Re: Mac access-list from Tony Singh on 2014-01-22 (Ccielab archives 01/2014)

From: Tony Singh <mothafungla_at_gmail.com>
Date: Wed, 22 Jan 2014 08:41:13 +0000

For VTP

Apply to a single interface

mac access-list extended VTP
deny any host 0100.0ccc.cccc 0x2003 0x0
permit any any
!
interface FastEthernet0/0
mac access-group VTP in

To apply to a single vlan

mac access-list extended VTP
permit any host 0100.0ccc.cccc 0x2003 0x0
!
vlan access-map VTP 10
action drop
match mac address VTP
vlan access-map VTP 20
action forward
vlan filter VTP vlan-list 10

For CDP replace ethertype to 0x2000 as CDP/VTP use the same multicast mac-address to listen for updates

--
BR
Tony
> On 22 Jan 2014, at 07:57, Imran Ali <immrccie_at_gmail.com> wrote:
> 
> Hi team ,
> 
> i am trying to block  VTP/CDP based on ether type value .
> 
> to allow  PVST/PVST+
> 
> permit any  any lasp  0x4242 0x0
> 
> to allow arp
> permit  any any 0x806
> 
> to block vtp/cdp
> 
> permit any any  lsap 0xaaaa
> 
> is this correct ?
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> _______________________________________________________________________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Wed Jan 22 2014 - 08:41:13 ART

This archive was generated by hypermail 2.2.0 : Sat Feb 01 2014 - 10:24:52 ART