cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

416
Views
0
Helpful
2
Replies

PVST+ mac acl

Hi,

I've to implement a VACL to filter PVST+ BPDUs sent on a 802.1q trunk port

For instance here http://ardenpackeer.com/tutorials/security/security-common-ethertypes-in-vlan-access-maps/ you can find a mac access-list example to match PVST+;

PVST+ BPDUs are sent on trunk port using 802.3 ethernet + LLC SNAP (SSAP=DSAP=0xAA and SNAP PID = 0x010B)

Now the suggested mac acl:

mac access-list extended PVST+

permit any any lsap 0xAAAA 0x0

implements the SSAP=DSAP=0xAA match but.....what about SNAP Protocol ID (PID) ? Is it also possibile include this match into an (extended) mac acl?

thanks.

Everyone's tags (3)
2 REPLIES 2
Highlighted

PVST+ mac acl

Someone can help me ?

Thanks

Beginner

Re: PVST+ mac acl

Why not just use BPDUfilter? Why would you need to essentially disable STP on a trunk port though?

Sent from Cisco Technical Support iPad App

CreatePlease to create content
Content for Community-Ad