Layer 2 Security Features

This module provides an overview of security features for Layer 2 services. All Layer 2 security features must be configured at the VPLS bridge domain level.

Security Features for Layer 2 VPLS Bridge Domains

This table lists security features for Layer 2 VPLS bridge domains and points you to the detailed configuration documentation for each feature.

Table 1. Security Features for Layer 2 VPNs

Feature

Where Documented

MAC address-based traffic blocking, filtering, and limiting on VPLS bridge domains

In the MPLS Configuration Guide for Cisco ASR 9000 Series Routers, in the module “Implementing Virtual Private LAN Services on Cisco ASR 9000 Series Routers,” see the “Configuring the MAC Address-related Parameters” section.

Traffic storm control on VPLS bridge domains

In the System Security Configuration Guide for Cisco ASR 9000 Series Routers(this publication), see the module “Implementing Traffic Storm Control under a VPLS Bridge on Cisco ASR 9000 Series Router.”

DHCP snooping on VPLS bridge domains

In the IP Addresses and Services Configuration Guide for Cisco ASR 9000 Series Routers, see the module “Implementing DHCP on Cisco ASR 9000 Series Routers.” That module describes both DHCP relay services and DHCP snooping at Layer 2.

IGMP snooping on VPLS bridge domains

In the Multicast Configuration Guide for Cisco ASR 9000 Series Routers, see the module “Implementing Layer 2 Multicast with IGMP Snooping.”