Some examples are:
- When extending a L2 segmento to another datacenter
- When interconnecting 2 CORE infrastrutures with diferent vlan IDs.
Obviously, this is done using best pratices such as having a single connection between these points using aggregation (LACP) port-channels between the sites or MPLS.
So, the solution to apply to a specific port is to build a l2 acl like this one:
ethernet-services access-list block-invalid-frames
10 deny any 0180.c200.0000 0000.0000.000f 20 deny any host 0180.c200.0010 30 deny any host 0100.0c00.0000 40 deny any host 0100.0ccc.cccc 50 deny any host 0100.0ccc.cccd 60 deny any host 0100.0ccd.cdce 70 permit any any
No comments:
Post a Comment