Controlling CDP, IPv6, and IEEE 802.1X
As Chapter 11 discusses, CDP can cautiously be disabled on all admission ports except on ports
connecting to Cisco IP phones. This is because they await on CDP to accommodate Power over
Ethernet (PoE) and the articulation VLAN ID. The ACL in Example 14-4 already prevented CDP
packets from extensive the axial processor. For added advice on this ACL, see Chapter 11.
Even if IPv6 is forwarded in accouterments on best Layer 3 switches, it is still process-switched
by the axial processor on some earlier platforms. If such switches are abounding with normal
IPv6 packets, this leads to astringent issues because the axial processor has a CPU utilization
of 100 percent. A acceptable IPv6 architecture consistently relies on hardware-assisted IPv6 forwarding in
switches. If this is not possible, a amount attached of IPv6 cartage needs to be put in place. IPv6
packets accept an Ethertype of 86DD.
Another agreement that ability be appropriate is IEEE 802.1X. (For added advice about
IEEE 802.1X, see Chapter 17, “Identity-Based Networking Services with 802.1X.”) The
default agreement is to accept this agreement disabled, but be acquainted that this agreement is yet
another ascendancy even protocol. When IEEE 802.1X is enabled, install a amount limiter by
configuring affection of account (QoS) commands for Ethertype 888E.
Example 14-7 defines a MAC ACL that can ascertain a chic of cartage to be policed on a
Catalyst 6500 with a Sup 720 active 12.2(18)SXF5.
MAC ACL to Ascertain the IPv6 and 802.1X Classes
IOS(config)# mac access-list continued NEITHER_IPV6_NOR_DOT1X
IOS(config-ext-macl)# admittance any any 888E 0
IOS(config-ext-macl)# admittance any any 86DD 0
IOS(config-ext-macl)# exit