From: Hobbs (deadheadblues@gmail.com)
Date: Sun Oct 05 2008 - 20:06:38 ART
MAC address ACLs are just like normal ACLs except you specify MAC address
and ethertype. You can use them in vlan access-maps ("match mac address") or
on a L2 interface ("mac access-group") to deny traffic to/from certain mac
addresses. I believe these are for filtering non-IPv4 traffic (e.g.
spanning-tree, arp)
ARP ACLs are used to permit/deny specific IP/MAC address pairs inside of ARP
packets to control spoofing. From the DocCD I gather that ARP ACLs can be
used for dynamic arp inspection when you don't use DHCP. The ARP ACL is then
applied with "ip arp inspection" command.
anyone, please correct if I am wrong, I kind of threw this together of the
top of my dome and a quick browse of doccd:
On Sun, Oct 5, 2008 at 3:08 PM, Christopher Copley
<copley.chris@gmail.com>wrote:
> Group,
>
> Can someone tell me the difference between an arp acl and mac acl? I am
> looking over the syntax and they appear to be similar, but with a couple
> differences. Also what is the best usage for each? I am not finding
> allot
> of detail in any of my books or on the web on them.
>
> Thanks,
> Chris
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST