If you are in the lab and you dont remember these things, just enable debug spanning-tree bpdu receive and you will see (example with dot1q trunk, 3 vlans):
*Mar 11 04:02:43.731: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/13 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 11 04:02:43.731: STP: enc 01 80 C2 00 00 00 00 09 E8 CB 62 8D 00 26 42 42 03 *Mar 11 04:02:43.731: STP: Data 000000000080010009E8CB62800000000080010009E8CB6280800D0000140002000F00 *Mar 11 04:02:43.735: STP: VLAN0001 Fa0/13:0000 00 00 00 80010009E8CB6280 00000000 80010009E8CB6280 800D 0000 1400 0200 0F00 *Mar 11 04:02:43.735: STP(1) port Fa0/13 supersedes 0 *Mar 11 04:02:45.435: STP: VLAN0010 rx BPDU: config protocol = ieee, packet from FastEthernet0/13 , linktype SSTP , enctype 3, encsize 22 *Mar 11 04:02:45.435: STP: enc 01 00 0C CC CC CD 00 09 E8 CB 62 8D 00 32 AA AA 03 00 00 0C 01 0B *Mar 11 04:02:45.435: STP: Data 0000000000800A0009E8CB628000000000800A0009E8CB6280800D0000140002000F00 *Mar 11 04:02:45.439: STP: VLAN0010 Fa0/13:0000 00 00 00 800A0009E8CB6280 00000000 800A0009E8CB6280 800D 0000 1400 0200 0F00 *Mar 11 04:02:45.439: STP(10) port Fa0/13 supersedes 0 *Mar 11 04:02:45.439: STP: VLAN0020 rx BPDU: config protocol = ieee, packet from FastEthernet0/13 , linktype SSTP , enctype 3, encsize 22 *Mar 11 04:02:45.439: STP: enc 01 00 0C CC CC CD 00 09 E8 CB 62 8D 00 32 AA AA 03 00 00 0C 01 0B *Mar 11 04:02:45.439: STP: Data 000000000080140009E8CB62800000000080140009E8CB6280800D0000140002000F00 *Mar 11 04:02:45.443: STP: VLAN0020 Fa0/13:0000 00 00 00 80140009E8CB6280 00000000 80140009E8CB6280 800D 0000 1400 0200 0F00 *Mar 11 04:02:45.443: STP(20) port Fa0/13 supersedes 0 STP-SNAP 0x4242 (lsap 0x4242 0x000) PVST+-SNAP 0xAAAA (lsap 0xAAAA 0x000) Regards, Antonio Soares, CCIE #18473 (R&S/SP) <mailto:[email protected]> [email protected] <http://www.ccie18473.net> http://www.ccie18473.net From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: terça-feira, 7 de Junho de 2011 17:22 To: Bruno Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Permitting STP BPDUs Does STP and PVST use EtherType? They use SNAP isn't it? With regards Kings On Tue, Jun 7, 2011 at 7:40 PM, Bruno <[email protected]> wrote: Hey King, STP and PVST should be matched on lsa type 0xaaaa I am not mistaken Ethertype should be 0x10b I think. On Tue, Jun 7, 2011 at 8:57 AM, Kingsley Charles <[email protected]> wrote: Hi all I am using VACLs to block ARP in vlan X using the following command. This is going to block all non-ip traffic including the STP BPDUs. What is needed to permit the STP BPDUs to prevent looping? mac access-list extended king permit any any 0x0806 vlan access-map king match mac address action drop vlan filter king vlan-list 123 With regards Kings _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
