Chapter 10
| Access Control Lists
ARP ACLs
– 345 –
permit, deny
(ARP ACL
)
This command adds a rule to an ARP ACL. The rule filters packets matching a
specified source or destination address in ARP messages. Use the
no
form to
remove a rule.
Syntax
[
no
] {
permit
|
deny
}
ip
{
any
|
host
source-ip | source-ip ip-address-bitmask}
{
any
|
host
destination-ip | destination-ip ip-address-bitmask}
mac
{
any
|
host
source-mac | source-mac mac-address-bitmask}
[
any
|
host
destination-mac | destination-mac mac-address-bitmask] [
log
]
This form indicates either request or response packets.
[
no
] {
permit
|
deny
}
request
ip
{
any
|
host
source-ip | source-ip ip-address-bitmask}
{
any
|
host
destination-ip | destination-ip ip-address-bitmask}
mac
{
any
|
host
source-mac | source-mac mac-address-bitmask}
[
any
|
host
destination-mac | destination-mac mac-address-bitmask] [
log
]
[
no
] {
permit
|
deny
}
response
ip
{
any
|
host
source-ip | source-ip ip-address-bitmask}
{
any
|
host
destination-ip | destination-ip ip-address-bitmask}
mac
{
any
|
host
source-mac | source-mac mac-address-bitmask}
[
any
|
host
destination-mac | destination-mac mac-address-bitmask] [
log
]
source-ip – Source IP address.
destination-ip – Destination IP address with bitmask.
ip-address-bitmask
7
– IPv4 number representing the address bits to match.
source-mac – Source MAC address.
destination-mac – Destination MAC address range with bitmask.
mac-address-
bitmask
7
– Bitmask for MAC address (in hexadecimal format).
log
- Logs a packet when it matches the access control entry.
Default Setting
None
Command Mode
ARP ACL
Command Usage
New rules are added to the end of the list.
7. For all bitmasks, binary “1” means relevant and “0” means ignore.
To Next Page
Loading...
Need help?
General