https://community.cisco.com/t5/network-security/transparent-asa-bpdu-issue/m-p/2635282#M196999 <P>Hi All</P><P>Hopefully someone will be able to help, I have an ASA running 8.4 in Multi-context transparent mode.</P><P>The problem I am seeing this is passing BPDU (I see this is expect in this mode)&nbsp;which is making the network converge.</P><P>Which is the best way to stop this, I had thought an ACL&nbsp;on the ASA but I think you can have only 1 type.</P><P>&nbsp;</P><P>Many thanks MJ</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:30:56 GMT mj11 2019-03-12T05:30:56Z https://community.cisco.com/t5/network-security/transparent-asa-bpdu-issue/m-p/2635282#M196999 <P>Hi All</P><P>Hopefully someone will be able to help, I have an ASA running 8.4 in Multi-context transparent mode.</P><P>The problem I am seeing this is passing BPDU (I see this is expect in this mode)&nbsp;which is making the network converge.</P><P>Which is the best way to stop this, I had thought an ACL&nbsp;on the ASA but I think you can have only 1 type.</P><P>&nbsp;</P><P>Many thanks MJ</P><P>&nbsp;</P> Tue, 12 Mar 2019 05:30:56 GMT https://community.cisco.com/t5/network-security/transparent-asa-bpdu-issue/m-p/2635282#M196999 mj11 2019-03-12T05:30:56Z https://community.cisco.com/t5/network-security/transparent-asa-bpdu-issue/m-p/2635283#M197000 <P>You are right, you cannot mix different types of access lists.</P><P>Here is what I&nbsp;can think as a workaround to achieve your requirement.</P><P>&nbsp;</P><P>&gt;&gt;Try creating a different access-list to block BPDU and apply it on different interface.</P><P>For eg:</P><P>&nbsp;</P><P>Say you have two acl:</P><P>access-list 1 ethertype deny bpdu</P><P>access-list 1 ethertype permit any</P><P>&nbsp;</P><P>access-list 2 extended permit ip any any</P><P>&nbsp;</P><P>&nbsp;</P><P>&gt;&gt;you can apply acl 1 at one interface to block bpdu</P><P>&gt;&gt;and acl 2 on the other interface to filter other traffic.</P><P>&nbsp;</P><P>So, by doing this you will&nbsp;inspecting same&nbsp;traffic flow at two different interfaces by different type of ACLs.</P><P>&nbsp;</P><P>Hope it helps!!</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 18 Feb 2015 07:17:08 GMT https://community.cisco.com/t5/network-security/transparent-asa-bpdu-issue/m-p/2635283#M197000 Rishabh Seth 2015-02-18T07:17:08Z https://community.cisco.com/t5/network-security/transparent-asa-bpdu-issue/m-p/2635284#M197001 <P>Hi&nbsp;</P><P>Thanks for the response, I will let you know how I get on.</P><P>Thanks&nbsp;</P> Thu, 19 Feb 2015 11:19:52 GMT https://community.cisco.com/t5/network-security/transparent-asa-bpdu-issue/m-p/2635284#M197001 mj11 2015-02-19T11:19:52Z