11-16-2017 09:58 AM - edited 02-21-2020 06:46 AM
We are running CLNS ISIS, between two routers, we are inserting ASA in between to act as L2 FW.
I know starting version 9.5, ASA supports ISIS.
We had to add "ethertype permit any" rule at the end of the ACL to make ISIS works. But we are trying to limit the Ethertype by specifying the Ethertype #. Anyone knows what is the Ethertype# used by ISIS? Is there any other way to allow ISIS packets through the L2 FW?
11-16-2017 03:56 PM
Hi @ahmede1
According to this doc, there´s an ACL specific for ISIS:
access-list access_list_name ethertype
{deny | permit} {ipx | bpdu | mpls-unicast
| mpls-multicast | is-is | any |
hex_number}
-If I helped you somehow, please, rate it as useful.-
11-20-2017 10:29 AM
Thank you.. We did try that, but it doesn't work.. Once we add ISIS only, ISIS stops working, we also see no hits on the access list
access-list ISIS_ACL ethertype permit isis (hitcount=0)
access-list ISIS_ACL ethertype permit any (hitcount=275201669)
11-20-2017 05:58 PM
That's weird. Should work and we can't suppose that some necessary traffic is being blocked, wouldn't make sense as the documentation is clear to use isis as ethertype and nothing more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide