG-12CS chassis (part number ME-3400EG-12CS-M) with 12 dual-purpose (10/100/1000 and Small Form-Factor Pluggable [SFP]) ports, four SFP uplinks, and two slots for field-replaceable modular power supply and fan unit
• Cisco ME 3400EG-2CS chassis (part number ME-3400EG-2CS-A) with two dual-purpose (10/100/1000 and SFP) ports, two SFP uplinks, and an integrated AC power supply
• Cisco ME 3400E-24TS chassis (part number ME-3400E-24TS-M) with 24 Ethernet 10/100 ports, two dual-purpose (10/100/1000 and SFP) uplinks, and two slots for field-replaceable modular power supply and fan unit
Figure 1. Cisco ME 3400E Series
The Cisco ME 3400E Series offers two different Cisco IOS
® Software feature images. The METROACCESS image offers advanced quality of service (QoS), rate limiting, robust multicast control, and comprehensive security features. In addition, the METROACCESS image includes a rich set of Carrier Ethernet access features including 802.1Q Tunneling, Layer 2 Protocol Tunneling (L2PT), and Flexlink. The METROIPACCESS image adds advanced Layer 3 features such as support for advanced IP routing protocols, Multi-VPN Routing and Forwarding Customer Edge (Multi-VRF CE), and Policy Based Routing (PBR).
The SFP-based Gigabit Ethernet ports accommodate a wide range of 100BASE, 1000BASE, coarse wavelength-division multiplexing (CWDM), and dense wavelength-division multiplexing (DWDM) SFP transceivers. These ports also support the Cisco Catalyst
® 3560 SFP Interconnect Cable for establishing a low-cost Gigabit Ethernet point-to-point connection.
Because Carrier Ethernet access switches are typically deployed in small spaces in office buildings or apartments, the Cisco ME 3400E Series offers a compact form factor and flexible mounting options. In addition, the Cisco ME 3400E Series has all front-accessed connectors to simplify field installation and troubleshooting. To help ensure compliance with industry standards, the Cisco ME 3400E Series has obtained both Network Equipment Building Standards Level 3 (NEBS3) and ETSI certifications.
Carrier Ethernet is a huge growth area for emerging connectivity services. It is a comparatively simple, cost-effective, and familiar technology whose migration to the WAN will lead to more flexible network connectivity while reducing overall IT costs. The Cisco ME 3400E Series is certified to Metro Ethernet Forum (MEF) 9 and 14 to support industry-standard Layer 2 services and QoS features.
With more and more applications demanding higher bandwidth, both enterprise and residential customers want access speeds greater than 100 Mbps. To address this requirement, the Cisco ME 3400E Series offers wire-speed Gigabit Ethernet with all the Carrier Ethernet functions. At speeds of 1000 Mbps, Gigabit Ethernet provides the bandwidth to meet new and evolving network demands, alleviate bottlenecks, and boost performance while protecting the investment in existing infrastructure.
Carrier Ethernet-Specific Software
The Cisco ME 3400E Series software is designed specifically for the Carrier Ethernet market. Numerous new features make the Cisco ME 3400E Series the optimal access switch for service providers. Many default behaviors of the Cisco ME 3400E Series are different from those of traditional Ethernet switches, making the Cisco ME 3400E Series easier to configure, manage, secure, and troubleshoot.
The Cisco ME 3400E Series software introduces the concept of User-Network Interface/Enhanced Network Interface/Network-Node Interface (UNI/ENI/NNI) for Ethernet access switches. Because the software can identify the application of each port, it can provide many powerful default behaviors. Table 1 lists some of the primary behaviors and benefits of UNI/ENI/NNI.
Table 1. UNI/ENI/NNI Default Behaviors
UNI/ENI default: down
Ports must be activated by the service provider before customers can receive service.
UNI/ENI default: no local switching
Circuit-like behavior protects customers from each other.
