Filter ARP packets

Answered Question
Jun 2nd, 2008
User Badges:

Hi,


I have the following issue:


Upstream --Fe0/0-- Cisco 7120 --Fe0/1-- Internet Exchange Point



The Cisco router terminates some L2TP tunnels. Each time a tunnel flaps, the router generates the following ARP packet:


Jun 2 18:44:27: IP ARP: sent rep src xxx.xxx.xxx.xxx 0005.5f02.e800,

dst xxx.xxx.xxx.xxx ffff.ffff.ffff FastEthernet0/0

Jun 2 18:44:27: IP ARP: sent rep src xxx.xxx.xxx.xxx 0005.5f02.e801,

dst xxx.xxx.xxx.xxx ffff.ffff.ffff FastEthernet0/1



The ARP packet which is sent via Fe0/1 (to the exchange point) triggers the arpwatch program and the exchange point staff receives an email: New station (xxx.xxx.xxx.xxx) detected.


So is it somehow possible to block this ARP packets on Fe0/1?


The configuration looks like this:


interface Loopback1

ip address yyy.yyy.yyy.yyy 255.255.255.255

no ip redirects

ip route-cache flow

no ip route-cache cef

no ip mroute-cache

!

interface Virtual-Template1

ip unnumbered Loopback1

no ip redirects

no ip proxy-arp

no peer default ip address

ppp mtu adaptive

ppp authentication pap chap ms-chap-v2 callin

!

interface FastEthernet0/0

description Upstream

ip address zzz.zzz.zzz.zzz 255.255.255.248

no ip redirects

no ip proxy-arp

ip route-cache flow

duplex full

speed 100

no cdp enable

!

interface FastEthernet0/1

description Exchange Point

ip address www.www.www.www 255.255.254.0

no ip redirects

no ip proxy-arp

ip route-cache flow

duplex full

speed 100

ipv6 nd suppress-ra

no snmp trap link-status

no cdp enable

no mop enabled


IOS version is: c7100-jk9o3s-mz.122-26a.bin


Thank you!

Correct Answer by Ryan Carretta about 9 years 1 month ago

Sounds like gratuitous arp. Try a 'no ip gratuitous-arps' from the config prompt. Let me know how it goes.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ryan Carretta Tue, 06/03/2008 - 00:21
User Badges:
  • Bronze, 100 points or more

Sounds like gratuitous arp. Try a 'no ip gratuitous-arps' from the config prompt. Let me know how it goes.

martinkluge Tue, 06/03/2008 - 00:28
User Badges:

*sigh* Didn't think of that, this fixed it.



Thank you alot!

Actions

This Discussion