Cisco® ME 3400 Series Ethernet Access Switches are a series of next-generation Layer 2 and Layer 3 customer-located devices for service providers. Its design is based on the experience learned from today's most widely deployed access switches, the Cisco Catalyst® 2950 and 3550 Series.
With service provider-friendly hardware and mission-specific software, the Cisco ME 3400 Series is the first Cisco access switch family optimized for both Ethernet-to-the-Home (ETTH) triple-play services and Ethernet-to-the-Business (ETTB) VPN services. It provides a complete security solution for Metro Ethernet access that includes subscriber, switch, and network protection. The Cisco ME 3400 Series supports multiple software images to provide a "pay-as-you-grow" deployment model. With service breadth spanning triple-play and Layer 2 and Layer 3 VPN services, lower total cost of ownership (TCO) and operating expenses can be achieved from a single ETTH and ETTB access solution.
The Cisco ME 3400 Series (Figure 1) includes the following configurations:
• Cisco ME 3400G-12CS AC with 12 dual-purpose (10/100/1000 and Small Form-Factor Pluggable [SFP]) ports, four SFP uplinks, and two fixed redundant AC power supplies (part number ME-3400G-12CS-A)
• Cisco ME 3400G-12CS DC with 12 dual-purpose (10/100/1000 and SFP) ports, four SFP uplinks, and two fixed redundant DC power supplies (part number ME-3400G-12CS-D)
• Cisco ME 3400G-2CS AC with two dual-purpose (10/100/1000 and SFP) ports, two SFP uplinks, and an AC power supply (part number ME-3400G-2CS-A)
• Cisco ME 3400-24FS AC with 24 Ethernet 100 SFP ports, two SFP uplinks, and an AC power supply (part number ME-3400-24FS-A)
• Cisco ME 3400-24TS AC with 24 Ethernet 10/100 ports, two SFP uplinks, and an AC power supply (part number ME-3400-24TS-A)
• Cisco ME 3400-24TS DC with 24 Ethernet 10/100 ports, two SFP uplinks, and a DC power supply (part number ME-3400-24TS-D)
Figure 1. Cisco ME 3400 Series
The Cisco ME 3400 Series offers three different Cisco IOS® Software feature images. The METROBASE image offers advanced quality of service (QoS), rate limiting, robust multicast control, and comprehensive security features. The METROACCESS image adds to these a richer set of Metro Ethernet access features including 802.1Q Tunneling, Layer 2 Protocol Tunneling (L2PT), and Flex-Link. The METROIPACCESS image adds to these advanced Layer 3 features such as support for advanced IP routing protocols, Multi-VPN Routing and Forwarding Customer Edge (Multi-VRF CE), and Policy Based Routing (PBR).
The SFP-based Gigabit Ethernet ports accommodate a wide range of 100BASE and 1000BASE SFP transceivers. The options include Cisco 100BASE-LX, 100BASE-FX, 100BASE-BX, 100BASE-EX, 100BASE-ZX, 1000BASE-T, 1000BASE-SX, 1000BASE-LX, 1000BASE-ZX, 1000BASE-EX, and both coarse wavelength-division multiplexing (CWDM) and dense wavelength-division multiplexing (DWDM) SFP transceivers. These ports also support the Cisco Catalyst 3560 SFP Interconnect Cable for establishing a low-cost Gigabit Ethernet point-to-point connection.
Service Provider-Friendly Hardware
Because Metro Ethernet access switches are typically deployed in small spaces in the basements of office buildings or in apartments, the Cisco ME 3400 Series is designed with a compact form factor (1 RU x 9.52 in.) and flexible mounting options. In addition, the Cisco ME 3400 Series has all front-accessed connectors to simplify field installation and troubleshooting. To help ensure compliance with industry standards, the Cisco ME 3400 Series has obtained both Network Equipment Building Standards Level 3 (NEBS3) and ETSI certifications.
Industry Standard Services
Carrier Ethernet is a huge growth area for emerging connectivity services. It is a comparatively simple, cost-effective, and familiar technology whose migration to the WAN will lead to more flexible network connectivity while reducing overall IT costs. To establish better global standards that provide assurance that equipment from different vendors will interoperate, service providers asked the Metro Ethernet Forum (MEF) to initiate a set of standards and a certification program. The Cisco ME 3400 Series is certified to MEF 9 and 14 to support industry-standard Layer 2 services and QoS features.
With more and more applications demanding higher bandwidth, both enterprise and residential customers want access speeds greater than 100 Mbps. To address this requirement, the Cisco ME 3400 Series offers wire-speed Gigabit Ethernet with all the Metro Ethernet functions. At speeds of 1000 Mbps, Gigabit Ethernet provides the bandwidth to meet new and evolving network demands, alleviate bottlenecks, and boost performance while protecting the investment in existing infrastructure.
Cisco ME 3400 Series Switches have software designed for the Metro Ethernet market. Numerous new features make the Cisco ME 3400 Series the optimal access switch for service providers. Many default behaviors of the Cisco ME 3400 Series are different from those of traditional Ethernet switches, making the Cisco ME 3400 Series easier to configure, manage, secure, and troubleshoot.
The Cisco ME 3400 Series software introduces the concept of User-Network Interface/Enhanced Network Interface/Network-Node Interface (UNI/ENI/NNI) for Ethernet access switches. Because the software can identify the application of each port, it can provide many powerful default behaviors. Table 1 lists some of the primary behaviors and benefits of UNI/ENI/NNI.
Table 1. UNI/ENI/NNI Default Behaviors
UNI/ENI default: Down
Ports must be activated by the service provider before customers can receive service.
UNI/ENI default: No Local Switching
Circuit-like behavior protects customers from each other.
UNI/ENI default: Configurable Control Plane Security Enabled
Control-plane packets ingressing from the UNI/ENI are dropped in hardware to protect against denial of service (DoS) attacks by default. Unlike UNI ports, ENI ports provide service providers the flexibility to selectively discard or peer with customer's control plane traffic on a per-port, per-protocol basis for the following L2 protocols: CDP, LLDP, LACP, PAgP, and STP.
NNI default: Up
Enables automated configuration of the switch through a Dynamic Host Configuration Protocol (DHCP) or BOOTP server.
Flexible Deployment Options for Software Features
The Cisco ME 3400 Series offers three different Cisco IOS Software feature images - METROBASE, METROACCESS, and METROIPACCESS - providing cost-effective, pay-as-you-grow upgrade options for service providers deploying multiple services. The service providers do not have to pay for the features they do not need today and still have the option in the future to receive those features with a simple software upgrade.
Support for multiple software feature images allows service providers to standardize on the Cisco ME 3400 Series, save on the operating expense of stocking multiple products, simplify training of support technicians, and alleviate complications in supporting different products for different services.
Table 2 lists key features in the Cisco IOS Software images for the Cisco ME 3400 Series.
Table 2. Key Features in Cisco IOS Software Images for Cisco ME 3400 Series
All METROBASE features
All METROACCESS features
Internet Group Management Protocol (IGMP) Filtering and Throttling
802.1Q Tunneling, L2PT
Multicast VLAN Registration (MVR)
Ethernet OAM (802.1ag, 802.3ah, E-LMI)
Multi-VRF CE (VRF-lite)
Y.1731 Fault Management and Performance Monitoring (Delay Measurement)
Configurable Control Plane Security
Configurable per VLAN MAC Learning
RIP versions 1 and 2
Configuration File Security
EIGRP, OSPF, and IS-IS
Dynamic ARP Inspection, IP Source Guard
Per Port Per VLAN Ingress Policing
NNI Configurable on All Ports
Source Specific Multicast
DHCP Based Auto Configuration, Image Update, and Port-Based Allocation
Bidirectional Forwarding Detection (BFD) for OSPF, IS-IS, BGP, HSRP, and EIGRP
Comprehensive Security Solution
As Metro Ethernet networks expand, it is a challenge to provide the same level of security as other access technologies. Cisco ME 3400 Series Switches provide a comprehensive security solution for Ethernet access networks by addressing their security features to each of three areas: subscriber, switch, and network security.
Subscriber security helps create protection among customers. A major concern in using a shared device for multiple customers is how to prevent customers from affecting each other. The Cisco ME 3400 Series addresses this concern with several different features. The UNI/NNI feature creates a circuit-like behavior to separate customers' traffic from each other. DHCP Snooping, Dynamic ARP Inspection, and IP Source Guard help service providers identify each customer based on MAC, IP address, and port information to help prevent malicious users from spoofing fake addresses and launching man-in-the-middle attacks.
Switch security is about protecting the switch itself from attacks. The Cisco ME 3400 Series offers features to protect CPU and configuration files from attacks. The CPU is a critical component of an Ethernet switch that is responsible for process-control protocols and routing updates; under DoS attack, the CPU could drop those control packets, resulting in network outage. Other features such as Configurable Control Plane Security and Storm Control protect the CPU against malicious attacks. The Port Security feature allows service providers to control the number of MAC addresses each subscriber is allowed, offering protection against overwhelming the switch memory.
Network security features filter all incoming traffic to help ensure that only valid traffic is allowed through the switch. Cisco ME 3400 Series Switches have features such as access control lists (ACLs) and IEEE 802.1x authentication to identify the users and packets that are allowed to transmit traffic through the switch.
Table 3 lists these and other key features of the security solution.
Table 3. Key Features for Each Area of Comprehensive Security Solution
UNI default: No Local Switching
Configurable Control Plane Security
DHCP Snooping and IP Source Guard
Dynamic ARP Inspection
UNI default: Port Down
Configurable per VLAN MAC learning
Configuration File Security
Service Management Options
The Cisco ME 3400 Series offers a superior command-line interface (CLI) for detailed configuration. In addition, the switches support CiscoWorks, the Cisco CNS 2100 Series Intelligence Engine, the Cisco IP Solution Center (ISC), and Simple Network Management Protocol (SNMP) for networkwide management. Service providers can integrate the Cisco ME 3400 Series transparently into their operations support systems (OSSs) and enable improved flow-through provisioning.
The Cisco CNS 2100 Series network device allows service providers to effectively manage a network of Cisco ME 3400 Series and other Cisco IOS Software devices. It is a completely self-contained unit that includes a task-oriented web GUI, a programmable Extensible Markup Language (XML) interface, configuration template management, and an embedded repository. Network operators can use the web GUI to quickly turn existing Cisco IOS Software CLI configuration files into reusable templates. The Cisco CNS 2100 Series integrates easily into existing customer OSSs or business support systems (BSSs); it can provision systems with its external repository support and the event-based Cisco IOS Software XML interface that effectively "workflow-enables" deployment of Cisco devices.
Cisco ISC is a family of cost-saving intelligent network management applications that provide automated resource management and rapid profile-based provisioning capabilities. It helps service providers offering Layer 2 VPN services with provisioning, planning, and troubleshooting features essential to manage the entire lifecycle. Management features such as policy-based VPN, management VPN, and QoS provisioning help reduce the cost of deploying Layer 2 VPN services and help guarantee the accuracy of service deployment.
Service providers can also manage the Cisco ME 3400 Series using SNMP versions 2 and 3. A comprehensive set of MIBs is provided for service providers to collect traffic information in the Cisco ME 3400 Series.
Ethernet Operations, Administration, Maintenance, and Provisioning
The advent of Ethernet as a metropolitan and wide-area networking technology has accelerated the need for a new set of operations, administration, maintenance, and provisioning (OAM&P) protocols. Service provider networks are large and complex with a wide user base, and they often involve different operators that must work together to provide end-to-end services to enterprise customers. To answer enterprise customer demands, service providers must reduce the mean time to repair (MTTR) and increase service availability. Ethernet OAM&P features address these challenges and enable service providers to offer carrier-grade services.
The Cisco ME 3400 Series supports industry-standard OAM&P tools including IEEE 802.1ag Connectivity Fault Management and Ethernet Local Management Interface (E-LMI) protocol. IEEE 802.1ag tools to monitor and troubleshoot end-to-end Ethernet networks allow service providers to check connectivity, isolate network issues, and identify customers affected by network issues. E-LMI protocol, developed by the MEF, enables service providers to automatically configure the customer-edge device to match the subscribed service. This automatic provisioning not only reduces the effort to set up the service, but also reduces the amount of coordination required between the service provider and enterprise customer. In addition, the Cisco ME3400 series supports the IEEE 802.3ah Ethernet in the First Mile standard for monitoring, remote failure indication, loopback, and OAM discovery on the link between the customer equipment and the service provider network.
Furthermore, the Cisco ME 3400 Series supports the ITU-T standard Y.1731, which provides fault management and complements the IEEE 802.1ag functionality. In addition, Cisco ME3400 Series also supports Y.1731 Delay Measurement for performance monitoring.
Resilient Ethernet Protocol
Resilient Ethernet Protocol (REP) is a Cisco proprietary protocol that provides an alternative to Spanning Tree Protocol (STP) to control network loops, handle link failures, and improve convergence time. REP is designed to meet service providers' requirement for a fast and predicable reconvergence solution for Layer 2 networks. In addition, REP also supports VLAN load balancing to provide efficient utilization of redundant links. To interoperate with devices not supporting REP, the edge no neighbor feature makes it possible to achieve fast convergence of Carrier Ethernet networks even when the REP ring is terminated into a non REP-capable switch.
Cisco ME 3400 Series Switches help service providers offer a portfolio of profitable, differentiated services, including Layer 2 and Layer 3 VPN services and triple-play services in both ETTB and ETTH markets.
Triple-play service is a popular choice for service providers because by combining Internet access, voice, and video services, they can generate higher average revenue per unit (ARPU). Triple-play service provides additional value by increasing customer retention. The Cisco ME 3400 Series is optimized for triple-play service and offers service providers the flexibility to connect subscribers through either CAT5 cable or fiber. By delivering the key features in the areas of QoS, multicast, and security, the Cisco ME 3400 Series helps service providers deploy successful triple-play service (Figure 2).
Figure 2. Triple-Play Service
Intelligent Ethernet Demarcation
As Ethernet circuits replace TDM circuits inside of enterprise wiring closets, a replacement for the demarcation device is also needed. Service providers have traditionally relied on this type of device to separate the management responsibility. A demarcation device allows service providers to monitor and troubleshoot circuits all the way into the customer's wiring closet. The Cisco ME-3400G-2CS Switch offers the same function for an Ethernet-based network. With support for industry-standard Ethernet OAM&P features, the Cisco ME-3400G-2CS allows service providers to monitor and troubleshoot Ethernet circuits remotely. This greatly reduces operating expense for service providers by reducing the numbers of site visits needed to troubleshoot network problems. In addition, the Cisco ME-3400G-2CS provides the same intelligent features such as QoS, Ethernet security, and Multicast as other switches in the Cisco ME 3400 Series.
Layer 2 VPN Service
Layer 2 VPN services allow customers to connect remote offices together through a service provider network without requiring private connections. The Cisco ME 3400 Series is suited for metro access deployments because it offers features such as 802.1Q Tunneling and L2PT. The Cisco ME 3400 Series helps service providers offer Layer 2 VPN services to their enterprise or commercial customers (Figure 3). Typically, these switches are installed in a office building basement serving multiple customers as customer located equipment (CLE).
Figure 3. Layer 2 VPN Service
Layer 3 VPN Service
With the popularity of IP technologies, Layer 3 VPN is another popular service that service providers like to offer. Its benefits include a single control plane over different transport technologies, advanced QoS, and high security. With the Multi-VRF CE feature, the Cisco ME 3400 Series provides a separate routing-table function for each customer to help ensure separation of customers' routing information (Figure 4).
Figure 4. Layer 3 VPN Service
Key Features and Benefits
Table 4 gives features and benefits of the Cisco ME 3400 Series.
Table 4. Features and Benefits
Next-generation Ethernet access switches for Metro Ethernet market
• All-front access provides ease of deployment and troubleshooting in the field.
• Compact form factor (1 RU x 9.52 in.) allows for deployment in space-limited areas.
• Dual-speed SFP transceivers support (100BASE and 1000BASE) provides flexible uplink options.
