Yes, that works for me :-)
With regards Kings On Sat, Aug 13, 2011 at 3:10 AM, Mark Senteza <[email protected]>wrote: > Thanks Kings, > > so when asked to match BPDUs, its better to specify both "lsap 0xAAAA" and > "lsap 0x4242" ? > > Mark > > > On Thu, Aug 11, 2011 at 10:46 PM, Kingsley Charles < > [email protected]> wrote: > >> IEEE STP BPDUs (uses 803.2 with 802.2) are sent vlan 1 on trunk ports >> (802.1q) irrespective of whether it is the native or non-native vlan. >> It can be matched using "permit any any lsap 0x4242 0x0". >> >> PVST+ BPDUs (Uses 803.2 with SNAP) are sent on other vlans excluding vlan >> 1 on trunk port (802.1q). It can be match using "permit any any lsap 0xAAAA >> 0x0" or "permit any any 0x010B 0x0". >> >> >> mac access-list extended BPDU >> permit any any lsap 0xAAAA >> >> permit any any lsap 0x4242 >> >> or >> >> >> mac access-list extended BPDU >> permit any any 0x010B 0x0 >> >> permit any any lsap 0x4242 >> >> >> I prefer first one as 0xAAAA also permits cdp, vtp etc along with PVST+ >> BPDUs. >> >> >> With regards >> Kings >> >> On Fri, Aug 12, 2011 at 3:26 AM, Mark Senteza <[email protected]>wrote: >> >>> Hey >>> >>> What values do you match when asked to filter STP BPDUs, for both 802.1q >>> and ISL trunks ? >>> >>> I've read that IEEE STP BPDUs use 802.2 LLC encapsulation with SSAP/DSSP >>> values of 0x42 or LSAP value of 0x4242. The document further states that you >>> can also see STP packets sent across ISL trunks using the same LSAP value of >>> 0x42. >>> >>> PVST+ BPDUs use 802.2 SNAP encapsulation, with LSAP=0xAAAA. All >>> SNAP-encapsulated packets can be matched using an LSAP value of 0xAAAA. >>> >>> So, my question is, in order to match STP BPDUs for both 802.1q and ISL >>> trunks, would I have to do the following: >>> >>> mac access-list extended BPDU >>> permit any any 0xAAAA 0x0 >>> permit any any lsap 0x4242 >>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
