15-33
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Using VACLs in Your Network
• Displaying ARP Traffic-Inspection Statistics, page 15-36
• Clearing the ARP Traffic-Inspection Statistics, page 15-37
Configuring Rate Limiting for ARP Traffic Inspection
• Configuring Rate Limiting on a Global Basis, page 15-37
• Configuring Rate Limiting on a Per-Port Basis, page 15-38
• Configuring the errdisable-timeout Option for ARP Traffic Inspection, page 15-38
Configuring Logging for ARP Traffic Inspection
• Configuring Logging for ARP Traffic Inspection, page 15-39
Permitting or Denying ARP Packets Advertising a Specific IP-Address-to-MAC-Address Binding
To permit or deny the ARP packets that advertise a binding for a specific IP address and MAC address,
perform this task in privileged mode:
This example shows how to permit the ARP packets that advertise a binding of IP address 172.20.52.54
to MAC address 00-01-64-61-39-c2:
Console> (enable) set security acl ip ACL1 permit arp-inspection host 172.20.52.54
00-01-64-61-39-c2
Operation successful.
Console> (enable) commit security acl ACL1
Console> (enable) ACL commit in progress.
ACL 'ACL1' successfully committed.
Permitting or Denying ARP Packets Advertising a Particular IP Address Binding
To permit or deny the ARP packets that advertise a binding for the specified IP address, perform this task
in privileged mode:
Task Command
Step 1
Permit or deny the ARP packets that advertise a
binding for a specific IP address and MAC address.
set security acl ip acl_name {permit | deny}
arp-inspection host ip_address mac_address
Step 2
Commit the VACL. commit security acl {acl_name | all |
adjacency}
Task Command
Step 1
Permit or deny the ARP packets that advertise a
binding for the specified IP address.
set security acl ip acl_name {permit | deny}
arp-inspection host ip_address any
Step 2
Commit the VACL. commit security acl {acl_name | all |
adjacency}
To Next Page
Loading...
