06-03-2008 12:41 AM - edited 03-05-2019 11:23 PM
Is it supported in Security ACLs (PACLs and VACLs) in IOS 12.2(33)SXH ?
Is it possible to filter IPv4 traffic in hardware by MAC with ACLs on this platform?
The same question for ARP traffic.
Solved! Go to Solution.
06-03-2008 12:59 AM
Hi,
This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:
For arp you can just create an arp access-list:
Test6k(config)#arp access-list ARP_FILTER
Test6k(config-arp-nacl)#permit ?
ip Sender IP address
request ARP Request
response ARP Response
06-03-2008 12:59 AM
Hi,
This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:
For arp you can just create an arp access-list:
Test6k(config)#arp access-list ARP_FILTER
Test6k(config-arp-nacl)#permit ?
ip Sender IP address
request ARP Request
response ARP Response
06-03-2008 05:31 AM
Yes, this works. Also, ARP can be filtered with MAC ACLs (Ethertype 0x0806). ARP ACLs ("arp access-list") are related to DAI.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide