EXOS Policies: how to allow bpdu and VRRP?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello, everybody!

Could you please tell me Ethertype value for EMISTP?

I have to allow these packets in access rule applied to VLAN.

Should it be something like

entry EMISTP-BPDU { if match all {
ethernet-type 0x???? ;
} then { permit ; } }


I would like also to allow VRRP. Would it be OK?

entry vrrp { if match all { 
destination-address 224.0.0.18/32 ; 
} then { 
permit ; 

}

Please, look at my rules...

Many thanks in advance,
Ilya
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Ron Huygens

Ron Huygens, Employee

  • 3,180 Points 3k badge 2x thumb
Hi Ilya,

Your VRRP rule is correct.
For the STP BPDU's you can use :

entry EMISTP-BPDU { if match all {
ethernet-destination-address 01:00:0c:cc:cc:cd;
} then {
permit ;
}
}

This should work.
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Thanks, Ron!

Could you also tell me what traffic should I allow to permit PVST BPDUs?

Many thanks in advance,

Ilya
(Edited)
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi,

The destination-mac "01:00:0c:cc:cc:cd" is related to PVST+ and "01:80:C2:00:00:00" related to EMISTP.

The policy rule would be:

entry PVST-BPDU {  if { 
ethernet-destination-address 01:00:0c:cc:cc:cd;
} then { 
permit; 

}

entry EMISTP-BPDU { 
if { 
ethernet-destination-address 01:80:C2:00:00:00;
} then { 
permit; 

}