• Both AC and DC power options are available.
• Software is optimized for Metro Ethernet access.
• Three software feature images help enable support for breadth of services.
• Software upgrade options allow service providers to purchase only the features needed today while retaining the option to obtain other features through simple software upgrades.
• Upgrade options reduce operating expense by lowering the supporting cost for different products and by reducing the number of different products needed for sparing.
• METROBASE software feature image is designed for triple-play services.
• METROACCESS software feature image is designed for premium triple-play services or Layer 2 VPN services.
• METROIPACCESS software feature image is designed for Layer 3 VPN services.
• Advanced QoS functions provide differentiated class of service treatment to support triple-play service.
• Multicast VLAN Registration (MVR) reduces overall bandwidth requirement for multicast distribution in ring-based networks.
• Comprehensive security solution protects subscribers, switch, and network at the network edge.
• CAT5 and fiber interfaces offer deployment flexibility.
• Source Specific Multicast (SSM) reduces the need for IP Multicast address management and prevents DoS attacks against receivers.
• SSM mapping provides a mapping of source to group, which allows listeners to find/connect to multicast sources dynamically, reducing dependencies on the application.
Intelligent Ethernet demarcation
• Industry standard OAM&P 802.1ag (CFM) feature supports end-to-end network monitoring and troubleshooting. This reduces operating expense by reducing the site visits needed to troubleshoot network problems.
• E-LMI enables service providers to automatically configure the customer-edge device to match the subscribed service.
• Ethernet in the First Mile OAM&P (802.3ah) provides support for monitoring, remote failure indication, loopback, and OAM discovery on the link between the customer equipment and service provider network.
• Carrier class redundancy features (Flex-link, RSTP, REP) to support both hub-and-spoke and ring networks.
Layer 2 VPN service
• Standard 802.1Q Tunneling creates a hierarchy of 802.1Q tags, helping service providers use a single VLAN to support customers who have multiple VLANs while preserving customer VLAN IDs and segregating traffic from different customers within the service provider infrastructure.
• L2PT allows for transport of the customers' control protocols, thereby allowing for a true virtual-circuit service across service providers' shared infrastructure.
Layer 3 VPN service
• Multi-VRF CE (VRF-lite) forms virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF, allowing the creation of multiple Layer 3 VPNs on a single Cisco ME 3400 Series Switch. Interfaces in a VRF could be either physical, as in an Ethernet port, or logical, as in a VLAN switch virtual interface (SVI), requiring the METROIPACCESS feature image.
• IP Multicast support in Multi-VRF CE allows customers to migrate to VRF-lite without affecting application and services that depend on IP Multicast.
• VRF-aware services (ARP, Ping, SNMP, HSRP, uRPF Syslog, Traceroute, FTP, and TFTP) help in managing individual VRFs.
• Support for multiple IP routing protocols (RIPv1/v2, EIGRP, OSPF, IS-IS, and BGPv4) offers flexible options for peering between customers and service providers.
Availability and Scalability
Superior redundancy for fault backup
• IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) provides rapid spanning-tree convergence independent of spanning-tree timers and offers the benefit of distributed processing.
• Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
• Cisco Hot Standby Router Protocol (HSRP and HSRPv2) is supported to create redundant, fail-safe routing topologies.
• Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links caused by incorrect fiber-optic connections or port faults to be detected and disabled on fiber-optic interfaces.
• Flex-Link provides fast failover of ports without overhead of control protocols such as the Spanning Tree Protocol.
• Switch-port autorecovery (errdisable) automatically attempts to reactivate a link that is disabled because of a network error.
• Equal-cost routing provides for load balancing and redundancy.
• Bandwidth aggregation up to 800 Mbps through Cisco Fast EtherChannel® technology enhances fault tolerance and offers greater aggregated bandwidth between switches and to routers and individual servers.
• Link-State Tracking helps accelerate Layer 3 reconvergence by taking UNI down when the associated NNI is down.
• Resilient Ethernet Protocol (REP) provides fast Layer 2 reconvergence in a ring network and offers an alternative to Spanning Tree Protocol.
