Giuseppe Larosa Fri, 08/15/2008 - 06:44

Hello Mick,

I try to guess:

if your router or switch is answering ARP requests for IP addresses different then their own you need to disable proxy-arp

int vlan 5

no ip proxy-arp

if you want the switch to never answer to ARP requests even if for their own IP address is a different matter.

In this case you should use a VACL and deny traffic with ethertype = ARP protocol

0x0806 ARP, Address Resolution Protocol.

to be sure in both directions

However, not all switch platforms allow to use ethertype based ACL (catOS allows I think)

in this case all legitimate systems will need a static ARP entry to communicate with the switch

Hope to help

Giuseppe

Actions

This Discussion