RE: Identify ARP

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Thu May 05 2005 - 11:55:54 GMT-3

• Next message: gladston@br.ibm.com: "RE: Identify ARP"
• Previous message: Ed Lui: "Re: GLBP in Lab Exam [bcc][faked-from]"
• Maybe in reply to: gladston@br.ibm.com: "Identify ARP"
• Next in thread: gladston@br.ibm.com: "RE: Identify ARP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Not on the router, I mean on a switch in the transit path (like the 3550).

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

________________________________________
From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
Sent: Thursday, May 05, 2005 7:39 AM
To: Brian McGahan; swm@emanon.com
Cc: ccielab@groupstudy.com
Subject: RE: Identify ARP

It does not work either. At least not on 2500 with 12.2T:

 class-map match-all Test
  match access-group 200
!
 policy-map Test
  class Test
   police cir 1000000
     conform-action set-dscp-transmit af11
     exceed-action drop
     violate-action drop
!
interface Ethernet0
 ip address 172.16.36.100 255.255.255.0 secondary
 ip address 172.16.36.200 255.255.255.0 secondary
 ip address 172.16.36.33 255.255.255.0 secondary
 ip address 172.16.36.3 255.255.255.0
 ip verify unicast source reachable-via rx 130
 ip accounting access-violations
 service-policy input Test
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
!
access-list 200 permit 0x0806 0x0000

r3#deb arp
ARP packet debugging is on

r3(config)#int e0
r3(config-if)#ip address 172.16.36.133 255.255.255.0 se

*Apr 15 11:32:42.285: IP ARP: rcvd req src 172.16.36.6 0010.7b81.0b76, dst 172.16.36
.133 Ethernet0
*Apr 15 11:32:42.289: IP ARP: sent rep src 172.16.36.133 0010.7b80.dc6c,
                 dst 172.16.36.6 0010.7b81.0b76 Ethernet0

r3#sh policy-map interface e0
 Ethernet0

  Service-policy input: Test

    Class-map: Test (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 200
      police:
          cir 1000000 bps, bc 31250 bytes, be 31250 bytes
        conformed 0 packets, 0 bytes; actions:
          set-dscp-transmit af11
        exceeded 0 packets, 0 bytes; actions:
          drop
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps

    Class-map: class-default (match-any)
      9258 packets, 849624 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
r3#

It is matching default class. Any ideas?

Cordially,
------------------------------------------------------------------
Gladston

"Brian McGahan" <bmcgahan@internetworkexpert.com>
04/05/2005 12:10
To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR, <ccielab@groupstudy.com>
cc

Subject
RE: Identify ARP

Match it in the layer 2 transit path with EtherType 0x806.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> gladston@br.ibm.com
> Sent: Wednesday, May 04, 2005 8:14 AM
> To: ccielab@groupstudy.com
> Subject: Identify ARP
>
> How would you identify ARP packets besides using "match protocol arp"?
>
> I am using match protocol arp on 2550 with 12.2T but it does not match
arp
> packets:
>
> This confims the router received arp request:
>
>
> *Apr 14 12:02:59.067: IP ARP: rcvd req src 172.16.36.6 0010.7b81.0b76,
dst
> 172.16.36.200 Ether
> net0
> *Apr 14 12:02:59.075: IP ARP: sent rep src 172.16.36.200
0010.7b80.dc6c,
> dst 172.16.36.6 0010.7b81.0b76 Ethernet0
>
> This shows it is not counting on match protocol arp:
>
> r3#sh policy-map interface e0
> Ethernet0
>
> Service-policy input: Test
>
> Class-map: Test (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol arp
> police:
> cir 1000000 bps, bc 31250 bytes, be 31250 bytes
> conformed 0 packets, 0 bytes; actions:
> set-dscp-transmit af11
> exceeded 0 packets, 0 bytes; actions:
> drop
> violated 0 packets, 0 bytes; actions:
> drop
> conformed 0 bps, exceed 0 bps, violate 0 bps
>
> Class-map: class-default (match-any)
> 72 packets, 6928 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> r3#
>
> This is the configuration:
>
>
> class-map match-all Test
> match protocol arp
> !
> policy-map Test
> class Test
> police cir 1000000
> conform-action set-dscp-transmit af11
> exceed-action drop
> violate-action drop
> !
> interface Ethernet0
> ip address 172.16.36.100 255.255.255.0 secondary
> ip address 172.16.36.200 255.255.255.0 secondary
> ip address 172.16.36.3 255.255.255.0
> ip verify unicast source reachable-via rx 130
> service-policy input Test
>
>

• Next message: gladston@br.ibm.com: "RE: Identify ARP"
• Previous message: Ed Lui: "Re: GLBP in Lab Exam [bcc][faked-from]"
• Maybe in reply to: gladston@br.ibm.com: "Identify ARP"
• Next in thread: gladston@br.ibm.com: "RE: Identify ARP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3