• Basic IP Unicast routing protocols (static and RIP versions 1 and 2) are supported for small-network routing applications.
• Advanced IP Unicast routing protocols (OSPF, EIGRP, IS-IS, and BGPv4) are supported for load balancing and constructing scalable LANs.
• HSRP provides dynamic load balancing and failover for routed links; up to 32 HSRP links are supported per unit.
• Inter-VLAN IP routing provides for full Layer 3 routing between two or more VLANs.
• BFD allows rapid detection of path and system failures by using a fast hello mechanism. BFD can provide failure detection on any kind of path between systems. Routing protocols supported include OSPF, IS-IS, BGP, HSRP and EIGRP.
• Protocol Independent Multicast (PIM) for IP Multicast routing is supported, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode. The Metro IP Access image is required.
• IPv6 improves the scalability of IP networks by supporting the growing number of users, applications and services. The functionalities supported include ACLs, DHCP, routing (Unicast routing, RIP, OSPFv3, static routes), MLD snooping, stateless autoconfig, default router preference, HTTP/HTTPS.
• Cisco recommends 128 switch virtual interfaces (SVIs). A maximum of 1000 are supported (depending on the number of routes and multicast entries).
Efficient multicast distribution
• Multicast VLAN Registration provides efficient multicast distribution in ring networks by dedicating a single VLAN for multicast traffic, thereby removing duplicate multicast traffic in other VLANs.
• PIM-SM provides efficient routing of multicast traffic by establishing distribution trees across WANs.
• Source Specific Multicast (SSM) reduces the need for IP Multicast address management and prevents DoS attacks against receivers.
• SSM mapping provides a mapping of source to group, which allows listeners to find/connect to multicast sources dynamically, reducing dependencies on the application.
• Multicast Listener Discovery (MLD) snooping v1 and v2 enables efficient distribution of IPv6 multicast data. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN.
Robust multicast control
• IGMP Snooping helps enable intelligent management of multicast traffic by examining IGMP messages.
• IGMP Fast Leave provides a fast channel-changing capability for IPTV services.
• IGMP filtering provides control of groups each user can access.
• IGMP Throttling controls the maximum number of multicast groups each user can access.
• IGMP Proxy allows users anywhere on a downstream network to join an upstream sourced multicast group.
QoS and Control
• The Cisco Modular QoS CLI provides a modular and highly extensible framework for deploying QoS, by standardizing the CLI and semantics for QoS features across all platforms that are supported by Cisco IOS Software.
• Standard 802.1p class of service (CoS) and differentiated services code point (DSCP) field classification are provided, using marking and reclassification on a per-packet basis by source and destination IP address, source and destination MAC address, VLAN ID, or Layer 4 TCP/User Datagram Protocol (TCP/UDP) port number.
• Cisco control-plane and data-plane QoS ACLs on all ports help ensure proper marking on a per-packet basis.
• Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet flows by intelligently servicing the queues.
• Weighted Tail Drop (WTD) provides per QoS class congestion avoidance at the queues before a disruption occurs.
• Strict priority queuing helps ensure that the highest-priority packets are serviced ahead of all other traffic.
• Configurable control plane queue assignment allows service providers to assign control plane traffic to specific egress queue.
• Prioritization of control plane traffic enables service providers to set QoS markings globally for CPU-generated traffic so these protocol packets will receive priority in the network.
• There is no performance penalty for advanced QoS functions.
Advanced traffic control
• Upstream and downstream traffic flows from the end station or the uplink are easily managed using ingress policing and egress shaping.
• Ingress policing provides bandwidth monitoring in increments as low as 8 kbps.
• Ingress policing is provided based on CoS, VLAN ID, DSCP, and QoS ACLs (IP ACLs or MAC ACLs) which can include source and destination IP address, source and destination MAC address, Layer 4 TCP/UDP information, or any combination of these fields.
• Egress Weighted Fair Queuing guarantees the Committed Information Rate (CIR) between traffic flows and queues.
• Egress shaping for each queue provides smooth traffic control of available bandwidth.
• Egress port rate limiting allows the service provider to control the traffic rate that is transmitted out of the port.
Comprehensive security solutions
• IEEE 802.1x allows dynamic, port-based security by providing user authentication.
• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.
• IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses.
• IEEE 802.1x readiness check simplifies deployment by generating a report for end hosts capable of 802.1x.
• 802.1x supplicant helps mitigate security threats in the Carrier Ethernet access network by having the switch (with a supplicant) securely authenticate itself with an upstream switch.
• An absence of local switching behavior provides security and isolation between UNIs, helping ensure that users cannot monitor or access other users' traffic on the same switch.
• DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses. This feature also prevents numerous other attacks such as Address Resolution Protocol (ARP) poisoning.
• Dynamic ARP Inspection helps ensure user integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol.
• IP Source Guard prevents a malicious user from spoofing or taking over another user's IP address by creating a binding table between client's IP and MAC address, port, and VLAN.
• Control Plane Security prevents DoS attacks on the CPU.
• Configurable control plane security on ENI provides service providers the flexibility to selectively discard or peer with customer's control plane traffic on a per-port, per-protocol basis.
• Secure Shell (SSH) Protocol, Kerberos, and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
• Port security secures the access to an access or trunk port based on MAC address. After a specific timeframe, the aging feature removes the MAC address from the switch to allow another device to connect to the same port.
• Multilevel security on the console access prevents unauthorized users from altering the switch configuration.
• TACACS+ and RADIUS authentication facilitate centralized control of the switch and restrict unauthorized users from altering the configuration.
• Configuration File Security helps ensure that only authenticated users have access to the configuration file.
• MAC address learning and aging notifications allow administrators to keep track of subscriber activities.
• Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
• Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-plane and data-plane traffic.
• Port-based ACLs for Layer 2 interfaces allow for application of security policies on individual switch ports.
• MAC address notification allows administrators to be notified of users added to or removed from the network.
• Remote Switched Port Analyzer (RSPAN) allows for remote monitoring of the user interface.
• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco intrusion detection system to take action when an intruder is detected.
• The Cisco IOS Software CLI provides a common user interface and command set with all Cisco routers and Cisco Catalyst desktop switches.
• Cisco Service Assurance Agent (SAA) provides service-level management throughout the network.
• IEEE 802.1ag Connectivity Fault Management provides standard support for transport fault management. It allows for discovery and verification of path for Layer 2 services.
• Ethernet Local Management Interface enables automatic configuration of CPE by CLE to support Metro Ethernet services.
• IEEE 802.3ah Ethernet in the First Mile provides standard support for monitoring, remote failure indication, loopback, and OAM discovery on the link between the customer equipment and service provider network.
• ITU-T Y.1731 introduces the support for fault management functions, including alarm indication signal (AIS), remote defect indication (RDI) and locked signal (LCK) to detect and signal a failure in the service path.
• The Cisco ME 3400 Series supports ITU-T Y.1731 Performance Monitoring function to measure delays in the network.
• Switching Database Manager templates for Layer 2 and Layer 3 deployment allow administrators to easily optimize memory allocation to the desired features based on deployment-specific requirements.
• VLAN trunks can be created from any port, using standards-based 802.1Q tagging. Up to 1005 VLANs per switch and up to 128 spanning-tree instances per switch are supported.
• 4000 VLAN IDs are supported.
• RSPAN allows administrators to remotely monitor ports in a Layer 2 switch network from any other switch in the same network.
• For enhanced traffic management, monitoring, and analysis, the embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
• Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source to destination.
• All nine RMON groups are supported through a SPAN port, permitting traffic monitoring of a single port, a group of ports, or the entire stack from a single network analyzer or RMON probe.
• Domain Name System (DNS) provides IP address resolution with user-defined device names.
• Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
• Network Timing Protocol (NTP) provides an accurate and consistent time stamp to all intranet switches.
• The Cisco ME 3400 Series supports the Cisco CNS 2100 Series Intelligence Engine and SNMP for networkwide management.
• Cisco ISC applications help reduce administration and management costs by providing automated resource management and rapid profile-based provisioning capabilities.
• Configuration Rollback helps in error recovery by providing the capability to replace the current running configuration with any saved Cisco IOS Software configuration file.
• Embedded Events Manager (EEM) offers the ability to monitor events and take user-defined action when the monitored events occur or a threshold is reached.
• Dynamic Host Configuration Protocol (DHCP) based auto configuration and image update simplifies management of large number of switches by automatically downloading specified configuration and image.
• Dynamic Host Configuration Protocol (DHCP) Port-Based Allocation eases the switch management by allowing the Cisco IOS Software DHCP server to always offer the same IP address to the device connected to a given switch port. Any new device connecting or old device reconnecting to the port will be allocated the same IP address.
• Service Diagnostics automates a set of network diagnostic procedures derived from the vast troubleshooting experiences of Cisco network experts. These diagnostic tools help customers increase network uptime, reduce time to repair and improve service levels.
• Digital optical monitoring (DOM) support provides a service provider with the capability to perform in-service transceiver monitoring and troubleshooting operations. DOM threshold functions allow the monitoring of real time optical parameters on DOM SFPs and the comparison against factory-reset values, generating alarm and warning thresholds.
• CiscoWorks network management software provides management capabilities on a per-port and per-switch basis, providing a common management interface for Cisco routers, switches, and hubs.
• SNMP versions 1, 2c, and 3 and Telnet provide comprehensive in-band management, and a CLI-based management console provides detailed out-of-band management.
• Cisco Discovery Protocol versions 1 and 2 help enable automatic switch discovery for a CiscoWorks network management station.
• CiscoWorks 2000 LAN Management Solution is supported.
Table 5 lists product specifications for Cisco ME 3400 Series Ethernet Access Switches.
Table 5. Product Specifications
• Forwarding bandwidth:
• Cisco ME 3400G-12CS AC: 32 Gbps
• Cisco ME 3400G-12CS DC: 32 Gbps
• Cisco ME 3400G-2CS AC: 8.0 Gbps
• Cisco ME 3400-24FS AC: 8.8 Gbps
• Cisco ME 3400-24TS AC: 8.8 Gbps
• Cisco ME 3400-24TS DC: 8.8 Gbps
• Forwarding rate:
• Cisco ME 3400G-12CS AC: 26 mpps
• Cisco ME 3400G-12CS DC: 26 mpps
• Cisco ME 3400G-2CS AC: 6.5 mpps
• Cisco ME 3400-24FS AC: 6.5 mpps
• Cisco ME 3400-24TS AC: 6.5 mpps
• Cisco ME 3400-24TS DC: 6.5 mpps
• 128 -MB DRAM and 32 MB flash memory
• Configurable up to 8000 MAC addresses
• Configurable up to 5000 unicast routes
• Configurable up to 1000 IGMP groups and multicast routes
• Configurable maximum transmission unit (MTU) of up to 9000 bytes, for bridging on Gigabit Ethernet ports, and up to 1998 bytes for bridging and routing on Fast Ethernet ports
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to Cisco Technical Support Services or Cisco Advanced Services.
Cisco is committed to minimizing your total cost of ownership. Cisco offers a portfolio of technical support services to help ensure that Cisco products operate efficiently, remain highly available, and benefit from the most up-to-date system software. The services and support programs described in Table 10 are available as part of the Cisco Metro Ethernet Switching Service and Support solution, and are available directly from Cisco and through resellers.
Table 10. Service and Support
Service and Support
Cisco Total Implementation Solutions (TIS), available directly from Cisco
Cisco Packaged TIS, available through resellers
• Project management
• Site survey, configuration, and deployment
• Installation, text, and cutover
• Major moves, adds, and changes
• Design review and product staging
• Supplement existing staff
• Help ensure functions meet needs
• Mitigate risk
Cisco SP Base Support and Service Provider-Based Onsite Support, available directly from Cisco
Cisco Packaged Service Provider-Based Support, available through resellers
• 24-hour access to software updates
• Web access to technical repositories
• Telephone support through the Cisco Technical Assistance Center (TAC)
• Advance Replacement of hardware parts
• Facilitate proactive or expedited problem resolution
• Lower total cost of ownership by taking advantage of Cisco expertise and knowledge