06-03-2008 12:41 AM - edited 03-05-2019 11:23 PM
Is it supported in Security ACLs (PACLs and VACLs) in IOS 12.2(33)SXH ?
Is it possible to filter IPv4 traffic in hardware by MAC with ACLs on this platform?
The same question for ARP traffic.
Solved! Go to Solution.
06-03-2008 12:59 AM
Hi,
This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:
For arp you can just create an arp access-list:
Test6k(config)#arp access-list ARP_FILTER
Test6k(config-arp-nacl)#permit ?
ip Sender IP address
request ARP Request
response ARP Response
06-03-2008 12:59 AM
Hi,
This should work for you. You would need to enable PI MAC ACL filtering by using the command 'mac packet-classify' on the ingress interface (or vlan interface if L2). This was supported as of 12.2(18)SXD - here is a link to the config guide in the SXF train:
For arp you can just create an arp access-list:
Test6k(config)#arp access-list ARP_FILTER
Test6k(config-arp-nacl)#permit ?
ip Sender IP address
request ARP Request
response ARP Response
06-03-2008 05:31 AM
Yes, this works. Also, ARP can be filtered with MAC ACLs (Ethertype 0x0806). ARP ACLs ("arp access-list") are related to DAI.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: