From: Fowlie, Colin (Colin.Fowlie@aliant.ca)
Date: Thu Mar 04 2004 - 13:51:59 GMT-3
What you're looking at is the mac-address-table. This is the forwarding table that is built by the switch. It is not an arp entry. The switch is simply creating the mac table entry based on the source MAC address of a frame received from the host on a particular port. This perfectly fine as long as the arp entries don't show up on R4 and R6.
Colin
-----Original Message-----
From: alsontra@hotmail.com [mailto:alsontra@hotmail.com]
Sent: Thursday, March 04, 2004 2:34 PM
To: ccielab@groupstudy.com
Subject: 3550 mac-address-table - VACL
Group,
I've applied a vlan access-map that essentially denies arp requests
to any host on vlan 162. The access-map creates the desired effect with the
exception of the switch. I've rebooted and clear all dynamic entries a number
of times. Is this normal behavior?
The 3550 gets an arp request, adds it to its local mac-addres-table, but will
not forward if a vlan access-map forbids the action?
Topology:
R6---SW2----R4
VLAN map denies arp on vlan 162, which connects them. Although the devices
cannot arp through the 3550, the retains arp entries for both devices. Its not
a big deal because the vlan access-map is doing its job, it just a little
confusing to still see arp entries when you think arp is being denied.
SW1#
162 000d.bc24.c80e DYNAMIC Po1
162 0050.d15f.7420 DYNAMIC Po1
162 00e0.1ece.4a68 DYNAMIC Fa0/24
Thanks,
Alsontra
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:14 GMT-3