From: Robert Slaski (robin@atm.com.pl)
Date: Thu Dec 12 2002 - 20:21:29 GMT-3
Tim Fletcher wrote:
>
> I would have to disagree with this. Turning off ARP only prevents ARP
> requests. Try the following examples in the lab.
>
Ok, I agree, I didn't check in the lab if ARP replies were blocked (this
seemed to be obvious for me, so this is important lesson to remember).
Well, if the requirements did not prohibit us to use L2 access-lists I
would use mac-address access lists as the ultimate weapon to block ARP
replies :-)
(config)# mac access-list extended qwe
(config-ext-macl)# deny any any 0x806 0x0
(config-ext-macl)# permit any any 0x0 0xFFFF
(config-ext-macl)# exit
(config)# in fa0/1
(config-if)# mac access-group qwe in
This will work for sure (just tried this in my lab)
cheers,
mikrobi
-- .
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:44 GMT-3