RE: permiting ARP messages in VLAN ACCES-MAP is necesarry ?

I thought and correct me if im wrong here, non ip stuff only gets denied if
there is a mac access list. So if you just do ip then you don't need to
allow arp. But if you went any denied appletalk or something with a mac
access list then you would need to permit arp and depending what is running
a bunch of other stuff as well.

cheers

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Scott Morris
Sent: Saturday, July 25, 2009 10:08 AM
To: Rameez Khan
Cc: Cisco certification
Subject: Re: permiting ARP messages in VLAN ACCES-MAP is necesarry ?

Keep in mind that your arp timeout is 4 hours on a Cisco switch. So you
may THINK everything's good.... But try clearing your cache and/or
rebooting! :)

*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,

JNCIE-M #153, JNCIS-ER, CISSP, et al.

JNCI-M, JNCI-ER

evil_at_ine.com

Internetwork Expert, Inc.

http://www.InternetworkExpert.com

Toll Free: 877-224-8987

Outside US: 775-826-4344

Knowledge is power.

Power corrupts.

Study hard and be Eeeeviiiil......

Rameez Khan wrote:
> Hello there
> I hav a issue regardng vlan access-map, actually i read in IE v4.1 R&s
> wkrkbuk lab 5 about VLAN-ACCESS MAP tht we need to permit ARP messages
> whnever we hav to use vlan-access map, otherwise we wld lost reachibilty
> about particular VLAN after reload or clearing the arp
> e.g
>
> mac access-list extended PERMIT_ARP
>
> permit any any 0x806 0x0
>
> bt my configuration works fine without it,any sugestion ... ?
>
> did we realy need it to do ?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Jul 25 2009 - 12:27:55 ART