Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
759
Views
6
Helpful
7
Replies

Cisco Packet filtration

Go to solution
isakdal
Level 1
Level 1

‎05-23-2023 06:27 AM

I have a question, im working in an office where we're using old cisco 2960s and our core equipment are two C3850.

We're about to make some changes to our internet line, which includes filtration of packages coming from our vendor as we only want what comes across our tagged vlans. Is there any way for me to filter things like BPDU packets and or the packets sent the link between our router and our ISP router(Things like vlan 1, and or just untagged packets in general), as we'd rather not have a flood of packets from our ISP into our monitoring systems. I know of commands like switchport trunk allowed vlan 2-4094, but won't the native vlan still allow the untagged packets through by just tagging them with vlan 1 in this instance? Or am i misunderstanding something.

This might be a bit difficult to answer as im not 100% sure how to formulate the question in a way that makes sense. Any information that might help further educate me is greatly appreciated.

1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to isakdal

‎05-23-2023 07:26 AM

It depends on the kind of traffic but they are usually not filtered. When we talk about tag or untagged traffic we are talking about traffic between switches or switch and router if they are in trunk mode.

  First, you need to identify why you have this traffic. For example, you may have untagged traffic on vlan 1 or other native vlan in order to allow DHCP service for yours Access Point, in case you have accesss points,  and you can not filter that traffic or you will impact the DHCP srevices. 

 This just an example but we can extend to others devices too. 

 

 

 

 

 

View solution in original post

7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎05-23-2023 06:35 AM - edited ‎05-24-2023 03:42 AM

Check 

Go to solution
isakdal
Level 1
Level 1
In response to MHM Cisco World

‎05-23-2023 07:15 AM

RIght pardon the wrong information, to give some clarity, we're currently running two  WS-C3850-12XS that are then connected up toward two ISR C1111-8P, the primary goal i am looking for is for us to filter the untagged traffic that'll come from those two, so that we don't get a small flood of unnnessecary traffic on our switches, at least for the period where we'll be keeping our C3850s.

 

Go to solution
MHM Cisco World
VIP
VIP
In response to isakdal

‎05-23-2023 07:32 AM - edited ‎05-24-2023 03:42 AM

Check

Go to solution
Flavio Miranda
VIP
VIP

‎05-23-2023 06:40 AM

Hi

 BPDU you can filter with bpdu guard configured on the interface. But, you wouldn´t bpdu between routers. 

  If you have a router, as you mentioned here "our router and our ISP router" you should not worry about traffic in vlan 1. The only thing you should worry about is routes.

 I can imagine you topology as two cores switches 3850 and access switches 2960 .  The cores connect to a router and the router connect to the router´s ISP.

 If I am right, there´s nothing to worry about send traffic to you.

 

Go to solution
isakdal
Level 1
Level 1
In response to Flavio Miranda

‎05-23-2023 07:08 AM

Right good to know, and how would you suggest i deal with untagged traffic? Can i filter it in some way?

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to isakdal

‎05-23-2023 07:26 AM

It depends on the kind of traffic but they are usually not filtered. When we talk about tag or untagged traffic we are talking about traffic between switches or switch and router if they are in trunk mode.

  First, you need to identify why you have this traffic. For example, you may have untagged traffic on vlan 1 or other native vlan in order to allow DHCP service for yours Access Point, in case you have accesss points,  and you can not filter that traffic or you will impact the DHCP srevices. 

 This just an example but we can extend to others devices too. 

 

 

 

 

 

Go to solution
isakdal
Level 1
Level 1
In response to Flavio Miranda

‎05-24-2023 03:27 AM

Right i've done some experimenting and found a solution to my problem. But on closer inspection what you said here was close to the solution i was looking for, so ill accept it as such Thanks for the help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card