arp access-group
Use this command to attach an ARP access list to an interface to filter incoming ARP packets.
When you attach an ARP access list to a VLAN or LAG
Link Aggregation Group interface as well as to a physical interface that is a member of that LAG and/or VLAN interface, the priority order is:
- VLAN interface
- LAG interface
- Physical interface
For example, if you attach access lists to both a LAG interface and a physical interface that is a member of that LAG, matching traffic rules are applied to the LAG interface, but not to the physical interface.
Use the no form of this command to detach an ARP access group.
- An ARP access-list is supported only on switch ports.
- To attach an ARP access-group to an interface, the
ingress-arpTCAM group should be enabled. See the hardware-profile filter (XGS) command for more details.
Command Syntax
Copy
arp access-group NAME in
no arp access-group NAME inParameters
NAME
ARP Access list name
Command Mode
Interface mode
Applicability
This command was introduced in OcNOS version 1.3.6
Example
Copy
#configure terminal
(config)#arp access-list arp1
(config-arp-acl)#permit ip any mac any
(config-arp-acl)#exit
(config)#interface xe1
(config-if)#arp access-group arp1 in
(config-if)#exit
(config)#interface xe1
(config-if)#no arp access-group arp1 in
(config-if)#exit