Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
563
Views
0
Helpful
3
Replies

ACE - bridged mode - blocking Traffic

pat1848
Level 1
Level 1

‎09-11-2008 04:32 AM

Hi

Just a short question. Is an ACE blocking traffic from a Source if the mac-address of that source is not in the ARP/MAC table? No security feature is enabled. The sniffer shows, that the packet is not going through. Other traffic works fine. So no problem with incoming ACL or something else. Any reason for that.

Cheers

patrick

Labels:
0 Helpful
3 Replies 3

pat1848
Level 1
Level 1

‎09-17-2008 03:36 AM

Any suggestions?

Cheers

patrick

0 Helpful

Syed Iftekhar Ahmed
Level 8
Level 8
In response to pat1848

‎09-17-2008 05:12 AM

By default, for bridged traffic, the ACE learns MAC addresses from all traffic.

What is the source address in your case?

Is it a default gateway?

If it is then create a dummy real server using gateway IP address. This way ACE will pro actively populate the ARP table and ARP entry will never time out.

Syed Iftekhar Ahmed

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎09-17-2008 05:25 AM

Patrick,

indeed, if the src mac is not in the arp table, we can't setup a flow entry for that traffic and it is dropped.

We should first learn the mac-address from arp traffic.

Also check the following command to see if that helps:

switch/Admin(config-if)# arp inspection validate src-mac ?

flood Enable the flood option

no-flood Enable the no flood option

Carriage return.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents