EXOS Policies: how to allow bpdu and VRRP?


Userlevel 4
Hello, everybody!

Could you please tell me Ethertype value for EMISTP?

I have to allow these packets in access rule applied to VLAN.

Should it be something like

entry EMISTP-BPDU { if match all {ethernet-type 0x???? ;
} then { permit ; } }[/code]

I would like also to allow VRRP. Would it be OK?

entry vrrp { if match all {
destination-address 224.0.0.18/32 ;
} then {
permit ;
}
}

Please, look at my rules...

Many thanks in advance,
Ilya

3 replies

Userlevel 5
Hi Ilya,

Your VRRP rule is correct.
For the STP BPDU's you can use :

entry EMISTP-BPDU { if match all {
ethernet-destination-address 01:00:0c🇨🇨cc:cd;
} then {
permit ;
}
}

This should work.
Userlevel 4
Thanks, Ron!

Could you also tell me what traffic should I allow to permit PVST BPDUs?

Many thanks in advance,

Ilya
Userlevel 6
Hi,

The destination-mac "01:00:0c🇨🇨cc:cd" is related to PVST+ and "01:80:C2:00:00:00" related to EMISTP.

The policy rule would be:

entry PVST-BPDU { if {
ethernet-destination-address 01:00:0c🇨🇨cc:cd;
} then {
permit;
}
}

entry EMISTP-BPDU {
if {
ethernet-destination-address 01:80:C2:00:00:00;
} then {
permit;
}
}

Reply