Tassos Chatzithomaoglou writes: > > What about the following? > > mac address-table static 0100.5e00.0002 vlan X int A B ... > > Just don't include the 2 appliance interfaces into the > interface list (or include only the 2 hsrp ports).
Nope. That doesn't seem to do anything -- I'm still seeing the HSRP packets in my sniffer. Sigh. Cisco sure doesn't want to perform outbound MAC-layer filtering on it's interfaces, no matter what the security implications might be. It sure would be nice if they'd figure out that allowing this traffic to be restricted to known/allowed ports, the network would be just a little bit safer. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
