Chapter 9
| Access Control Lists
ARP ACLs
– 289 –
permit, deny
(ARP ACL)
This command adds a rule to an ARP ACL. The rule filters packets matching a
specified source or destination address in ARP messages. Use the
no
form to
remove a rule.
Syntax
[
no
] {
permit
|
deny
}
ip
{
any
|
host
source-ip
|
source-ip ip-address-bitmask
}
mac
{
any
|
host
source-ip
|
source-ip ip-address-bitmask
}
This form indicates either request or response packets.
[
no
] {
permit
|
deny
}
request
ip
{
any
|
host
source-ip
|
source-ip ip-address-bitmask
}
mac
{
any
|
host
source-mac
|
source-mac mac-address-bitmask
}
[
no
] {
permit
|
deny
}
response
ip
{
any
|
host
source-ip
|
source-ip ip-address-bitmask
}
{
any
|
host
destination-ip | destination-ip ip-address-bitmask
}
mac
{
any
|
host
source-mac
|
source-mac mac-address-bitmask
}
[
any
|
host
destination-mac
|
destination-mac mac-address-bitmask
]
source-ip
– Source IP address.
destination-ip
– Destination IP address with bitmask.
ip-address-bitmask
6
– IPv4 number representing the address bits to match.
source-mac
– Source MAC address.
destination-mac
– Destination MAC address range with bitmask.
mac-address-bitmask
6
– Bitmask for MAC address (in hexadecimal format).
Default Setting
None
Command Mode
ARP ACL
Command Usage
New rules are added to the end of the list.
Example
This rule permits packets from any source IP and MAC address to the destination
subnet address 192.168.0.0.
Console(config-arp-acl)#$permit response ip any 192.168.0.0 255.255.0.0 mac
any any
Console(config-mac-acl)#
6. For all bitmasks, binary “1” means care and “0” means ignore.
Summary of Contents for EX-3524
Page 2: ......
Page 28: ...Figures 28 ...
Page 34: ...Section I Getting Started 34 ...
Page 58: ...Chapter 1 Initial Switch Configuration Setting the System Clock 58 ...
Page 72: ...Chapter 2 Using the Command Line Interface CLI Command Groups 72 ...
Page 156: ...Chapter 5 SNMP Commands Notification Log Commands 156 ...
Page 164: ...Chapter 6 Remote Monitoring Commands 164 ...
Page 218: ...Chapter 7 Authentication Commands Management IP Filter 218 ...
Page 268: ...Chapter 8 General Security Measures Port based Traffic Segmentation 268 ...
Page 292: ...Chapter 9 Access Control Lists ACL Information 292 ...
Page 312: ...Chapter 10 Interface Commands Power Savings 312 ...
Page 324: ...Chapter 11 Link Aggregation Commands Trunk Status Display Commands 324 ...
Page 366: ...Chapter 15 Address Table Commands 366 ...
Page 428: ...Chapter 17 VLAN Commands Configuring Voice VLANs 428 ...
Page 572: ...Chapter 25 IP Interface Commands IPv6 Interface 572 ...
Page 578: ...Section I Appendices 578 ...