cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
790
Views
0
Helpful
2
Replies

PVST+ mac acl

Hi,

I've to implement a VACL to filter PVST+ BPDUs sent on a 802.1q trunk port

For instance here http://ardenpackeer.com/tutorials/security/security-common-ethertypes-in-vlan-access-maps/ you can find a mac access-list example to match PVST+;

PVST+ BPDUs are sent on trunk port using 802.3 ethernet + LLC SNAP (SSAP=DSAP=0xAA and SNAP PID = 0x010B)

Now the suggested mac acl:

mac access-list extended PVST+

permit any any lsap 0xAAAA 0x0

implements the SSAP=DSAP=0xAA match but.....what about SNAP Protocol ID (PID) ? Is it also possibile include this match into an (extended) mac acl?

thanks.

2 Replies 2

Someone can help me ?

Thanks

Why not just use BPDUfilter? Why would you need to essentially disable STP on a trunk port though?

Sent from Cisco Technical Support iPad App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco