Datasheet
Cisco Systems, Inc.
All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 13
Metro-Specific Software
The Cisco ME 2400 Series switches run software specifically designed for the Metro Ethernet market. Many new features are added to make
the Cisco ME 2400 Series the optimal access switch for service providers. Many default behaviors of the Cisco ME 2400 Series are different
from those of traditional Ethernet switches; these differences make the Cisco ME 2400 Series easier to configure, manage, secure, and
troubleshoot.
UNI/NNI
The Cisco ME 2400 Series software introduces the concept of User-Network Interface/Network-Node Interface (UNI/NNI) for Ethernet access
switches. Because the software can identify the application of each port, it can provide many powerful default behaviors. Table 1 lists some of
the primary behaviors and benefits of UNI/NNI.
Table 1. UNI/NNI Default Behaviors
Default Behaviors Benefits
UNI Default: Down Ports are be activated by the service provider before customers can receive service.
UNI Default: No Local Switching Circuit-like behavior protects customers from each other.
UNI Default: Control Plane
Security Enabled
Control-plane packet ingresses from the UNI are dropped in hardware to protect against denial
of service (DoS).
NNI Default: Up This feature helps enable automated configuration of the switch through a Dynamic Host
Configuration Protocol (DHCP) or BOOTP server.
Comprehensive Security Solution
As Metro Ethernet networks continue to expand, one of the challenges that service providers face is to provide the same level of security as
other access technologies. To meet this challenge, the Cisco ME 2400 Series switches provide the most comprehensive security solution for
Ethernet access products. By dividing security into three portions and designing features for each, the Cisco ME 2400 can provide complete
solution at the access layer. The three different areas of security the switch addresses are subscriber security, switch security, and network
security.
The subscriber security helps create protection among customers. One of the biggest concerns about using a shared device for multiple
customers is how to prevent customers from affecting each other. The Cisco ME 2400 Series addresses this concern by providing features such
as UNI/NNI, DHCP Snooping, and Private VLAN. The UNI/NNI feature creates a circuit-like behavior to separate customers’ traffic from each
other. DHCP Snooping helps service providers identify each user’s MAC address, IP address, and port information and prevents users from
attempting DHCP based attacks.
The switch security is about protecting the switch itself from attacks. The Cisco ME 2400 Series offers features to protect CPU and
configuration files from attacks. CPU is a critical component of an Ethernet switch; it is responsible for process-control protocols such as
Spanning Tree Protocol and routing updates; if CPU is under DoS attack, those control packets could be dropped, resulting in network outage.
Features such as Control Plane Security and Storm Control protect the CPU against malicious attacks. Port Security is another important
security feature; it allows service providers to control the number of MAC addresses each subscriber is allowed – thereby protecting against
overwhelming the switch memory.
The final area of security is network security. The features designed for this area filter all incoming traffic to help ensure that only valid traffic
is allowed through the switch. The Cisco ME 2400 Series switches have features such as access control lists (ACLs) and 802.1x to identify the
users and packets that are allowed to transmit traffic through the switch.