09-10-2012 02:36 PM - edited 03-07-2019 08:48 AM
In cisco documentation for the 3560 it is mentioned that blocking appletalk will not work .It shows up in command line but it is not working due to hardware limitation
Is there any other way to block appletalk on 3560 swiitches
====================================
mac access-list extended AAP
deny host 0013.0013.0013 any appletalk
permit any any
interface fa0/13
mac access-group AAP in
====================================
Reference
Copy paste from Doc
Though visible in the command-line help strings, appletalk is not supported as a matching condition.
09-11-2012 05:09 AM
If appletalk is not listed than you cannot block it this way.
May be you can block based on port no series, I think so, AppleTalk use port no 201 to 208 and 387 tcp and udp as well.
Try blocking this way, may be it will work out.
09-11-2012 05:58 AM
I found one more way to block it using the ethertype access-list but not sure if this will work .
=====================
mac access-list extended AAP
deny host 0013.0013.0013 any 0X809B
permit any any
interface fa0/13
mac access-group AAP in
=====================
09-11-2012 11:37 PM
You can give it a try, may be it will work, or it should work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide