Blocking of Ethertypes

This test checks that a customer cannot send any unsupported protocols (Ethertypes) into the access network. All packets from unsupported protocols must be silently dropped when received.

If IPv4 is in use, packets with Ethertype 0×0800 (IPv4) and 0×0806 (ARP) should be accepted.

If IPv6 is in use, packets with Ethertype 0×86dd (IPv6) should be accepted.

Impact: MITM, DoS

Test process

  • Malicious sends packets with different Ethertypes to ISP:
    • IPV6
    • Frame Relay ARP
    • Raw Frame Relay
    • DEC LANBridge
    • Appletalk
    • IBM SNA
    • Appletalk ARP
    • Novell 8137
    • Novell 8138
    • MPLS
    • PPP
    • PPPoE Session State
    • PPPoE Discovery State
    • 3COM XNS Sys Mgmt
    • 3COM TCP-IP Sys
    • 3COM loop detect
    • SNMP
    • Ethernet 802.3 100 bytes
    • Ethernet 802.3 500 bytes
    • Ethernet 802.3 1000 bytes

Fail criteria

  • Any packet with a disallowed Ethertype arrives at ISP.


This test conforms to SEC Access Certification ID "SEC-CM-OTHER-1".



  • Malicious Customer: A customer interface performing malicious actions.
  • Customer: An interface acting as a customer that Malicious Customer will affect.
  • ISP: A central node on a trusted port. The test requires that the ISP reside in the same Layer 2 network as the customers.


  • Check type: Here you decide whether or not specific Ethertypes should be tested. All tested Ethertypes need to be blocked. The default is Yes for all Ethertypes.
Have more questions? Submit a request


Powered by Zendesk