UNI/ENI default: configurable control plane security enabled
Control-plane packets ingressing from the UNI/ENI are dropped in hardware to protect against denial-of-service (DoS) attacks by default. Unlike UNI ports, ENI ports give service providers the flexibility to selectively discard or peer with customer's control plane traffic on a per-port, per-protocol basis for the following Layer 2 protocols: Cisco Discovery Protocol, Link Layer Discovery Protocol (LLDP), Link Aggregation Control Protocol (LACP), Port Aggregation Protocol (PAgP), and Spanning Tree Protocol.
NNI default: up
Enables automated configuration of the switch through a Dynamic Host Configuration Protocol (DHCP) or BOOTP server.
Flexible Deployment Options for Software Features
The Cisco ME 3400E Series offers two different Cisco IOS Software feature images, METROACCESS and METROIPACCESS, providing cost-effective, "pay-as-you-grow" upgrade options for service providers deploying multiple services. The service providers do not have to pay for the features they do not need today and still have the option in the future to receive those features with a simple software upgrade.
Support for multiple software feature images allows service providers to standardize on the Cisco ME 3400E Series, save on the operating expense of stocking multiple products, simplify training of support technicians, and alleviate the complication of supporting different products for different services.
Table 2 lists the key features in the Cisco IOS Software images for the Cisco ME 3400E Series.
Table 2. Key Features in Cisco IOS Software Images for Cisco ME 3400E Series
802.1Q Tunneling, L2PT
All METROACCESS features plus:
Internet Group Management Protocol (IGMP) Filtering and Throttling
Ethernet OAM (802.1ag, 802.3ah, E-LMI)
Multicast VLAN Registration (MVR)
Y.1731 Fault Management and Performance Monitoring (Delay Measurement)
Solutions for Next-Generation Business Access Services
The Cisco ME 3400E Series is designed to help service providers provide service availability, service flexbility, service manageability, and service security for advanced Carrier Ethernet business access.
Increased service availability is a critical requirement for service provider networks because most enterprise customers expect the same level of availability from Carrier Ethernet as they have from leased-line networks. The Cisco ME 3400E Series supports redundant field-replacable integrated power supply and fan modules. To quickly activate and troubleshoot services, the Cisco ME 3400E Series offers traffic loopback capabilities so service providers can remotely verify and monitor services. Four external alarm inputs allow service providers to respond quickly to changes in the switch's environmental condtions before failure occurs.
To further increase service availability on a networkwide level, Cisco ME 3400E offers Flexlink for sub-50-ms failover, Resilient Ethernet Protocol (REP), Link-State Tracking, IEEE 802.1w Rapid Spanning Tree Protocol (RSTP), per-VLAN Rapid Spanning Tree Plus (PVRST+), and the Cisco Hot Standby Router Protocol (HSRP). These capabilities help to create redundant, failsafe topologies. Strong, built-in security in three tiers―network, switch, and subscriber - helps prevent the device and the network from succumbing to malicious attacks, thereby enhancing network uptime.
Resilient Ethernet Protocol (REP) is a Cisco proprietary protocol that provides an alternative to Spanning Tree Protocol to control network loops, handle link failures, and improve convergence time. REP enables fast and predicable reconvergence for Layer 2 networks. In addition, REP supports VLAN load balancing to enable efficient utilization of redundant links.
As more enterprises adopt Carrier Ethernet technology, the demand on service providers' abilities to offer new services increases. The Cisco ME 3400E Series offers 1:1 VLAN translation which allows end customers the flexibility of choosing their own internal VLANs without affecting the core service provider's network. In some instances, service providers need to provide multiple EPL (Ethernet Private Line) services on a single UNI (User Network Interface). With the Selective QinQ feature, the Cisco ME 3400E Series helps service providers to offer multiple Ethernet Virtual Private Line (EVPL) services on a single UNI. To support the need for next-generation enterprise services, customers are lookings for more QoS functionalities to support differenty types of applicatoins. To meet the need for ever stringent QoS requirements from customers, the Cisco ME 3400E Series offers 2-rate 3-color policer with byte-level statistics at ingress ports and inner-to-outer CoS mapping to help service providers offer differentiated services with high profit margins.
With today's sophiscated networks, service providers are always looking for ways to reduce operational expenses (OpEx) and increase profit margins. The Cisco ME 3400E Series provides the following tools to help service providers simplify the management of their Ethernet services.
Traffic loopback capabilities to help service providers activate and troubleshoot new and existing services without expensive truck rolls. The "dying gasp" alert for loss of power and four external alarm inputs to detect changes in remote sites further help service providers to manage the health of their equipment. And an Ethernet management port provides dedicated access for service providers to monitor and provision the switch.
In addtion, the Cisco ME 3400E Series includes Generic Online Diagnostics (GOLD) and Onboard Failure Logging (OBFL) to help service providers avoid potential problems before they occur and troubleshoot and diagnose issues once they happened. With features such as Embedded Event Manager (EEM), Ethernet Operations, Administration, and Management (OAM), and Time-Domain Reflectometer (TDR), the Cisco ME 3400E Series provides a comprehensive set of tools to help service providers to manage Ethernet services.
As Carrier Ethernet networks expand, it is a challenge to provide the same level of security as other access technologies. Cisco ME 3400E Series switches provide a comprehensive security solution for Ethernet access networks by providing service security in three areas: subscriber, switch, and network.
Subscriber security helps create protection among customers. A major concern in using a shared device for multiple customers is how to prevent customers from affecting each other. The Cisco ME 3400E Series addresses this concern with several different features. The UNI/NNI feature creates a circuit-like behavior to separate customers' traffic from each other. DHCP Snooping, Dynamic ARP Inspection, and IP Source Guard help service providers identify each customer based on MAC, IP address, and port information to help prevent malicious users from spoofing fake addresses and launching man-in-the-middle attacks.
Switch security is about protecting the switch itself from attacks. The Cisco ME 3400 Series offers features to protect CPU and configuration files from attacks. CPU is a critical component of an Ethernet switch that is responsible for process-control protocols and routing updates; under DoS attack, the CPU could drop those control packets, resulting in network outage. Other features such as Configurable Control Plane Security and Storm Control protect the CPU against malicious attacks. The Port Security feature allows service providers to control the number of MAC addresses each subscriber is allowed, offering protection against overwhelming the switch memory.
Network security features filter all incoming traffic to help ensure that only valid traffic is allowed through the switch. Cisco ME 3400E Series switches have features such as access control lists (ACLs) and IEEE 802.1x authentication to identify the users and packets that are allowed to transmit traffic through the switch.
Table 3 lists these and other key features of the security solution.
Table 3. Key Features for Each Area of Comprehensive Security Solution
UNI/ENI default: no local switching
Configurable control plane security
DHCP Snooping and IP Source Guard
Dynamic ARP Inspection
UNI/ENI default: port down
Configurable per-VLAN MAC learning
Configuration file security
Switch Management Options
The Cisco ME 3400E Series offers a superior command-line interface (CLI) for detailed configuration. In addition, the switches support CiscoWorks and Simple Network Management Protocol (SNMP) for networkwide management. Service providers can integrate the Cisco ME 3400 Series transparently into their operations support systems (OSSs) and enable improved flow-through provisioning.
Service providers can also manage the Cisco ME 3400E Series using SNMP Versions 2 and 3. A comprehensive set of MIBs is provided for service providers to collect traffic information in the Cisco ME 3400E Series.
Ethernet Operations, Administration, Maintenance, and Provisioning
The advent of Ethernet as a metropolitan and wide-area networking technology has accelerated the need for a new set of operations, administration, maintenance, and provisioning (OAM&P) protocols. Service provider networks are large and complex with a wide user base, and they often involve different operators that must work together to provide end-to-end services to enterprise customers. To answer enterprise customer demands, service providers must reduce the mean time to repair (MTTR) and increase service availability. Ethernet OAM&P features address these challenges and enable service providers to offer carrier-grade services.
The Cisco ME 3400E Series supports industry-standard OAM&P tools including IEEE 802.1ag Connectivity Fault Management, IEEE 802.3ah Ethernet First Mile, and Ethernet Local Management Interface (E-LMI) protocol. IEEE 802.1ag tools to monitor and troubleshoot end-to-end Ethernet networks allow service providers to check connectivity, isolate network issues, and identify customers affected by network issues. E-LMI protocol, developed by the MEF, enables service providers to communicate service configuration and status information to the customer-edge device. In addition, the Cisco ME 3400E Series supports the IEEE 802.3ah Ethernet in the First Mile standard for monitoring, remote failure indication, loopback, and OAM discovery on the link between the customer equipment and the service provider network.
Furthermore, the Cisco ME 3400E Series supports the ITU-T standard Y.1731, which provides fault management and complements the IEEE 802.1ag functionality. In addition, Cisco ME3400E Series also supports Y.1731 Delay Measurement for performance monitoring.
Cisco ME 3400E Series switches help service providers offer a portfolio of profitable, differentiated services, including Layer 2 and Layer 3 VPN services for the ETTB market.
Intelligent Ethernet Demarcation
As Ethernet circuits replace TDM circuits inside of enterprise wiring closets, a replacement for the demarcation device is also needed. Service providers have traditionally relied on this type of device to separate the management responsibility. A demarcation device allows service providers to monitor and troubleshoot circuits all the way into the customer's wiring closet. The Cisco ME 3400EG-2CS Switch offers the same function for an Ethernet-based network. With support for industry-standard Ethernet OAM&P features and traffic loopback, the Cisco ME 3400EG-2CS allows service providers to monitor and troubleshoot Ethernet circuits remotely. These features greatly reduce operating expense for service providers by reducing the numbers of site visits needed to troubleshoot network problems. In addition, the Cisco ME 3400EG-2CS provides the same intelligent features such as QoS, Ethernet security, and Multicast as other switches in the Cisco ME 3400E Series.
Layer 2 VPN Service
Layer 2 VPN services allow customers to connect remote offices together through a service provider network without requiring private connections. The Cisco ME 3400E Series is suited for Carrier Ethernet access deployments because it offers features such as 802.1Q Tunneling and L2PT. The Cisco ME 3400E Series helps service providers offer Layer 2 VPN services to their enterprise or commercial customers (Figure 2). Typically, these switches are installed in a office building basement serving multiple customers as customer located equipment (CLE).
Figure 2. Layer 2 VPN Service
Layer 3 VPN Service
Layer 3 VPN is another popular offering from service providers. Its benefits include a single control plane over different transport technologies, advanced QoS, and high security. With the Multi-VPN Routing and Forwarding Customer Edge (Multi-VRF CE) feature, the Cisco ME 3400E Series provides a separate routing-table function for each customer to help ensure separation of customers' routing information (Figure 3).
Figure 3. Layer 3 VPN Service
Mobile Backhaul Service
With the explosion of mobile data traffic, service providers need more bandwidth in their mobile networks. Ethernet, with attributes such as simplicity, scalability, and low cost, has become the mobile backhaul solution that many service providers have turned to in order to provide the required capacity for data traffic. The Cisco ME 3400E Series provides features such as +24V DC, redundant power supplies, and an extended temperature range (up to 65°C depending on the model and configuration (see Table 9 for more details), which are critical for mobile backhaul deployments. In addition, the Cisco ME 3400E Series includes Ethernet OAM and traffic loopback, which help service providers to remotely monitor and troubleshoot traffic at distant cell stations. The Cisco ME 3400E Series also helps service providers to deliver flexible Layer 2 SLAs with advanced QoS features.
Figure 4. Mobile Backhaul Service
Key Features and Benefits
Table 4 lists the features and benefits of the Cisco ME 3400E Series.
Table 4. Features and Benefits
Next-generation Ethernet access switches for Carrier Ethernet market
• All-front access provides ease of deployment and troubleshooting in the field.
• Compact form factor allows for deployment in space-limited areas.
• Support for dual-speed SFP transceivers (100BASE and 1000BASE) provides flexible downlink/uplink options.
• Both AC and DC power options are available.
• Software is optimized for Carrier Ethernet access.
• Two software feature images help enable support for breadth of services.
• Software upgrade options allow service providers to purchase only the features needed today while retaining the option to obtain other features through simple software upgrades.
• Upgrade options reduce operating expense by lowering the support costs for different products and by reducing the number of different products needed for sparing.
• METROACCESS software feature image is designed for Layer 2 VPN services.
• METROIPACCESS software feature image is designed for Layer 3 VPN services.
Intelligent Ethernet demarcation
• Industry-standard OAM&P 802.1ag (CFM) feature supports end-to-end network monitoring and troubleshooting. This reduces operating expense by reducing the site visits needed to troubleshoot network problems.
• E-LMI enables service providers to communicate service configuration and status information to the customer-edge device. Ethernet in the First Mile OAM&P (802.3ah) provides support for monitoring, remote failure indication, loopback, and OAM discovery on the link between the customer equipment and service provider network.
• Traffic loopback allows quick service activation and verification.
• Carrier-class redundancy features (Flexlink, RSTP, REP) support both hub-and-spoke and ring networks.
Layer 2 VPN service
• Standard 802.1Q Tunneling creates a hierarchy of 802.1Q tags, helping service providers use a single VLAN to support customers who have multiple VLANs while preserving customer VLAN IDs and segregating traffic from different customers within the service provider infrastructure.
• 2-rate 3-color policer allows service providers to provide more flexible control on incoming traffic rate.
• 1:1 VLAN mapping gives service providers the flexibility to translate customer VLAN ID into a service provider VLAN ID to support overlapping customer VLAN IDs.
• Selective QinQ (1:2 VLAN mapping) enables service providers to multiplex multiple services on a single UNI (MEF EVPL for example).
• Inner-to-outer CoS value propagation for QinQ helps ensure that customer QoS setting is honored in the service provider network.
• L2PT allows for transport of the customer's control protocols, thereby allowing for transparency across the service provider's shared infrastructure.
Layer 3 VPN service
• Multi-VRF CE (VRF-lite) forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF, allowing the creation of multiple Layer 3 VPNs on a single Cisco ME 3400 Series switch. Interfaces in a VRF could be either physical, as in an Ethernet port, or logical, as in a VLAN switch virtual interface (SVI), requiring the METROIPACCESS feature image.
• IP Multicast support in Multi-VRF CE allows customers to migrate to VRF-lite without affecting application and services that depend on IP Multicast.
• VRF-aware services (ARP, ping, SNMP, HSRP, uRPF syslog, traceroute, FTP, and TFTP) help in managing individual VRFs.
• Support for multiple IP routing protocols (RIPv1/v2, EIGRP, OSPF, IS-IS, and BGPv4) offers flexible options for peering between customers and service providers.
Availability and Scalability
Superior redundancy for fault backup
• Field-replaceable integrated power supply and fan module increases network uptime.
• IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) provides rapid spanning-tree convergence independent of spanning-tree timers and offers the benefit of distributed processing.
• Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
• Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, fail-safe routing topologies.
• Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic connections or port faults to be detected and disabled on fiber-optic interfaces.
• Flexlink provides fast failover of ports without overhead of control protocols such as the Spanning Tree Protocol.
• Switch-port autorecovery (errdisable) automatically attempts to reactivate a link that is disabled because of a network error.
• Equal-cost routing provides for load balancing and redundancy.
• Bandwidth aggregation up to 8 Gbps through Cisco EtherChannel technology enhances fault tolerance and offers greater aggregated bandwidth between switches and to routers and individual servers.
• Link-State Tracking helps accelerate Layer 3 reconvergence by taking UNI down when the associated NNI is down.
