cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1868
Views
0
Helpful
2
Replies

Controlling CDP protocol using ACL

Ariq Ibne Aziz
Level 1
Level 1

Hi

One of my clients asked me the below requirement.

"I wan to run CDP to all my Cisco Devices but under an ACL. The CDP will run only my LAN/WAN Devices which is allowed by IP/MAC address through an ACL.Only match IP addresses device will talk/communicate with each other."

I want to know if it is possible to meet the requirement using ACL ..

And I also know that it can be done using Cisco ISE,RADIUS-Authorization feature. but as client wants to do it by ACL , so I need a specific answer.

Best Regards

ARIQ

2 Replies 2

Tagir Temirgaliyev
Spotlight
Spotlight

as I know CDP is layer 2 protocol. so you can not block it using match IP address ACL.

you can block it using layer 2 ACL with source mac address and destination multicast mac address CDP.

layer 2 ACL only supported in switches. not routers.

I actually never tryed to do so.

Rolf Fischer
Level 9
Level 9

Ariq,

this is a quite unusual requirement and I don't know what benefit your customer expects from it.

However, I think you could try to use the Embedded Event Manager (EEM).

As you probably know, you can enable or disable CDP on a per-interface basis. With EEM you could use link-down events to disable CDP on a link and link-up events to verify that the connected device is allowed and then enable CDP on the link.

I'm sure you'll find help with writing an applet or script for this in the EEM section of this forum.

HTH
Rolf

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: