On (2014-02-06 09:54 -0500), Jason Lixfeld wrote: > End-to-end port-based eompls shouldn't care about tunneled PDUs coming in on > a customer facing port, should it? > > Or are you referring to a non-eompls environment on at least one of the > customer-facing ends? (ie: dot1q-tunnel + forwarding | tunneling of whatever > L2 BPDUs might be supported by that port)
Yes. If you tunnel, you cannot receive tunnel MACs in the lan side (so customer itself cannot run L2PT over your service, or otherwise use such switches) I think it's security measure, to avoid some customer of customer from sending tunneled BPDU, which would be translated by your kit on far-end to legit BPDU. Even though if original source port had BPDUfilter or BPDUguard. -- ++ytti _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
