RE: permiting ARP messages in VLAN ACCES-MAP is necesarry ?

Rameez,

You need the ARP allow only when there is an implicit deny, which is why it
was working how you have it. The way you have it configured is cleaner, since
you don't have to allow other layer 2 protocols through as well.

-ryan

From: Rameez Khan [mailto:rameezk1999_at_gmail.com]
Sent: Friday, July 24, 2009 12:25 PM
To: Ryan West
Subject: Re: permiting ARP messages in VLAN ACCES-MAP is necesarry ?

Dear,
Yes i reload the switches n router infact, yes i add implict allow in the end
e.g

access-list 100 permit tcp any any eq telnet
vlan-access map TEST 10
match ip address 100
action drop
vlan-access map TEST 20
action forward
vlan filter TEST vlan-list 20

accordng to IE V4.1 LAB 5, we need to allow ARP mesages also
bt my point is ths tht config is wrkng find even after the reloading of the
routers n switches,
wht do u say, maybe it was a bug in older IOS tht is resolved, or am i missing
a point ?
is the IOS in the CCIE lab needs to do to permit ARP ?
On Fri, Jul 24, 2009 at 7:00 PM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:
Rameez,

Does your VLAN access map have an implicit allow at the end? Have you tried
clearing the ARP cache on the router or switch and tested if you still have
connectivity afterwards?

-ryan

-----Original Message-----
From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
[mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of
Rameez Khan
Sent: Friday, July 24, 2009 11:38 AM
To: Cisco certification
Subject: permiting ARP messages in VLAN ACCES-MAP is necesarry ?

Hello there
I hav a issue regardng vlan access-map, actually i read in IE v4.1 R&s
wkrkbuk lab 5 about VLAN-ACCESS MAP tht we need to permit ARP messages
whnever we hav to use vlan-access map, otherwise we wld lost reachibilty
about particular VLAN after reload or clearing the arp
 e.g

mac access-list extended PERMIT_ARP

permit any any 0x806 0x0

bt my configuration works fine without it,any sugestion ... ?

did we realy need it to do ?

Blogs and organic groups at http://www.ccie.net<http://www.ccie.net/>
Received on Fri Jul 24 2009 - 12:28:35 ART