ARP ACL Overview
ARP ACL can be used to permit or deny the ARP packets, based on the ARP request or response option configured.
Topology
Figure 22-42: ARP ACL Sample Topology
ARP ACL Configuration
#configure terminal | Enter configure mode. |
(config)#interface ge4 | Enter interface mode |
(config-if)#ip address 11.11.11.11/24 | Assign IPv4 address. |
(config-if)#exit | Exit access list mode. |
(config)#commit | Commit the candidate configurations to the running configurations |
(config)#mac access-list m1 | Enter mac access list mode. |
(config-mac-acl)#permit any any vlan 6 | Create an access rule to permit any IPv6 packet |
(config-mac-acl)#permit 0000.0215.2151 0000.0000.0011 any vlan 3 | Create an access rule to permit specific ARP response. |
(config-mac-acl)#exit | Exit access list mode. |
(config)#commit | Commit the candidate configurations to the running configurations |
(config)#interface ge4 | Enter interface mode. |
(config-if)#mac access-group m1 in | Apply access group mac1 for inbound traffic to the interface. |
(config-if)#commit | Commit the candidate configurations to the running configurations |
(config-if)#end | Exit interface and configure mode. |
Validation
Use the commands below to assign IP address on IXIA and ping from IXIA.
#show mac access-lists
MAC access list mac1
10 permit host 0000.3AE0.456D any arp request [match=1]
20 permit host 0000.3AE0.456D any arp response [match=1]
30 permit any any ipv4 [match=1]
default deny-all
Last modified date: 10/19/2023