09-11-2008 04:32 AM
Hi
Just a short question. Is an ACE blocking traffic from a Source if the mac-address of that source is not in the ARP/MAC table? No security feature is enabled. The sniffer shows, that the packet is not going through. Other traffic works fine. So no problem with incoming ACL or something else. Any reason for that.
Cheers
patrick
09-17-2008 03:36 AM
Any suggestions?
Cheers
patrick
09-17-2008 05:12 AM
By default, for bridged traffic, the ACE learns MAC addresses from all traffic.
What is the source address in your case?
Is it a default gateway?
If it is then create a dummy real server using gateway IP address. This way ACE will pro actively populate the ARP table and ARP entry will never time out.
Syed Iftekhar Ahmed
09-17-2008 05:25 AM
Patrick,
indeed, if the src mac is not in the arp table, we can't setup a flow entry for that traffic and it is dropped.
We should first learn the mac-address from arp traffic.
Also check the following command to see if that helps:
switch/Admin(config-if)# arp inspection validate src-mac ?
flood Enable the flood option
no-flood Enable the no flood option
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide