Block appletalk on 3560 switches

sudeep.patil · ‎09-10-2012

In cisco documentation for the 3560 it is mentioned that blocking appletalk will not work .It shows up in command line but it is not working due to hardware limitation

Is there any other way to block appletalk on 3560 swiitches

====================================

mac access-list extended AAP

deny host 0013.0013.0013 any appletalk

permit any any

interface fa0/13

mac access-group AAP in

====================================

Reference

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/command/reference/cli1.html#wp11893267

Copy paste from Doc

Though visible in the command-line help strings, appletalk is not supported as a matching condition.

Sakun Sharma · ‎09-11-2012

If appletalk is not listed than you cannot block it this way.

May be you can block based on port no series, I think so, AppleTalk use port no 201 to 208 and 387 tcp and udp as well.

Try blocking this way, may be it will work out.

sudeep.patil · ‎09-11-2012

I found one more way to block it using the ethertype access-list but not sure if this will work .

=====================

mac access-list extended AAP

deny host 0013.0013.0013 any 0X809B

permit any any

interface fa0/13

mac access-group AAP in

=====================

Sakun Sharma · ‎09-11-2012

You can give it a try, may be it will work, or it should work.