As I have passed the CCIE RS now you will see a bit more diversified post from me. I will
be blogging about topics mostly related to design and SP topics as that is what I am
most involved right now.

I did not have much experience with the Catalyst ME3400 so I want to do a post on the
basics about it.

The Catalyst ME3400 switch is a switch targeted at the service provider segment.
Although it is a Catalyst many things are different compared to the regular Catalyst
switches.

The ME3400 has three different port types:

UNI – User Network Interface. Port downstream (towards customer). Port can’t run STP,
CDP or Etherchannel protocols like PAgP and LACP.

ENI – Enhanced Network Interface. Also facing towards customer but this port can support
STP, CDP and Etherchannel protocols.

NNI – Network Node Interface. Sometimes also called network to network interface. This port
is facing upstream towards the core. This port has support for STP, CDP and Etherchannel
protocols.

Lets take a look at the topology we are using which is the INE SPv3 topology. Here we are
focusing on 2 routers connected to a ME3400 switch.

By default the ME3400 behaves a bit different than other Catalysts. Let us take a look at
those defaults.

SW1#sh int status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        disabled     1            auto   auto 10/100BaseTX
Fa0/2                        disabled     1            auto   auto 10/100BaseTX
Fa0/3                        disabled     1            auto   auto 10/100BaseTX
Fa0/4                        disabled     1            auto   auto 10/100BaseTX
Fa0/5                        disabled     1            auto   auto 10/100BaseTX
Fa0/6                        disabled     1            auto   auto 10/100BaseTX
Fa0/7                        disabled     1            auto   auto 10/100BaseTX
Fa0/8                        disabled     1            auto   auto 10/100BaseTX
Fa0/9                        disabled     1            auto   auto 10/100BaseTX
Fa0/10                       disabled     1            auto   auto 10/100BaseTX
Fa0/11                       disabled     1            auto   auto 10/100BaseTX
Fa0/12                       disabled     1            auto   auto 10/100BaseTX
Fa0/13                       disabled     1            auto   auto 10/100BaseTX
Fa0/14                       disabled     1            auto   auto 10/100BaseTX
Fa0/15                       disabled     1            auto   auto 10/100BaseTX
Fa0/16                       disabled     1            auto   auto 10/100BaseTX
Fa0/17                       disabled     1            auto   auto 10/100BaseTX
Fa0/18                       disabled     1            auto   auto 10/100BaseTX
Fa0/19                       disabled     1            auto   auto 10/100BaseTX
Fa0/20                       disabled     1            auto   auto 10/100BaseTX
Fa0/21                       disabled     1            auto   auto 10/100BaseTX

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/22                       disabled     1            auto   auto 10/100BaseTX
Fa0/23                       disabled     1            auto   auto 10/100BaseTX
Fa0/24                       disabled     1            auto   auto 10/100BaseTX
Gi0/1                        notconnect   1            full   1000 1000BaseSX SFP
Gi0/2                        notconnect   1            full   1000 1000BaseSX SFP

As you can see all the ports facing downstream are disabled by default. Not a big deal
but it’s a bit differen than what we are used to. The ports facing upstream(uplinks) are
enabled by default.

Now we take a look at the default port types.

SW1#sh port-type
Port      Name               Vlan       Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1                        1          User Network Interface           (uni)
Fa0/2                        1          User Network Interface           (uni)
Fa0/3                        1          User Network Interface           (uni)
Fa0/4                        1          User Network Interface           (uni)
Fa0/5                        1          User Network Interface           (uni)
Fa0/6                        1          User Network Interface           (uni)
Fa0/7                        1          User Network Interface           (uni)
Fa0/8                        1          User Network Interface           (uni)
Fa0/9                        1          User Network Interface           (uni)
Fa0/10                       1          User Network Interface           (uni)
Fa0/11                       1          User Network Interface           (uni)
Fa0/12                       1          User Network Interface           (uni)
Fa0/13                       1          User Network Interface           (uni)
Fa0/14                       1          User Network Interface           (uni)
Fa0/15                       1          User Network Interface           (uni)
Fa0/16                       1          User Network Interface           (uni)
Fa0/17                       1          User Network Interface           (uni)
Fa0/18                       1          User Network Interface           (uni)
Fa0/19                       1          User Network Interface           (uni)
Fa0/20                       1          User Network Interface           (uni)
Fa0/21                       1          User Network Interface           (uni)
Fa0/22                       1          User Network Interface           (uni)
Fa0/23                       1          User Network Interface           (uni)
Fa0/24                       1          User Network Interface           (uni)
Gi0/1                        1          Network Node Interface           (nni)
Gi0/2                        1          Network Node Interface           (nni)

All downstream ports are UNI by default and the uplinks are NNI by default. By default
the UNI ports can only communicate with NNI ports. This is very similar to how private
VLAN works very the isolated ports can only communicate through a promiscuous port.

The VLANs in the ME3400 are a bit different, they are called UNI-VLANs and by default
they work as isolated ports in private VLAN. That means that two UNI ports can’t
communicate directly even if in the same VLAN.

We will setup the ports towards the routers as access. On the ME3400
there are no dynamic modes so you need to set static or trunk or dot1q-tunnel
and also there is no support for ISL so there is no need to set the encapsulation.

SW1(config)#vlan 2
SW1(config-vlan)#int range f0/1 - 2
SW1(config-if-range)#switchport
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 2

We configure IP addesses on R1 and R2 and then we will try to ping between them.

R1(config)#int f0/0
R1(config-if)#ip add 10.0.0.1 255.255.255.0
R1(config-if)#no sh

And then the same on R2 with an IP of 10.0.0.2. We check the status of the
switchport for R1.

SW1#sh int f0/1 swi
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 2 (VLAN0002)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Capture Mode Disabled
Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

It is set to access as expected and you can see that the port does not support
DTP. Now we try to ping between R1 and R2.

R1#ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

That was not successful. Do we see any MAC addresses?

SW1#sh mac add vlan 2
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0180.c200.0000    STATIC      CPU
 All    0180.c200.0001    STATIC      CPU
 All    0180.c200.0002    STATIC      CPU
 All    0180.c200.0003    STATIC      CPU
 All    0180.c200.0004    STATIC      CPU
 All    0180.c200.0005    STATIC      CPU
 All    0180.c200.0006    STATIC      CPU
 All    0180.c200.0007    STATIC      CPU
 All    0180.c200.0008    STATIC      CPU
 All    0180.c200.0009    STATIC      CPU
 All    0180.c200.000a    STATIC      CPU
 All    0180.c200.000b    STATIC      CPU
 All    0180.c200.000c    STATIC      CPU
 All    0180.c200.000d    STATIC      CPU
 All    0180.c200.000e    STATIC      CPU
 All    0180.c200.000f    STATIC      CPU
 All    0180.c200.0010    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU
   2    0008.7dab.e408    DYNAMIC     Fa0/1
   2    0008.7dab.e808    DYNAMIC     Fa0/2
Total Mac Addresses for this criterion: 22

Yes, that is not the issue. Are the ports forwarding in spanning tree?

SW1#sh span vlan 2

Spanning tree instance(s) for vlan 2 does not exist.

No spanning tree? Remember, spanning tree does not run on UNI ports. The reason is
UNI ports can’t communicate with each other without going through a NNI port. So
how can we resolve so that R1 and R2 can ping each other? We can set one port to
NNI.

SW1(config)#int fa0/1
SW1(config-if)#port-type nni

R1#ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Yes, that solved it. Now spanning tree is running on Fa0/1 because we changed
the port-type to NNI.

SW1#sh span vlan 2

VLAN0002
  Spanning tree enabled protocol rstp
  Root ID    Priority    32770
             Address     0022.91d7.9480
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32770  (priority 32768 sys-id-ext 2)
             Address     0022.91d7.9480
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Desg FWD 19        128.3    P2p


SW1#

What if we can’t change the port-type? What else can we do? We can change the VLAN type.

SW1(config)#int fa0/1
SW1(config-if)#port-type uni
SW1(config-if)#vlan 2
SW1(config-vlan)#uni-vlan ?
  community  UNI/ENI community VLAN
  isolated   UNI/ENI isolated VLAN

SW1(config-vlan)#uni-vlan community
SW1#show vlan uni-vlan

VLAN Type              Ports
---- ----------------- -------------------------------------------------------
2    UNI community     Fa0/1, Fa0/2, Gi0/1, Gi0/2

R1#ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

So that works as well. By default UNI to UNI won’t communicate but we can change that
as you just saw. Note that spanning tree is not running now. This could potentially
lead to a loop.

SW1#sh span vlan 2

Spanning tree instance(s) for vlan 2 does not exist.

To help protect against that we can change the ports to ENI and enable spanning tree
on them. We can also enable CDP so that the routers can see what they are connected to.

SW1(config)#int range f0/1 - 2
SW1(config-if-range)#port-type eni
SW1(config-if-range)#spanning-tree
SW1(config-if-range)#cdp enable

SW1#sh span vlan 2

VLAN0002
  Spanning tree enabled protocol rstp
  Root ID    Priority    32770
             Address     0022.91d7.9480
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32770  (priority 32768 sys-id-ext 2)
             Address     0022.91d7.9480
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Desg FWD 19        128.3    P2p
Fa0/2               Desg FWD 19        128.4    P2p

So by default this is how the traffic behaves on a Catalyst ME3400.

Now you know a bit more than before about the ME3400. It’s a nice switch and if you learn
the defaults you will figure it out pretty quickly.

A basic look at the Catalyst ME3400
Tagged on:                         

6 thoughts on “A basic look at the Catalyst ME3400

  • November 12, 2012 at 10:53 am
    Permalink

    Interesting post about Metro Ethernet and Cisco. In my company we use Alcatel-Lucent devices for metro ethernet network. If it’s possible please write more about SP world in Your posts! Cheers!

    Reply
  • July 2, 2014 at 5:58 pm
    Permalink

    Could I use a ME3400 to build a CCNP Switch lab? Positioning this switch as a L3 switch?

    Reply
    • July 7, 2014 at 8:41 am
      Permalink

      You could but it’s not an enterprise switch. So it’s quite different to say a 3560.

      Reply
    • November 22, 2014 at 8:22 am
      Permalink

      Did you try the port-type command under the interface?

      Reply
  • June 22, 2017 at 8:48 pm
    Permalink

    Thanks a lot for your post, great job !

    I have connected 2 laptops to uni interface and they are in vlan 2 set as uni-vlan community. Both laptops can reach each other. However when I configure int vlan 2 on ME3400, I can not ping int vlan 2 from laptops. Any idea ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: