RE: Deny ARP Catalyst

From: Ryan, Jeff (jryan@netcogov.com)
Date: Sun Jan 09 2005 - 20:25:01 GMT-3

• Next message: alsontra@hotmail.com: "RE: Deny ARP Catalyst"
• Previous message: ccie2be: "Re: Deny ARP Catalyst"
• Maybe in reply to: Elson Burrao: "Deny ARP Catalyst"
• Next in thread: alsontra@hotmail.com: "RE: Deny ARP Catalyst"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim, do a search from the doc cd on "mac ethertypes"

The first link works...

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3900/3900ug4/code
s.htm#xtocid165034

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Sunday, January 09, 2005 6:12 PM
To: alsontra@hotmail.com; 'Elson Burrao'; ccielab@groupstudy.com
Subject: Re: Deny ARP Catalyst

Al,

That config looks corect except possibly for one thing:

vlan filter DENY_MAC vlan-list 1 <-- s/b the vlan in

which the denied host resides, I believe.

BTW, if I couldn't remember the code for ARP, 0x806 0x0,

do you know where I'd find that on the Doc CD?

TIA, Tim

----- Original Message -----
From: <alsontra@hotmail.com>
To: "'Elson Burrao'" <eburrao@yahoo.com>; <ccielab@groupstudy.com>
Sent: Sunday, January 09, 2005 4:33 AM
Subject: RE: Deny ARP Catalyst

> VLAN ACCESS-MAP (VACL)
>
> 0050.3eef.6260 = arp challenged host ( or soon to be )
>
> 0x806 0x0 = IP_ARP
>
> mac access-list extended DENY_ARP
> permit host 0050.3eef.6260 any 0x806 0x0
> !
> !
> vlan access-map DENY_MAC 10
> action drop
> match mac address DENY_ARP
> vlan access-map DENY_MAC 20
> action forward
> vlan filter DENY_MAC vlan-list 1
>
> .someone correct me if I've made a mistake..
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550s
cg/s
> wacl.htm#wp1176911
>
> HTH
> Al
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Elson Burrao
> Sent: Sunday, January 09, 2005 3:05 PM
> To: ccielab@groupstudy.com
> Subject: Deny ARP Catalyst
>
> Hello All,
>
> How can I deny arp requests from a specific host? On the 3560 I do
have
"arp
> access-list" command, but I couldn't find anything on the 3550.
>
> Any input will be very much appreciated
>
> Thanks
>
> E
>
>
> ---------------------------------
> Do you Yahoo!?
> The all-new My Yahoo!  Get yours free!
>
>

• Next message: alsontra@hotmail.com: "RE: Deny ARP Catalyst"
• Previous message: ccie2be: "Re: Deny ARP Catalyst"
• Maybe in reply to: Elson Burrao: "Deny ARP Catalyst"
• Next in thread: alsontra@hotmail.com: "RE: Deny ARP Catalyst"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:21 GMT-3