[c-nsp] Port-based EoMPLS treatment of l2protocol packets

Saku Ytti saku at ytti.fi
Thu Feb 6 11:20:09 EST 2014


On (2014-02-06 09:54 -0500), Jason Lixfeld wrote:

> End-to-end port-based eompls shouldn't care about tunneled PDUs coming in on a customer facing port, should it?
> 
> Or are you referring to a non-eompls environment on at least one of the customer-facing ends? (ie: dot1q-tunnel + forwarding | tunneling of whatever L2 BPDUs might be supported by that port)

Yes. If you tunnel, you cannot receive tunnel MACs in the lan side (so
customer itself cannot run L2PT over your service, or otherwise use such
switches)
I think it's security measure, to avoid some customer of customer from sending
tunneled BPDU, which would be translated by your kit on far-end to legit BPDU.
Even though if original source port had BPDUfilter or BPDUguard.

-- 
  ++ytti


More information about the cisco-nsp mailing list