10-11-2012 06:53 AM - edited 03-07-2019 09:24 AM
Hi,
I am trying to filter ARP answer arriving on a C6500 trunk port, for a specific vlan.
Filtering conditions are:
- packet arrive from vlan ID x on the trunk (on only for this vlan ID)
- source MAC address = xx:xx:xx:xx:xx:xx
Thae aim is that the C6500 with never enter into its CAM table this MAC address.
I looked at several methos like service policy or vlan filter, but no solution for the moment.
Has someone any idea?
Thanks.
P
10-15-2012 01:25 AM
Any idea?
10-15-2012 07:29 AM
Hi,
Try using an ARP ACL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dynarp.html#wp1069116
http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_arp.html#arp_access-list
Sent from Cisco Technical Support iPad App
10-15-2012 09:01 AM
Hi,
thanks for answer.
It unfortunatally answer to my concern.
My aim is to have 2 chassis, let's say C1 & C2, with the same HSRP IP address, active on both chassis (blocking HSRP hello packets between them)
What I want is: a PC connected to C1 send an ARP request: 1) only the ARP answer of chassis C1 is received by the PC. 2) When the ARP request reaches C2, C2 answer is bloked by C1 in order to not have the vMAC learned by C1 on interface that interconnects to C2.
A filter by vlan doesn't work as it will filter both C1 answer & C2 answer. I need to put somewhere as a condition that the ARP request is droped on a specific vlan only if it arrives on the C1 - C2 interconnexion interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide