Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6
Fixed In:
16.0.0, 15.1.0.2, 14.1.2.7
Opened: Nov 25, 2019 Severity: 3-Major
Because the BIG-IP system does not recognize proprietary multicast MAC addresses such as PVST+ (01:00:0c:cc:cc:cd) and STP (01:80:c2:00:00:00), when STP is disabled the system does not drop those frames. Instead the system treats those as L2 multicast frames and forwards between 2 interfaces.
PVST+ (01:00:0c:cc:cc:cd), a proprietary multicast MAC is forwarded instead of discarded, even when STP is disabled.
-- STP disabled -- All platforms except 2000 series, 4000 series, i2000 series, i4000 series and i850.
None.
Traffic with Destination MAC as PVST+ (01:00:0c:cc:cc:cd) or STP (01:80:c2:00:00:00) is sent to the BIG-IP system, egress traffic is monitored to check that MAC is dropped when either or both of the following db variables is enabled or vice-versa: bcm56xxd.rules.badpdu_drop bcm56xxd.rules.lldp_drop