[c-nsp] Blocking IS-IS traffic

Aaron dudepron at gmail.com
Fri Jan 18 11:25:05 EST 2008


I would recheck the configuration of the port since you typically need to
explicitly enable ISIS on the interface.

Aaron

On Jan 18, 2008 9:49 AM, Oliver Boehmer (oboehmer) <oboehmer at cisco.com>
wrote:

> Agree with Rubens. If you absolutely need to run IS-IS on a Vlan where
> you also have hosts which you don't have control over (which is a very
> bad idea), enable IS-IS authentication..
>
>        oli
>
> Rubens Kuhl Jr. <> wrote on Friday, January 18, 2008 3:29 PM:
>
> > IS-IS is carried by OSI, not IP; you should try finding the ethertype
> > it's using (maybe 00FE or FEFE) and use a MAC ACL to filter the OSI
> > traffic.
> >
> > Converting to an IP routerport without IS-IS attached would achieve
> > better isolation, is it possible on this scenario ? We strongly prefer
> > to use routerports on connections to customers/peers/upstreams, and
> > even there we filter IP multicast traffic.
> >
> >
> > Rubens
> >
> >
> >
> > On Jan 18, 2008 9:39 AM, Ulysses Maciel da Costa
> > <ulysses.costa at egs.com.br> wrote:
> >> Hi,
> >>
> >>
> >> I have a vlan in my router's switchport, and I receive a link from
> >> other company. Last week my network goes down. I analyze my network
> >> and saw a lot of IS-IS packets. By the way, my routes inside this
> >> vlan are static. I've tried to create an ACL inside my vlan to block
> >> these IS-IS packets attached with his ports(2042,2043), without
> >> success.
> >>
> >>
> >>
> >> Someone could help me to do an efficient ACL to block this traffic?
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list