Re: what is the diffrence between arp acl and mac acl?

From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Mon Oct 06 2008 - 02:11:48 ART

• Next message: nouman abbasi: "Re: Odd / Even Vlans"
• Previous message: Brian Dennis: "Re: MQC fecn"
• Maybe in reply to: Christopher Copley: "what is the diffrence between arp acl and mac acl?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hobbs you are correct

I have seen ARP ACL used in case of Dynamic ARP inspection only .

Well MAC ACL have more usage .. can be defined and used in a vlan
access maps ( Rememeber in a vlan access map we can use a IP access
list or a MAC access list ony ) . MAC ACLs can be used to match based
on ether types and some legacy types ( like DEC-spanning etc etc )

HTH
Gaurav Madan

On Mon, Oct 6, 2008 at 4:36 AM, Hobbs <deadheadblues@gmail.com> wrote:
> MAC address ACLs are just like normal ACLs except you specify MAC address
> and ethertype. You can use them in vlan access-maps ("match mac address") or
> on a L2 interface ("mac access-group") to deny traffic to/from certain mac
> addresses. I believe these are for filtering non-IPv4 traffic (e.g.
> spanning-tree, arp)
>
> ARP ACLs are used to permit/deny specific IP/MAC address pairs inside of ARP
> packets to control spoofing. From the DocCD I gather that ARP ACLs can be
> used for dynamic arp inspection when you don't use DHCP. The ARP ACL is then
> applied with "ip arp inspection" command.
>
> anyone, please correct if I am wrong, I kind of threw this together of the
> top of my dome and a quick browse of doccd:
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swacl.html#wp1331846
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/swdynarp.html
>
> On Sun, Oct 5, 2008 at 3:08 PM, Christopher Copley
> <copley.chris@gmail.com>wrote:
>
>> Group,
>>
>> Can someone tell me the difference between an arp acl and mac acl? I am
>> looking over the syntax and they appear to be similar, but with a couple
>> differences. Also what is the best usage for each? I am not finding
>> allot
>> of detail in any of my books or on the web on them.
>>
>> Thanks,
>> Chris
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: nouman abbasi: "Re: Odd / Even Vlans"
• Previous message: Brian Dennis: "Re: MQC fecn"
• Maybe in reply to: Christopher Copley: "what is the diffrence between arp acl and mac acl?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST