IEEE STP BPDUs (uses 803.2 with 802.2) are sent vlan 1 on trunk ports (802.1q) irrespective of whether it is the native or non-native vlan. It can be matched using "permit any any lsap 0x4242 0x0".
PVST+ BPDUs (Uses 803.2 with SNAP) are sent on other vlans excluding vlan 1 on trunk port (802.1q). It can be match using "permit any any lsap 0xAAAA 0x0" or "permit any any 0x010B 0x0". mac access-list extended BPDU permit any any lsap 0xAAAA permit any any lsap 0x4242 or mac access-list extended BPDU permit any any 0x010B 0x0 permit any any lsap 0x4242 I prefer first one as 0xAAAA also permits cdp, vtp etc along with PVST+ BPDUs. With regards Kings On Fri, Aug 12, 2011 at 3:26 AM, Mark Senteza <[email protected]>wrote: > Hey > > What values do you match when asked to filter STP BPDUs, for both 802.1q > and ISL trunks ? > > I've read that IEEE STP BPDUs use 802.2 LLC encapsulation with SSAP/DSSP > values of 0x42 or LSAP value of 0x4242. The document further states that you > can also see STP packets sent across ISL trunks using the same LSAP value of > 0x42. > > PVST+ BPDUs use 802.2 SNAP encapsulation, with LSAP=0xAAAA. All > SNAP-encapsulated packets can be matched using an LSAP value of 0xAAAA. > > So, my question is, in order to match STP BPDUs for both 802.1q and ISL > trunks, would I have to do the following: > > mac access-list extended BPDU > permit any any 0xAAAA 0x0 > permit any any lsap 0x4242 > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
