As I have passed the CCIE RS now you will see a bit more diversified post from me. I will
be blogging about topics mostly related to design and SP topics as that is what I am
most involved right now.
I did not have much experience with the Catalyst ME3400 so I want to do a post on the
basics about it.
The Catalyst ME3400 switch is a switch targeted at the service provider segment.
Although it is a Catalyst many things are different compared to the regular Catalyst
switches.
The ME3400 has three different port types:
UNI – User Network Interface. Port downstream (towards customer). Port can’t run STP,
CDP or Etherchannel protocols like PAgP and LACP.
ENI – Enhanced Network Interface. Also facing towards customer but this port can support
STP, CDP and Etherchannel protocols.
NNI – Network Node Interface. Sometimes also called network to network interface. This port
is facing upstream towards the core. This port has support for STP, CDP and Etherchannel
protocols.
Lets take a look at the topology we are using which is the INE SPv3 topology. Here we are
focusing on 2 routers connected to a ME3400 switch.
By default the ME3400 behaves a bit different than other Catalysts. Let us take a look at
those defaults.
SW1#sh int status Port Name Status Vlan Duplex Speed Type Fa0/1 disabled 1 auto auto 10/100BaseTX Fa0/2 disabled 1 auto auto 10/100BaseTX Fa0/3 disabled 1 auto auto 10/100BaseTX Fa0/4 disabled 1 auto auto 10/100BaseTX Fa0/5 disabled 1 auto auto 10/100BaseTX Fa0/6 disabled 1 auto auto 10/100BaseTX Fa0/7 disabled 1 auto auto 10/100BaseTX Fa0/8 disabled 1 auto auto 10/100BaseTX Fa0/9 disabled 1 auto auto 10/100BaseTX Fa0/10 disabled 1 auto auto 10/100BaseTX Fa0/11 disabled 1 auto auto 10/100BaseTX Fa0/12 disabled 1 auto auto 10/100BaseTX Fa0/13 disabled 1 auto auto 10/100BaseTX Fa0/14 disabled 1 auto auto 10/100BaseTX Fa0/15 disabled 1 auto auto 10/100BaseTX Fa0/16 disabled 1 auto auto 10/100BaseTX Fa0/17 disabled 1 auto auto 10/100BaseTX Fa0/18 disabled 1 auto auto 10/100BaseTX Fa0/19 disabled 1 auto auto 10/100BaseTX Fa0/20 disabled 1 auto auto 10/100BaseTX Fa0/21 disabled 1 auto auto 10/100BaseTX Port Name Status Vlan Duplex Speed Type Fa0/22 disabled 1 auto auto 10/100BaseTX Fa0/23 disabled 1 auto auto 10/100BaseTX Fa0/24 disabled 1 auto auto 10/100BaseTX Gi0/1 notconnect 1 full 1000 1000BaseSX SFP Gi0/2 notconnect 1 full 1000 1000BaseSX SFP
As you can see all the ports facing downstream are disabled by default. Not a big deal
but it’s a bit differen than what we are used to. The ports facing upstream(uplinks) are
enabled by default.
Now we take a look at the default port types.
SW1#sh port-type Port Name Vlan Port Type --------- ------------------ ---------- ---------------------------- Fa0/1 1 User Network Interface (uni) Fa0/2 1 User Network Interface (uni) Fa0/3 1 User Network Interface (uni) Fa0/4 1 User Network Interface (uni) Fa0/5 1 User Network Interface (uni) Fa0/6 1 User Network Interface (uni) Fa0/7 1 User Network Interface (uni) Fa0/8 1 User Network Interface (uni) Fa0/9 1 User Network Interface (uni) Fa0/10 1 User Network Interface (uni) Fa0/11 1 User Network Interface (uni) Fa0/12 1 User Network Interface (uni) Fa0/13 1 User Network Interface (uni) Fa0/14 1 User Network Interface (uni) Fa0/15 1 User Network Interface (uni) Fa0/16 1 User Network Interface (uni) Fa0/17 1 User Network Interface (uni) Fa0/18 1 User Network Interface (uni) Fa0/19 1 User Network Interface (uni) Fa0/20 1 User Network Interface (uni) Fa0/21 1 User Network Interface (uni) Fa0/22 1 User Network Interface (uni) Fa0/23 1 User Network Interface (uni) Fa0/24 1 User Network Interface (uni) Gi0/1 1 Network Node Interface (nni) Gi0/2 1 Network Node Interface (nni)
All downstream ports are UNI by default and the uplinks are NNI by default. By default
the UNI ports can only communicate with NNI ports. This is very similar to how private
VLAN works very the isolated ports can only communicate through a promiscuous port.
The VLANs in the ME3400 are a bit different, they are called UNI-VLANs and by default
they work as isolated ports in private VLAN. That means that two UNI ports can’t
communicate directly even if in the same VLAN.
We will setup the ports towards the routers as access. On the ME3400
there are no dynamic modes so you need to set static or trunk or dot1q-tunnel
and also there is no support for ISL so there is no need to set the encapsulation.
SW1(config)#vlan 2 SW1(config-vlan)#int range f0/1 - 2 SW1(config-if-range)#switchport SW1(config-if-range)#switchport mode access SW1(config-if-range)#switchport access vlan 2
We configure IP addesses on R1 and R2 and then we will try to ping between them.
R1(config)#int f0/0 R1(config-if)#ip add 10.0.0.1 255.255.255.0 R1(config-if)#no sh
And then the same on R2 with an IP of 10.0.0.2. We check the status of the
switchport for R1.
SW1#sh int f0/1 swi Name: Fa0/1 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 2 (VLAN0002) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Capture Mode Disabled Capture VLANs Allowed: ALL Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none
It is set to access as expected and you can see that the port does not support
DTP. Now we try to ping between R1 and R2.
R1#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
That was not successful. Do we see any MAC addresses?
SW1#sh mac add vlan 2
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
2 0008.7dab.e408 DYNAMIC Fa0/1
2 0008.7dab.e808 DYNAMIC Fa0/2
Total Mac Addresses for this criterion: 22
Yes, that is not the issue. Are the ports forwarding in spanning tree?
SW1#sh span vlan 2 Spanning tree instance(s) for vlan 2 does not exist.
No spanning tree? Remember, spanning tree does not run on UNI ports. The reason is
UNI ports can’t communicate with each other without going through a NNI port. So
how can we resolve so that R1 and R2 can ping each other? We can set one port to
NNI.
SW1(config)#int fa0/1 SW1(config-if)#port-type nni R1#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Yes, that solved it. Now spanning tree is running on Fa0/1 because we changed
the port-type to NNI.
SW1#sh span vlan 2
VLAN0002
Spanning tree enabled protocol rstp
Root ID Priority 32770
Address 0022.91d7.9480
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0022.91d7.9480
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p
SW1#
What if we can’t change the port-type? What else can we do? We can change the VLAN type.
SW1(config)#int fa0/1 SW1(config-if)#port-type uni SW1(config-if)#vlan 2 SW1(config-vlan)#uni-vlan ? community UNI/ENI community VLAN isolated UNI/ENI isolated VLAN SW1(config-vlan)#uni-vlan community SW1#show vlan uni-vlan VLAN Type Ports ---- ----------------- ------------------------------------------------------- 2 UNI community Fa0/1, Fa0/2, Gi0/1, Gi0/2 R1#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
So that works as well. By default UNI to UNI won’t communicate but we can change that
as you just saw. Note that spanning tree is not running now. This could potentially
lead to a loop.
SW1#sh span vlan 2 Spanning tree instance(s) for vlan 2 does not exist.
To help protect against that we can change the ports to ENI and enable spanning tree
on them. We can also enable CDP so that the routers can see what they are connected to.
SW1(config)#int range f0/1 - 2
SW1(config-if-range)#port-type eni
SW1(config-if-range)#spanning-tree
SW1(config-if-range)#cdp enable
SW1#sh span vlan 2
VLAN0002
Spanning tree enabled protocol rstp
Root ID Priority 32770
Address 0022.91d7.9480
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0022.91d7.9480
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.3 P2p
Fa0/2 Desg FWD 19 128.4 P2p
So by default this is how the traffic behaves on a Catalyst ME3400.
Now you know a bit more than before about the ME3400. It’s a nice switch and if you learn
the defaults you will figure it out pretty quickly.
Interesting post about Metro Ethernet and Cisco. In my company we use Alcatel-Lucent devices for metro ethernet network. If it’s possible please write more about SP world in Your posts! Cheers!
Could I use a ME3400 to build a CCNP Switch lab? Positioning this switch as a L3 switch?
You could but it’s not an enterprise switch. So it’s quite different to say a 3560.
how I am able to change these ports on vlan 1 to nni port-type
help!
kL: [email protected]
Did you try the port-type command under the interface?
Thanks a lot for your post, great job !
I have connected 2 laptops to uni interface and they are in vlan 2 set as uni-vlan community. Both laptops can reach each other. However when I configure int vlan 2 on ME3400, I can not ping int vlan 2 from laptops. Any idea ?