I am not aware of full picture of your network but what I meant was why don't you use l2 acl on respective port and choose smac X (some specifc MAC) and dst mac Y which you want to pass thru for this neighbor rest you can drop/deny or visa-versa,moreover we have several other matching criterias as well mentioned below to distinguish the stream/packet which can help to avoid blocking for other neighbors.I am sure if you play around these you will able to achieve what you looking for
<0x1-0xffff> An Ethertype Number in hex capture Capture matched packet cos Class of Service dei Discard Eligibility Indication inner-cos Class of Service of Inner Header inner-dei Discard Eligibility Indication for Inner Header inner-vlan Enter a vlan id or range of vlan ids of the Inner Header vlan Enter a vlan id or range of vlan ids
In core of our network are ASR9010 in full-mesh VPLS. From VPLS are xconnects to access switches ME3600x.
For example in vlan 12 (l2 vpn in ASR9000) are 50.000 MAC's. And only 10 of them (PPPoE BRAS) need to communicate with subscribers connected to ME3600x. So, to avoid many broadcasts and huge of MAC's in this vlan on ME3600x I need to permit someway communication only with 10 MAC's from core xconnect.
We also have catalyst switches connected to ASR9010 with l2 interfaces. On these interfaces I applied ethernet-services access-lists with needed rules. All works well.
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...