1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. 4700M
  6. Configuration manual

Configuring An Ethertype Acl - Cisco 4700M Configuration Manual

Application control engine appliance security
Hide thumbs Also See for 4700M:
Table of Contents

Advertisement

Chapter 1
Configuring Security Access Control Lists
Configuring ACLs

Configuring an EtherType ACL

You can configure an ACL that controls traffic based on its EtherType. An
EtherType is a subprotocol identifier. EtherType ACLs support Ethernet V2
frames. EtherType ACLs do not support 802.3-formatted frames because they use
a length field instead of a type field. The only exception is a bridge protocol data
unit (BPDU), which is SNAP encapsulated. The ACE can specifically handle
BPDUs.
You can permit or deny BPDUs. By default, all BPDUs are denied. The ACE
receives trunk port (Cisco proprietary) BPDUs because ACE ports are trunk ports.
Trunk BPDUs have VLAN information inside the payload, so the ACE modifies
the payload with the outgoing VLAN if you allow BPDUs. If you configure
redundancy, you must allow BPDUs on both interfaces with an EtherType ACL to
avoid bridging loops. For details about configuring redundancy, see the Cisco
4700 Series Application Control Engine Appliance Administration Guide.
If you allow Multiprotocol Label Switching (MPLS), ensure that Label
Distribution Protocol (LDP) and Tag Distribution Protocol (TDP) TCP
connections are established through the ACE by configuring both MPLS routers
connected to the ACE to use the IP address on the ACE interface as the router ID
for LDP or TDP sessions. LDP and TDP allow MPLS routers to negotiate the
labels (addresses) used to forward packets.
You can configure an EtherType ACL on a Layer 2 interface in the inbound
Note
direction only.
On Cisco IOS routers, enter the appropriate command for your protocol: LDP or
TDP. The interface is the interface connected to the ACE:
host1/Admin(config)# mpls ldp router-id interface force
or
host1/Admin(config)# tag-switching tdp router-id interface force
Enter the ACL name in uppercase letters so that the name is easy to see in the
Tip
configuration. You may want to name the ACL for the interface (for example,
INBOUND), or for the purpose (for example, MPLS).
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-17
OL-16202-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 4700M

Related Content for Cisco 4700M

This manual is also suitable for:

4700 series

Table of Contents