Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Controlling CDP protocol using ACL

Hi

One of my clients asked me the below requirement.

"I wan to run CDP to all my Cisco Devices but under an ACL. The CDP will run only my LAN/WAN Devices which is allowed by IP/MAC address through an ACL.Only match IP addresses device will talk/communicate with each other."

I want to know if it is possible to meet the requirement using ACL ..

And I also know that it can be done using Cisco ISE,RADIUS-Authorization feature. but as client wants to do it by ACL , so I need a specific answer.

Best Regards

ARIQ

Everyone's tags (3)
2 REPLIES

as I know CDP is layer 2

as I know CDP is layer 2 protocol. so you can not block it using match IP address ACL.

you can block it using layer 2 ACL with source mac address and destination multicast mac address CDP.

layer 2 ACL only supported in switches. not routers.

I actually never tryed to do so.

Ariq,

Ariq,

this is a quite unusual requirement and I don't know what benefit your customer expects from it.

However, I think you could try to use the Embedded Event Manager (EEM).

As you probably know, you can enable or disable CDP on a per-interface basis. With EEM you could use link-down events to disable CDP on a link and link-up events to verify that the connected device is allowed and then enable CDP on the link.

I'm sure you'll find help with writing an applet or script for this in the EEM section of this forum.

HTH
Rolf

37
Views
0
Helpful
2
Replies