• Resilient Ethernet Protocol (REP) provides fast Layer 2 reconvergence in a ring network and offers an alternative to Spanning Tree Protocol.
• Basic IP Unicast routing protocols (static and RIP versions 1 and 2) are supported for small-network routing applications.
• Advanced IP Unicast routing protocols (OSPF, EIGRP, IS-IS, and BGPv4) are supported for load balancing and constructing scalable LANs.
• HSRP provides dynamic load balancing and failover for routed links; up to 32 HSRP links are supported per unit.
• Inter-VLAN IP routing provides for full Layer 3 routing between two or more VLANs.
• Protocol Independent Multicast (PIM) for IP Multicast routing is supported, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode. The Metro IP Access image is required.
• Cisco recommends 128 switch virtual interfaces (SVIs). A maximum of 1000 are supported (depending on the number of routes and multicast entries).
• IPv6 improves the scalability of IP networks by supporting the growing number of users, applications and services. The functionalities supported include ACLs, DHCP, routing (Unicast routing, RIP, OSPFv3, static routes), MLD snooping, stateless autoconfig, default router preference, HTTP/HTTPS.
Efficient multicast distribution
• Multicast VLAN Registration provides efficient multicast distribution in ring networks by dedicating a single VLAN for multicast traffic, thereby removing duplicate multicast traffic in other VLANs.
• PIM-SM provides efficient routing of multicast traffic by establishing distribution trees across WANs.
• Source Specific Multicast (SSM) reduces the need for IP Multicast address management and prevents DoS attacks against receivers.
• SSM mapping provides a mapping of source to group, which allows listeners to find/connect to multicast sources dynamically, reducing dependencies on the application.
Robust multicast control
• IGMP Snooping helps enable intelligent management of multicast traffic by examining IGMP messages.
• IGMP Fast Leave provides a fast channel-changing capability for IPTV services.
• IGMP filtering provides control of groups each user can access.
• IGMP Throttling controls the maximum number of multicast groups each user can access.
• IGMP Proxy allows users anywhere on a downstream network to join an upstream sourced multicast group.
QoS and Control
• The Cisco Modular QoS CLI provides a modular and highly extensible framework for deploying QoS, by standardizing the CLI and semantics for QoS features across all platforms that are supported by Cisco IOS Software.
• 2-rate 3-color policer enables service provider to provide more flexible QoS offerings.
• Standard 802.1p class of service (CoS) and differentiated services code point (DSCP) field classification are provided, using marking and reclassification on a per-packet basis by source and destination IP address, source and destination MAC address, VLAN ID, or Layer 4 TCP/UDP port number.
• Cisco control-plane and data-plane QoS ACLs on all ports help ensure proper marking on a per-packet basis.
• Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet flows by intelligently servicing the queues.
• Weighted Tail Drop (WTD) provides per QoS class congestion avoidance at the queues before a disruption occurs.
• Strict priority queuing helps ensure that the highest-priority packets are serviced ahead of all other traffic.
• Configurable control plane queue assignment allows service providers to assign control plane traffic to specific egress queue.
• Prioritization of control plane traffic enables service providers to set QoS markings globally for CPU-generated traffic so these protocol packets will receive priority in the network.
• There is no performance penalty for advanced QoS functions.
Advanced traffic control
• 1:1 VLAN mapping allows service providers to translate same VLAN IDs from different customers into different service provider VLAN IDs to separate customer traffic in the service provider network.
• Selective QinQ (1:2 VLAN mapping) gives service providers the ability to multiplex multiple Ethernet Private Line (EPL) services on a single UNI.
• Inner-to-outer CoS value propagation for QinQ honors customer QoS setting in the service provider network.
• Upstream and downstream traffic flows from the end station or the uplink are easily managed using ingress policing and egress shaping.
• Ingress policing provides bandwidth monitoring in increments as low as 8 kbps.
• Ingress policing is provided based on CoS, VLAN ID, DSCP, and QoS ACLs (IP ACLs or MAC ACLs) which can include source and destination IP address, source and destination MAC address, Layer 4 TCP/UDP information, or any combination of these fields.
• Egress Weighted Fair Queuing helps guarantee the Committed Information Rate (CIR) between traffic flows and queues.
• Egress shaping for each queue provides smooth traffic control of available bandwidth.
• Egress port rate limiting allows the service provider to control the traffic rate that is transmitted out of the port.
Comprehensive security solutions
• IEEE 802.1x allows dynamic, port-based security by providing user authentication.
• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.
• IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses.
• IEEE 802.1x readiness check simplifies deployment by generating a report for end hosts capable of 802.1x.
• An absence of local switching behavior provides security and isolation between UNIs, helping ensure that users cannot monitor or access other users' traffic on the same switch.
• DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses. This feature also prevents numerous other attacks such as Address Resolution Protocol (ARP) poisoning.
• Dynamic ARP Inspection helps ensure user integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol.
• IP Source Guard prevents a malicious user from spoofing or taking over another user's IP address by creating a binding table between client's IP and MAC address, port, and VLAN.
• Control Plane Security prevents DoS attacks on the CPU.
• Configurable control plane security on ENI gives service providers the flexibility to selectively discard or peer with customer's control plane traffic on a per-port, per-protocol basis.
• Secure Shell (SSH) Protocol, Kerberos, and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
• Port security secures the access to an access or trunk port based on MAC address. After a specific timeframe, the aging feature removes the MAC address from the switch to allow another device to connect to the same port.
• Multilevel security on the console access prevents unauthorized users from altering the switch configuration.
• TACACS+ and RADIUS authentication facilitate centralized control of the switch and restrict unauthorized users from altering the configuration.
• Configuration File Security helps ensure that only authenticated users have access to the configuration file.
• MAC address learning and aging notifications allow administrators to keep track of subscriber activities.
• Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
• Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-plane and data-plane traffic.
• Port-based ACLs for Layer 2 interfaces allow for application of security policies on individual switch ports.
• MAC address notification allows administrators to be notified of users added to or removed from the network.
• Loopback allows service provider to test end-to-end traffic condition in the network.
• Remote Switched Port Analyzer (RSPAN) allows for remote monitoring of the user interface.
• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco intrusion detection system to take action when an intruder is detected.
• The Cisco IOS CLI provides a common user interface and command set with all Cisco routers and Cisco Catalyst desktop switches.
• Cisco Service Assurance Agent (SAA) provides service-level management throughout the network.
• IEEE 802.1ag Connectivity Fault Management provides standard support for transport fault management. It allows for discovery and verification of path for Layer 2 services.
• Ethernet Local Management Interface enables service providers to communicate service configuration and status information to the customer-edge device IEEE 802.3ah Ethernet in the First Mile provides standard support for monitoring, remote failure indication, loopback, and OAM discovery on the link between the customer equipment and service provider network.
• ITU-T Y.1731 introduces the support for fault management functions, including alarm indication signal (AIS), remote defect indication (RDI) and locked signal (LCK) to detect and signal a failure in the service path.
• The Cisco ME 3400E Series supports ITU-T Y.1731 Performance Monitoring function to measure frame delays in the network.
• Switching Database Manager templates for Layer 2 and Layer 3 deployment allow administrators to easily optimize memory allocation to the desired features based on deployment-specific requirements.
• VLAN trunks can be created from any port, using standards-based 802.1Q tagging. Up to 1005 VLANs per switch and up to 128 spanning-tree instances per switch are supported.
• 4096 VLAN IDs are supported.
• RSPAN allows administrators to remotely monitor ports in a Layer 2 switch network from any other switch in the same network.
• For enhanced traffic management, monitoring, and analysis, the embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
• Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source to destination.
• All nine RMON groups are supported through a SPAN port, permitting traffic monitoring of a single port, a group of ports, or the entire stack from a single network analyzer or RMON probe.
• Domain Name System (DNS) provides IP address resolution with user-defined device names.
• Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
• Network Timing Protocol (NTP) provides an accurate and consistent time stamp to all intranet switches.
• The Cisco ME 3400 Series supports the Cisco CNS 2100 Series Intelligence Engine and SNMP for networkwide management.
• Cisco ISC applications help reduce administration and management costs by providing automated resource management and rapid profile-based provisioning capabilities.
• Configuration Rollback helps in error recovery by providing the capability to replace the current running configuration with any saved Cisco IOS configuration file.
• Embedded Events Manager (EEM) offers the ability to monitor events and take user-defined action when the monitored events occur or a threshold is reached.
• Dynamic Host Configuration Protocol (DHCP)-based auto configuration and image update simplifies management of large number of switches by automatically downloading specified configuration and image.
• Service Diagnostics automates a set of network diagnostic procedures derived from the vast troubleshooting experiences of Cisco network experts. These diagnostic tools help customers increase network uptime, reduce time to repair and improve service levels.
• Digital optical monitoring (DOM) support enable service providers to perform in-service transceiver monitoring and troubleshooting operations. DOM threshold functions allow the monitoring of real time optical parameters on DOM SFPs and the comparison against factory-reset values, generating alarm and warning thresholds.
• CiscoWorks network management software provides management capabilities on a per-port and per-switch basis, providing a common management interface for Cisco routers, switches, and hubs.
• SNMP Versions 1, 2c, and 3 and Telnet provide comprehensive in-band management, and a CLI-based management console provides detailed out-of-band management.
• Cisco Discovery Protocol Versions 1 and 2 help enable automatic switch discovery for a CiscoWorks network management station.
• CiscoWorks 2000 LAN Management Solution is supported.
Table 5 lists product specifications for Cisco ME 3400E Series Ethernet Access Switches.
Table 5. Product Specifications
• Forwarding bandwidth:
• Cisco ME 3400EG-12CS AC or DC: 32 Gbps
• Cisco ME 3400EG-2CS AC: 8 Gbps
• Cisco ME 3400E-24TS, AC or DC: 8 Gbps
• Forwarding rate:
• Cisco ME 3400EG-12CS, AC or DC: 26 mpps
• Cisco ME 3400EG-2CS AC: 6.5 mpps
• Cisco ME 3400E-24TS, AC or DC: 6.5 mpps
• 128 -MB DRAM and 32 MB flash memory
• Configurable up to 8000 MAC addresses
• Configurable up to 5000 unicast routes
• Configurable up to 1000 IGMP groups and multicast routes
• Configurable maximum transmission unit (MTU) of up to 9000 bytes, for bridging on Gigabit Ethernet ports, and up to 1998 bytes for bridging and routing on Fast Ethernet ports
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to Cisco Technical Support Services or Cisco Advanced Services.
Cisco is committed to minimizing your total cost of ownership. Cisco offers a portfolio of technical support services to help ensure that Cisco products operate efficiently, remain highly available, and benefit from the most up-to-date system software. The services and support programs described in Table 11 are available as part of the Cisco Carrier Ethernet Switching Service and Support solution, and are available directly from Cisco and through resellers.
Table 11. Service and Support
Service and Support
Cisco Total Implementation Solutions (TIS), available directly from Cisco
Cisco Packaged TIS, available through resellers
• Project management
• Site survey, configuration, and deployment
• Installation, text, and cutover
• Major moves, adds, and changes
• Design review and product staging
• Supplement existing staff
• Help ensure functions meet needs
• Mitigate risk
Cisco SP Base Support and Service Provider-Based Onsite Support, available directly from Cisco
Cisco Packaged Service Provider-Based Support, available through resellers
• 24-hour access to software updates
• Web access to technical repositories
• Telephone support through the Cisco Technical Assistance Center (TAC)
• Advance Replacement of hardware parts
• Facilitate proactive or expedited problem resolution
• Lower total cost of ownership by taking advantage of Cisco expertise and knowledge