From: gladston@br.ibm.com
Date: Wed May 04 2005 - 10:14:17 GMT-3
How would you identify ARP packets besides using "match protocol arp"?
I am using match protocol arp on 2550 with 12.2T but it does not match arp packets:
This confims the router received arp request:
*Apr 14 12:02:59.067: IP ARP: rcvd req src 172.16.36.6 0010.7b81.0b76, dst 172.16.36.200 Ether
net0
*Apr 14 12:02:59.075: IP ARP: sent rep src 172.16.36.200 0010.7b80.dc6c,
dst 172.16.36.6 0010.7b81.0b76 Ethernet0
This shows it is not counting on match protocol arp:
r3#sh policy-map interface e0
Ethernet0
Service-policy input: Test
Class-map: Test (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol arp
police:
cir 1000000 bps, bc 31250 bytes, be 31250 bytes
conformed 0 packets, 0 bytes; actions:
set-dscp-transmit af11
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
72 packets, 6928 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
r3#
This is the configuration:
class-map match-all Test
match protocol arp
!
policy-map Test
class Test
police cir 1000000
conform-action set-dscp-transmit af11
exceed-action drop
violate-action drop
!
interface Ethernet0
ip address 172.16.36.100 255.255.255.0 secondary
ip address 172.16.36.200 255.255.255.0 secondary
ip address 172.16.36.3 255.255.255.0
ip verify unicast source reachable-via rx 130
service-policy input Test
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3