03-30-2017 01:55 AM - edited 03-08-2019 09:58 AM
Hi
One of my clients asked me the below requirement.
"I wan to run CDP to all my Cisco Devices but under an ACL. The CDP will run only my LAN/WAN Devices which is allowed by IP/MAC address through an ACL.Only match IP addresses device will talk/communicate with each other."
I want to know if it is possible to meet the requirement using ACL ..
And I also know that it can be done using Cisco ISE,RADIUS-Authorization feature. but as client wants to do it by ACL , so I need a specific answer.
Best Regards
ARIQ
03-30-2017 08:28 PM
as I know CDP is layer 2 protocol. so you can not block it using match IP address ACL.
you can block it using layer 2 ACL with source mac address and destination multicast mac address CDP.
layer 2 ACL only supported in switches. not routers.
I actually never tryed to do so.
03-30-2017 10:40 PM
Ariq,
this is a quite unusual requirement and I don't know what benefit your customer expects from it.
However, I think you could try to use the Embedded Event Manager (EEM).
As you probably know, you can enable or disable CDP on a per-interface basis. With EEM you could use link-down events to disable CDP on a link and link-up events to verify that the connected device is allowed and then enable CDP on the link.
I'm sure you'll find help with writing an applet or script for this in the EEM section of this forum.
HTH
Rolf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide