If you do not specify a sequence number, the device assigns to the rule a sequence number that is 10 greater
than the last rule in the ACL.
When the device applies an ARP ACL to a packet, it evaluates the packet with every rule in the ACL. The
device enforces the first rule that has conditions that are satisfied by the packet. When the conditions of more
than one rule are satisfied, the device enforces the rule with the lowest sequence number.
If you do not specify either the response or request keyword, the rule applies to packets that contain any
ARP message.
This command does not require a license.
Examples
This example shows how to enter ARP access list configuration mode for an ARP ACL named arp-acl-01
and add a rule that denies ARP request messages that contain a sender IP address that is within the 10.32.143.0
subnet:
switch# conf t
switch(config)# arp access-list arp-acl-01
switch(config-arp-acl)# deny request ip 10.32.143.0 255.255.255.0 mac any
Related Commands
DescriptionCommand
Configures an ARP ACL.arp access-list
Applies an ARP ACL to a VLAN.ip arp inspection filter
Configures a permit rule in an ARP ACL.permit (ARP)
Configures a remark in an ACL.remark
Displays all ARP ACLs or one ARP ACL.show arp access-list
Cisco Nexus 7000 Series Security Command Reference
227
D Commands
deny (ARP)
To Next Page
Loading...
