ACE - bridged mode - blocking Traffic

Unanswered Question
Sep 11th, 2008
User Badges:

Hi


Just a short question. Is an ACE blocking traffic from a Source if the mac-address of that source is not in the ARP/MAC table? No security feature is enabled. The sniffer shows, that the packet is not going through. Other traffic works fine. So no problem with incoming ACL or something else. Any reason for that.



Cheers

patrick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Wed, 09/17/2008 - 05:12
User Badges:
  • Blue, 1500 points or more

By default, for bridged traffic, the ACE learns MAC addresses from all traffic.


What is the source address in your case?

Is it a default gateway?

If it is then create a dummy real server using gateway IP address. This way ACE will pro actively populate the ARP table and ARP entry will never time out.




Syed Iftekhar Ahmed

Gilles Dufour Wed, 09/17/2008 - 05:25
User Badges:
  • Cisco Employee,

Patrick,


indeed, if the src mac is not in the arp table, we can't setup a flow entry for that traffic and it is dropped.

We should first learn the mac-address from arp traffic.


Also check the following command to see if that helps:


switch/Admin(config-if)# arp inspection validate src-mac ?

flood Enable the flood option

no-flood Enable the no flood option

Carriage return.



Gilles.

Actions

This Discussion