I am trying to filter ARP answer arriving on a C6500 trunk port, for a specific vlan.
Filtering conditions are:
- packet arrive from vlan ID x on the trunk (on only for this vlan ID)
- source MAC address = xx:xx:xx:xx:xx:xx
Thae aim is that the C6500 with never enter into its CAM table this MAC address.
I looked at several methos like service policy or vlan filter, but no solution for the moment.
Has someone any idea?
Try using an ARP ACL:
Sent from Cisco Technical Support iPad App
thanks for answer.
It unfortunatally answer to my concern.
My aim is to have 2 chassis, let's say C1 & C2, with the same HSRP IP address, active on both chassis (blocking HSRP hello packets between them)
What I want is: a PC connected to C1 send an ARP request: 1) only the ARP answer of chassis C1 is received by the PC. 2) When the ARP request reaches C2, C2 answer is bloked by C1 in order to not have the vMAC learned by C1 on interface that interconnects to C2.
A filter by vlan doesn't work as it will filter both C1 answer & C2 answer. I need to put somewhere as a condition that the ARP request is droped on a specific vlan only if it arrives on the C1 - C2 interconnexion interface.