Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3304
Views
0
Helpful
5
Replies

2960 Allow only PPPoE on port

David Kondicz
Level 1
Level 1

‎01-01-2014 05:21 AM - edited ‎03-07-2019 05:20 PM

Hi all,

is there any way to allowe only PPPoE comunication on ethernet port on 2960X or 2960S catalyst switches?

Thanx

BR

David

Labels:
0 Helpful
5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-01-2014 09:51 AM

Hi,

I don't think you can configure PPPOE on switches.  You need a router.

HTH

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Reza Sharifi

‎01-01-2014 10:28 AM

Hi Reza,

I think David's question focused on something else: can you configure an access port on a switch so that the only frame it accepts is a PPPoE frame?

In my opinion, that should be possible - the easiest way of doing that would simply be to configure a port-ACL (PACL) that drops all IP traffic whatsoever. PPPoE-encapsulated packets are not treated as IP packets by the switch, so IP PACL will not apply. So simply doing something like this should do the trick:

ip access-list standard NoIP
 deny any
!
interface FastEthernet0/1
 ip access-group NoIP in

If we wanted to be very precise, we could also create a MAC ACL to further narrow down the non-IP traffic allowed through a port. PPPoE uses EtherType values 0x8863 and 0x8864. The MAC ACL would need to be carefully specified, though, to allow other Layer2 control and management plane traffic (STP, DTP, VTP, CDP, LLDP, PAgP/LACP, UDLD, LOOP...), so it could be more difficult to create properly.

I even believe that creating a VACL would be possible although the VACLs are not officially supported on 2960 Catalysts yet (still, with a very recent IOS, they can be created and used just fine).

Best regards,

Peter

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Peter Paluch

‎01-01-2014 10:58 AM

Hi Peter,

Thanks for clarification.  I may have misunderstood the question.

Happy New Year with all the best!!!!!

Reza

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Reza Sharifi

‎01-01-2014 01:26 PM

Reza,

Happy New Year with all the very best to you too, my friend!

Best regards,

Peter

0 Helpful

Karsten Iwen
VIP
VIP

‎01-01-2014 10:17 AM

I understand your question that you don't want to terminate it on the switch (as Reza assumes) but send it through; is that what you want to do?

In either case I don't think that you can only allow PPPoE on a port. But perhaps (completely untested) you can limit the communication with an ACL that denys all ip traffic. At least "normal" IP shouldn't be allowed then any more but still everything else that are other ethernet-based protocols.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card