From: Balaji Siva (bsivasub@gmail.com)
Date: Sat Feb 19 2005 - 03:57:26 GMT-3
I don't quite understand your problem description
But, you can NOT use MAC acl to filter IPv4 ARP. That is not possible AFAIK
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225se/3550scg/swacl.htm#wp1177176
Thanks
Balaji
On Sat, 19 Feb 2005 01:50:09 -0500, nhqky888@ybb.ne.jp
<nhqky888@ybb.ne.jp> wrote:
> Hi,
>
> I tried mac access-list with ARP eth type code as follow,
>
> mac access-list extend arp
> permit any host ffff.ffff.ffff 0x806 0x0
> deny any any
>
> int fa 0/1
> switch access vlan 2
> switch mode access
> mac access-group arp in
>
> int fa 0/2
> switch access vlan 2
> switch mode access
>
> monitor session 1 source interface fa 0/2 rx
> monitor session 1 destina interface fa 0/10
>
> When source port is fa 0/1, all traffic is spaned to destin port,
> when source port is 0/2, only ARP is spaned to destin port,
> ( assume that ingress traffic enters into only fa 0/1)
>
> But other real traffic is filtered on source port cause mac ACL has
> ONLY IN DIRECTION.
>
> If it had OUT direction, I may try to apply it to SPAN destin port.
>
> Any idea?
>
> Thanks,
>
> Katsu
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:23 GMT-3