RE: Deny ARP Catalyst
From: alsontra@hotmail.com
Date: Sun Jan 09 2005 - 08:34:43 GMT-3
Tim,
Yes, I used vlan 1 as it was immaterial to the configuration. As far as
ethertypes and saps on the Doc-cd, I've never been able to find them. Not
positive, but I think is the bulk of what's tested. Like I know what's
tested. :)
SAP NETBois 0xF0F0 0x0101
SAP SNA 0x0000 0xD0D0 ("04-05 for the R&S Lab, I think")
SAP ISIS 0xFE
SAP STP 0x42
Ethertype IP 0x800
Ethertype IP_ARP 0x806
Check the links below for more info or google them:
http://www.cisco.com/warp/public/473/111_12.html
http://standards.ieee.org/regauth/llc/llctutorial.html
Thanks,
Al
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Sunday, January 09, 2005 5:12 PM
To: alsontra@hotmail.com; 'Elson Burrao'; ccielab@groupstudy.com
Subject: Re: Deny ARP Catalyst
Al,
That config looks corect except possibly for one thing:
vlan filter DENY_MAC vlan-list 1 <-- s/b the vlan in
which the denied host resides, I believe.
BTW, if I couldn't remember the code for ARP, 0x806 0x0,
do you know where I'd find that on the Doc CD?
TIA, Tim
----- Original Message -----
From: <alsontra@hotmail.com>
To: "'Elson Burrao'" <eburrao@yahoo.com>; <ccielab@groupstudy.com>
Sent: Sunday, January 09, 2005 4:33 AM
Subject: RE: Deny ARP Catalyst
> VLAN ACCESS-MAP (VACL)
>
> 0050.3eef.6260 = arp challenged host ( or soon to be )
>
> 0x806 0x0 = IP_ARP
>
> mac access-list extended DENY_ARP
> permit host 0050.3eef.6260 any 0x806 0x0
> !
> !
> vlan access-map DENY_MAC 10
> action drop
> match mac address DENY_ARP
> vlan access-map DENY_MAC 20
> action forward
> vlan filter DENY_MAC vlan-list 1
>
> .someone correct me if I've made a mistake..
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/s
> wacl.htm#wp1176911
>
> HTH
> Al
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Elson Burrao
> Sent: Sunday, January 09, 2005 3:05 PM
> To: ccielab@groupstudy.com
> Subject: Deny ARP Catalyst
>
> Hello All,
>
> How can I deny arp requests from a specific host? On the 3560 I do have
"arp
> access-list" command, but I couldn't find anything on the 3550.
>
> Any input will be very much appreciated
>
> Thanks
>
> E
>
>
> ---------------------------------
> Do you Yahoo!?
> The all-new My Yahoo! � Get yours free!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004
This archive was generated by hypermail 2.1.4
: Wed Feb 02 2005 - 22:10:21 GMT-3