RE: permiting ARP messages in VLAN ACCES-MAP is necesarry ?

I have a VLAN ACL in place on my produciton network and I don't have a mac ACL allowing ARP. But i do have a specific entry allowing communicaiton to the default-gateway within the VACL, I did that to allow things such as ARP, but I didn't test the configuration without it.

Craig

--- On Fri, 7/24/09, andrew <andrew.coates_at_internode.on.net> wrote:

> From: andrew <andrew.coates_at_internode.on.net>
> Subject: RE: permiting ARP messages in VLAN ACCES-MAP is necesarry ?
> To: "'Scott Morris'" <smorris_at_ine.com>, "'Rameez Khan'" <rameezk1999_at_gmail.com>
> Cc: "'Cisco certification'" <ccielab_at_groupstudy.com>
> Date: Friday, July 24, 2009, 9:27 PM
> I thought and correct me if im wrong
> here, non ip stuff only gets denied if
> there is a mac access list. So if you just do ip then you
> don't need to
> allow arp. But if you went any denied appletalk or
> something with a mac
> access list then you would need to permit arp and depending
> what is running
> a bunch of other stuff as well.
>
>
> cheers
>
> -----Original Message-----
> From: nobody_at_groupstudy.com
> [mailto:nobody_at_groupstudy.com]
> On Behalf Of
> Scott Morris
> Sent: Saturday, July 25, 2009 10:08 AM
> To: Rameez Khan
> Cc: Cisco certification
> Subject: Re: permiting ARP messages in VLAN ACCES-MAP is
> necesarry ?
>
> Keep in mind that your arp timeout is 4 hours on a Cisco
> switch. So you
> may THINK everything's good.... But try clearing your
> cache and/or
> rebooting! :)
>
>
>
>
> *Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service
> Provider) #4713,
>
> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
>
> evil_at_ine.com
>
>
> Internetwork Expert, Inc.
>
> http://www.InternetworkExpert.com
>
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
>
>
>
>
> Rameez Khan wrote:
> > Hello there
> > I hav a issue regardng vlan access-map, actually i
> read in IE v4.1 R&s
> > wkrkbuk lab 5 about VLAN-ACCESS MAP tht we need to
> permit ARP messages
> > whnever we hav to use vlan-access map, otherwise we
> wld lost reachibilty
> > about particular VLAN after reload or clearing the
> arp
> > e.g
> >
> > mac access-list extended PERMIT_ARP
> >
> > permit any any 0x806 0x0
> >
> > bt my configuration works fine without it,any
> sugestion ... ?
> >
> > did we realy need it to do ?
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Jul 25 2009 - 19:33:52 ART