ARP ACL Overview
ARP ACL can be used to permit or deny the ARP packets, based on the ARP request or response option configured.
Topology
Figure 72. ARP ACL Sample Topology
ARP ACL Configuration
|
#configure terminal |
Enter configure mode. |
|
(config)#interface ge4 |
Enter interface mode |
|
(config-if)#ip address 11.11.11.11/24 |
Assign IPv4 address. |
|
(config-if)#exit |
Exit access list mode. |
|
(config)#commit |
Commit the candidate configurations to the running configurations |
|
(config)#mac access-list m1 |
Enter mac access list mode. |
|
(config-mac-acl)#permit any any vlan 6 |
Create an access rule to permit any IPv6 packet |
|
(config-mac-acl)#permit 0000.0215.2151 0000.0000.0011 any vlan 3 |
Create an access rule to permit specific ARP response. |
|
(config-mac-acl)#exit |
Exit access list mode. |
|
(config)#commit |
Commit the candidate configurations to the running configurations |
|
(config)#interface ge4 |
Enter interface mode. |
|
(config-if)#mac access-group m1 in |
Apply access group mac1 for inbound traffic to the interface. |
|
(config-if)#commit |
Commit the candidate configurations to the running configurations |
|
(config-if)#end |
Exit interface and configure mode. |
Validation
Use the commands below to assign IP address on IXIA and ping from IXIA.
#show mac access-lists
MAC access list mac1
10 permit host 0000.3AE0.456D any arp request [match=1]
20 permit host 0000.3AE0.456D any arp response [match=1]
30 permit any any ipv4 [match=1]
default deny-all