×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco 3350 - VACL and capture port not seeing ARP?

Unanswered Question
Dec 27th, 2005
User Badges:

Hi All,


We have a site that has setup their Cisco 3350 with a VACL (using ios v5) with a capture port. Although they have enabled ARP through the VACL, they are not seeing ARP through the capture port. Does a capture port filter out protocols like ARP (or others) by default? If so, how can we allow these protocols to come through.


Many thanks and happy holidays!

Bob

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Georg Pauwen Tue, 12/27/2005 - 14:35
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 WAN

Hello Bob,


it depends on how you have your VACL configured. Make sure that you allow Ethertype 0x806 in addition to IP. Your VACL should look like this (assuming that you aplly it VLAN 2, which might be different in your case, so change the last statement accordingly):


ip access-list extended IP

permit ip any any

!

mac access-list extended ARP

permit any any 0x806 0x0

!

vlan access-map IP_AND_ARP 10

action forward

match ip address IP

!

vlan access-map IP_AND_ARP 20

action forward

match mac-address ARP

!

vlan access-map IP_AND_ARP 30

action drop

!

vlan filter IP_AND_ARP vlan-list 2


Regards,


GP

bkajikami Tue, 12/27/2005 - 15:44
User Badges:

Hi GP!


Thank you very much for the response. We will check with our site.


They are claiming that when they perform a tcpdump, they can see ARP packets through ports on the switch (setup as a VACL), but not through the "capture" port for the VACL.


In any case, we will compare configurations (unless you have heard of issues or anomolies where "capture" ports will filter ARP out(?)).


Cheers!

Bob

Actions

This Discussion