Chaps
Why not just disable it on the interface? I have done it for security
purposes in the past. Perhaps I'm missing sommat, if so, my apologies.
Paul
>From: Phil Barker <[EMAIL PROTECTED]>
>Reply-To: Phil Barker <[EMAIL PROTECTED]>
>To: Erick <[EMAIL PROTECTED]>, Aaron Prather <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
>Subject: Re: Can you block CDP with an access list???
>Date: Wed, 28 Jun 2000 08:14:43 +0100 (BST)
>
>
>Aaron/Erick,
> I believe that CDP uses ARPA code 0x2000 so you
>could try the following.
>
> access-list 200 deny 0x2000
>
>although I don't understand why you would want to do
>this. It is an extremely useful tool that uses minimal
>b/w.
>
>Phil.
>
>--- Erick <[EMAIL PROTECTED]> wrote: > Hi again,
> >
> > I tried blocking it going out the router with ACL
> > but
> > didn't succeed. I think this is because you can only
> > apply MAC-address ACLs to certain objects (bridge
> > groups, etc) and my lab setup isn't setup right to
> > really see if this works.
> >
> > CDP uses 01000C-CCCCCC which is a Multicast MAC.
> >
> > Below is the config I thru together which wasn't
> > working from sniffer traces I was doing on my
> > ethernet
> > segment. As others have said, disable CDP on the
> > interface (no cdp enable) so the information isn't
> > advertised. Lots of useful information can be
> > learned
> > from sniffing a segment and looking at CDP packet
> > entries :)
> >
> > interface Ethernet0
> > ip address 192.168.1.2 255.255.255.0
> > bridge-group 1
> > bridge-group 1 output-address-list 701
> > !
> >
> > access-list 701 deny 0000.0000.0000 0100.0ccc.cccc
> > (I reversed this and also tried extended)
> >
> > --- Aaron Prather <[EMAIL PROTECTED]>
> > wrote:
> > > If you can what protocol does it use? UDP? i know
> > > its a protocol in
> > > itself, but can this be done? what port number?
> > >
> > > Thanks guys,
> > >
> > > Aaron
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get Yahoo! Mail - Free email you can access from
> > anywhere!
> > http://mail.yahoo.com/
> >
> > ___________________________________
> > UPDATED Posting Guidelines:
> > http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
>
>
>____________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
>or your free @yahoo.ie address at http://mail.yahoo.ie
>
>___________________________________
>UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
