From: Lab Rat #109385382 (techlist01@gmail.com)
Date: Sat Dec 09 2006 - 02:47:55 ART
Can you elaborate on the proxy-arp solution? How does that apply?
-----Original Message-----
From: Marcus Lasarko [mailto:mlasarko@co.ba.md.us]
Sent: Friday, December 08, 2006 9:46 PM
To: techlist01@gmail.com
Cc: ccielab@groupstudy.com; cisco@groupstudy.com; security@groupstudy.com
Subject: Re: ARP Scenario Question
Greetings Ed,
Sounds like a local-segment thing, so I expect your solution to be
appropriate. "Keeps failing" concerns me more if there are other factors,
aging, proxy-ARP, and so on. I do not have my rack online, but the syntax
looks good as well as the approach to the solution.
Take care,
~M
>>> "Lab Rat #109385382" <techlist01@gmail.com> 12/08/06 11:58 PM >>>
If the question states that "a particular server application on VLAN 100
keeps failing due to ARPs received from a router", what could the possible
resolution be?
I'm thinking a MAC access-list configured to block ARP from the router to
the server? Such as the following:
mac access-list extended ROUTER_ARP
permit host 1234.1234.1234 host 4321.4321.4321 0x806 0x0
vlan access-map V-FILT 10
action drop
match mac address ROUTER_ARP
vlan access-map V-FILT 20
action forward
vlan filter V-FILT vlan-list 100
So, if ARP filtered before reaching the server will allow the application to
work, will the above do the trick?
Thanks,
Ed
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART