From: Ivan (ivan@iip.net)
Date: Sun Sep 10 2006 - 19:24:15 ART
Someone early told about this problem.
AFAIR different STP protocols used different L2 encapsulation.
STP use ethertype 0x4242
PVST+ use LLC SNAP encapsulation LSAP equal 0xAAAA. In this case need to see
more deeply OUI/Type part SNAP header. But i don't know how it can be proceed
in Cisco IOS.
ACL for last case
permit any any lsap 0xAAAA 0x0
> Problem with STP in IEWB lab 11 - the task is to configure a VACL
> allowing only IP trafic with a named access list and the necessary layer
> 2 traffic should be also allowed. The problem is with ARP and STP
> traffic, which are mached by MAC extended ACL. For ARP i am matching
> ethernet type 0x806
>
> mac access-list extended arp-mac-acl
> permit any any 0x806 0x0
>
>
> For STP i was unable to find the right acl statement. In the solution
> guide i found they used ethernet type LSAP 0x4242
>
> permit any any lsap 0x4242 0x0
>
> Using this statement in another mac ACL i constructed the final VACL:
>
>
> mac access-list extended arp-mac-acl
> permit any any 0x806 0x0
> mac access-list extended stp-mac-acl
> permit any any lsap 0x4242 0x0
> ip access-list extended IPONLY
> permit ip any any
>
> vlan access-map iponly-vacl 5
> action forward
> match mac address arp-mac-acl
> vlan access-map iponly-vacl 6
> action forward
> match mac address stp-mac-acl
> vlan access-map iponly-vacl 10
> action forward
> match ip address IPONLY
>
> The problem is that STP still does not work and the BPDUs are being
> filtered by the VACL. To prevent the first advice - I didn't forget to
> remove and reapply the VACL after the changes.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART