- Original Message -
From: Joel Studtmann <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 30, 2000 16:06
Subject: Re: AGS+ (was Re: Can you block CDP with an access list???)
> Hey! I like my AGS+! I wouldn't use it in a production environment, of
&g
> [EMAIL PROTECTED]
>
>
> >From: "Raymond Everson (Rainman)" <[EMAIL PROTECTED]>
> >Reply-To: "Raymond Everson (Rainman)" <[EMAIL PROTECTED]>
> >To: Aaron Prather <[EMAIL PROTECTED]>
> >CC: [EMAIL PROTECTED]
> >Subject: Re
There are a better pssibilities than an access-list. You can disable CDP per
Port. Look at the command syntax:
cdp enable
To enable Cisco Discovery Protocol (CDP) on an interface, use the cdp enable
interface configuration command. Use the no form of this command to disable
CDP on an interface.
John,
Yep... was pretty sure a MAC-address ACL wouldn't do
the job unless he was bridging. Verified this in my
lab the other day. Gave me a reason to play with
MAC-address ACLs which I normally don't do so learned
something.
--- John Neiberger <[EMAIL PROTECTED]> wrote:
> IIRC, MAC access lists
enny Mcleod/NSO/CSDA on 29/06/2000 09:03
---
"Niraj Palikhey" <[EMAIL PROTECTED]> on 28/06/2000 23:35:26
Please respond to "Niraj Palikhey" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
[EMAIL PROTECTED]
cc: [EMAIL PROTECTED] (bcc: JE
Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, June 28, 2000 4:09 PM
To: [EMAIL PROTECTED]
Subject: AGS+ (was Re: Can you block CDP with an access list???)
"The AGS+ is Cisco Systems' leading price/perf
IIRC, MAC access lists can only be applied on bridging interfaces, not
routing interfaces. Is that right? If that's the case, a MAC access list
wouldn't block CDP anyway, assuming that he is routing on this interface.
He'd have to disable CDP on the router or the interface.
John Neiberger, CCN
Paul,
Disabling CDP is ideal.. but the poster wanted to know
how to block it with a ACL so thats what I was trying
to do.
--- paul doyl <[EMAIL PROTECTED]> wrote:
>
> Chaps
> Why not just disable it on the interface? I have
> done it for security
> purposes in the past. Perhaps I'm missing so
n Prather <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Re: Can you block CDP with an access list???
>Date: Tue, 27 Jun 2000 19:47:18 -0400
>
>again. read up udp=layer 4
>cdp=NOT layer 4
> in fatto: cdp is cisco's implementation of stretching layer 2 rule
CDP uses multicast-packets (8kB) for the MAC-adress 01-00-0C-CC-CC
Erick <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
[EMAIL PROTECTED]
>
> CDP is layer 2. Offhand, I don't remember the MAC
> address it uses but perhaps a MAC-address ACL will do
> the trick.
>
> Personally, I disable it since
CTED]>, Aaron Prather <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
>Subject: Re: Can you block CDP with an access list???
>Date: Wed, 28 Jun 2000 08:14:43 +0100 (BST)
>
>
>Aaron/Erick,
> I believe that CDP uses ARPA code 0x2000 so you
>could try the follo
Aaron/Erick,
I believe that CDP uses ARPA code 0x2000 so you
could try the following.
access-list 200 deny 0x2000
although I don't understand why you would want to do
this. It is an extremely useful tool that uses minimal
b/w.
Phil.
--- Erick <[EMAIL PROTECTED]> wrote: > Hi again,
>
The easiest way to block cdp on an interface would be to diable cdp on the
interface that you didn't want to run cdp on. CDP is disable per router
with the command 'no cdp run' or per interface with 'no cdp enable'.
If you are just trying to use an ACL you can block the MAC Multicast address
of
Hi again,
I tried blocking it going out the router with ACL but
didn't succeed. I think this is because you can only
apply MAC-address ACLs to certain objects (bridge
groups, etc) and my lab setup isn't setup right to
really see if this works.
CDP uses 01000C-CC which is a Multicast MAC.
B
I found this on Ciscos pages -
CDP sends packets on LANs using the multicast address 0100.0CCC..
So maybe that will help if you can set up an ACL by MAC address. But, I am
pretty sure that if you turn off CDP on a router it will not respond to CDP
requests from neighbor routers. I couldn
use the
no cdp enable
command
Erick wrote:
> CDP is layer 2. Offhand, I don't remember the MAC
> address it uses but perhaps a MAC-address ACL will do
> the trick.
>
> Personally, I disable it since it is Cisco-only and I
> work in multi-vendor environments.
>
> --- Aaron Prather <[EMAIL PROTEC
again. read up udp=layer 4
cdp=NOT layer 4
in fatto: cdp is cisco's implementation of stretching layer 2 rules.
The Cisco Discovery Protocol (CDP) Discovery Protocol
CDP allows devices to share basic configuration information without even
configuring any protocol
specific informati
I know you can turn off CDP completely however I do not believe it can be
blocked by an IP access-list as it runs at layer 2.
If I am wrong, I am sure I will be corrected here, but I am pretty sure that
is accurate based on the fact that CDP uses layer 2.
- Original Message -
From: "Aaro
CDP is layer 2. Offhand, I don't remember the MAC
address it uses but perhaps a MAC-address ACL will do
the trick.
Personally, I disable it since it is Cisco-only and I
work in multi-vendor environments.
--- Aaron Prather <[EMAIL PROTECTED]> wrote:
> If you can what protocol does it use? UDP
CDP is based on snap encapsulation ..so may be a layer 2 filetr based on
cdp protocol no also may work
-Original Message-
From: Feliz, Edgar
To: Aaron Prather; [EMAIL PROTECTED]
Sent: 6/27/00 5:14 PM
Subject: RE: Can you block CDP with an access list???
You can disable it on an
You can disable it on an interface basis.
EF
-Original Message-
From: Aaron Prather [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 27, 2000 5:58 PM
To: [EMAIL PROTECTED]
Subject: Can you block CDP with an access list???
If you can what protocol does it use? UDP? i know its a protocol i
21 matches
Mail list logo