Introduction Associated Logs
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
6-154
In the next example, a residence is provisioned with the static IP address 10.9.9.9. ARP packets are initially used
to populate the system. As part of the provisioning sequence, ARP filtering is then enabled, and the following
classifiers are configured:
Interface Rank Name Field Match(es) Action(s)
--------- ---- --------------- ------------------------------ ----------------
ETH:7.0 51 ipf1 IPSOURCE= 10.10.9.9 FORWARD
COUNT
59 ipf2 IPSOURCE= ANY DROP
The result of this configuration is that IP packets with an IP source of 10.10.9.9 are allowed, and all ARP packets
that do not have this IP source are dropped.
Note that if a count action is present on the IP source filter, the associated counter is not incremented for
matching an ARP packet. If a count action is present on the IP source filter, packets that match the IP are
counted.
Also, the L3 match rule fields present in the classifier must be IP SOURCE; the relevant match rule for ARP fil-
tering must be an IP match.
The only L2 match rule fields that may be present are
PROTOCOL (= IPv4) and optionally VID/INNERVID.
6.11.2 Associated Logs
System logs are associated with ARP filtering. Three logs will be generated with their respective messages as
follows:
• CARDARPFILTERINGFAILED - “ARP Filtering Configuration Failed”
• CARDARPFILTERINGEXCEEDED - “ARP Filtering Resources Exceeded”
• CARDARPFILTERINGNOTSUPPORTED - “ARP Filtering Configuration Not Supported”
6.11.3 Configuring ARP
6.11.3.1 Configuration Procedure
Following is an example of what occurs when ARP filtering is enabled on a system. Refer to Figure 6-5 when
reading the next section of text.
To Next Page
Loading...
Need help?
General
