FOR allowing stp
permit any any lasp 0x4242 0x0 this sufficient or i have to add
permit any any 0x010B 0x0 ? what is 0X10B used for ?
On Wed, Jan 22, 2014 at 11:41 AM, Tony Singh <mothafungla_at_gmail.com> wrote:
>
> For VTP
>
> Apply to a single interface
>
> mac access-list extended VTP
> deny any host 0100.0ccc.cccc 0x2003 0x0
> permit any any
> !
> interface FastEthernet0/0
> mac access-group VTP in
>
>
> To apply to a single vlan
>
> mac access-list extended VTP
> permit any host 0100.0ccc.cccc 0x2003 0x0
> !
> vlan access-map VTP 10
> action drop
> match mac address VTP
> vlan access-map VTP 20
> action forward
> vlan filter VTP vlan-list 10
>
>
> For CDP replace ethertype to 0x2000 as CDP/VTP use the same multicast
> mac-address to listen for updates
>
> --
> BR
>
> Tony
>
> > On 22 Jan 2014, at 07:57, Imran Ali <immrccie_at_gmail.com> wrote:
> >
> > Hi team ,
> >
> > i am trying to block VTP/CDP based on ether type value .
> >
> > to allow PVST/PVST+
> >
> > permit any any lasp 0x4242 0x0
> >
> > to allow arp
> > permit any any 0x806
> >
> > to block vtp/cdp
> >
> > permit any any lsap 0xaaaa
> >
> > is this correct ?
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 22 2014 - 12:05:22 ART
This archive was generated by hypermail 2.2.0 : Sat Feb 01 2014 - 10:24:52 ART