Prevent AppleTalk attack on switchport fa0/10.
My first solution:
!
mac access-list extended MAC_ACL
deny host 1234.1234.1234 any eq appletalk
permit any any
!
interface fa0/10
mac access-group MAC_ACL in
But I found this in the documentation:
------------------------------------------------------------------------------------------------------------------------------------------------
NOTE:
Cisco doc 3560SCG 12.2(44)SE (Creating Named MAC Extended ACLs page
32-26).
– Though visible in the command-line help strings, AppleTalk is
not supported as
a matching condition for
the deny and permit MAC access-list configuration mode commands.
------------------------------------------------------------------------------------------------------------------------------------------------
Solution: Use ethertype 0x809B for Appletalk (Ethertalk).
So my solution should instead look like this:
mac access-list extended MAC_ACL
deny host 1234.1234.1234 any eq 0x809B
permit any any
!
interface fa0/10
mac access-group MAC_ACL in
Can anyone confirm that this assumption is
correct?
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
