This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EXOS Policies: how to allow bpdu and VRRP?

EXOS Policies: how to allow bpdu and VRRP?

Ilya_Semenov
Contributor

‎10-17-2016 12:16 PM

Hello, everybody!

Could you please tell me Ethertype value for EMISTP?

I have to allow these packets in access rule applied to VLAN.

Should it be something like

entry EMISTP-BPDU { if match all {ethernet-type 0x???? ;
} then { permit ; } }

I would like also to allow VRRP. Would it be OK?

entry vrrp { if match all {
destination-address 224.0.0.18/32 ;
} then {
permit ;
}
}

Please, look at my rules...

Many thanks in advance,
Ilya

0 Kudos
3 REPLIES 3

Henrique
Extreme Employee

‎10-18-2016 05:35 PM

Hi,

The destination-mac "01:00:0c??cc:cd" is related to PVST+ and "01:80:C2:00:00:00" related to EMISTP.

The policy rule would be:

entry PVST-BPDU { if {
ethernet-destination-address 01:00:0c??cc:cd;
} then {
permit;
}
}

entry EMISTP-BPDU {
if {
ethernet-destination-address 01:80:C2:00:00:00;
} then {
permit;
}
}
0 Kudos

Ilya_Semenov
Contributor

‎10-18-2016 07:31 AM

Thanks, Ron!

Could you also tell me what traffic should I allow to permit PVST BPDUs?

Many thanks in advance,

Ilya
0 Kudos

Ron_Huygens
Community Manager Community Manager
Community Manager

‎10-18-2016 04:02 AM

Hi Ilya,

Your VRRP rule is correct.
For the STP BPDU's you can use :

entry EMISTP-BPDU { if match all {
ethernet-destination-address 01:00:0c??cc:cd;
} then {
permit ;
}
}

This should work.

0 Kudos
GTM-P2G8KFN