Chapter 10
| Access Control Lists
ARP ACLs
ARP ACLs
access-list arp
The commands in this section configure ACLs based on the IP or MAC address
contained in ARP request and reply messages. To configure ARP ACLs, first create an
access list containing the required permit or deny rules, and then bind the access
list to one or more VLANs using the
Table 67: ARP ACL Commands
Command
access-list arp
permit, deny
show access-list arp
This command adds an ARP access list and enters ARP ACL configuration mode. Use
the no form to remove the specified ACL.
Syntax
[no] access-list arp acl-name
acl-name – Name of the ACL. (Maximum length: 32 characters)
Default Setting
None
Command Mode
Global Configuration
Command Usage
◆
When you create a new ACL or enter configuration mode for an existing ACL,
use the permit or deny command to add new rules to the bottom of the list. To
create an ACL, you must add at least one rule to the list.
◆
To remove a rule, use the no permit or no deny command followed by the
exact text of a previously configured rule.
◆
An ACL can contain up to 128 rules.
Example
Console(config)#access-list arp factory
Console(config-arp-acl)#
Related Commands
permit, deny (345)
show access-list arp (346)
ip arp inspection vlan
Function
Creates a ARP ACL and enters configuration mode
Filters packets matching a specified source or destination
address in ARP messages
Displays the rules for configured ARP ACLs
– 344 –
command.
Mode
GC
ARP-ACL
PE