Table of Contents
Advertisement
Configuring ARP
The following procedure shows the commands used to set up ARP on an interface.
TABLE 6-24
Step
Command
Add a IP filter for 'X' in
Figure
other non-IP packets can pass
officer SEC> CREATE ACCESSLIST=iparpfilt RULE=DENY IPSOURCE=192.168.1.0
1.
SOURCEMASK=255.255.255.0
officer SEC> ADD ACCESSLIST=iparpfilt INTERFACE=17.4
officer SEC> SHOW ACCESSLIST ALL
--- Access Lists -----------------------------------------------------
Name
---------------- ---------------- ---- ------- ---------------------------
----
iparpfilt
At this point, IP addresses in the range 192.168.1.0 through 192.168.1.255 are now being specified.
With the IPSOURCE as "192.168.1.0" with the SOURCEMASK=255.255.255.0, the first 24 bits are being filtered. so
addresses from 192.168.1.0 through 192.168.1.255 will be blocked because of the DENY rule. The PERMIT would allow
packets not filtered by the DENY rule.)
The user should keep in mind, however, that ARP packets are still passing through because they have not been specifically
blocked.
Enable the ARP filtering.The system now filters ARP packets so that only the IP address for 'X' in Sender L3 Addr. passes.
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
IP
0x800
IP Source
X
FIGURE 6-5
Configuration Procedure for ARP
6-5. Deny all other IP packets. Note that ARP filtering is not enabled, so ARP and any
Interfaces
ETH:17.4
ARP
0x806
X
Sender L3 Addr.
MAC Src. Addr.
Sender L2 Addr.
Y
Target L3 Addr.
MAC Dest. Addr.
Target L2 Addr.
ARP filtering
Description
Rule Action
Fields
1
DENY
IPSOURCE=192.168.1.0
SOURCEMASK=255.255.255.0
--
PERMIT
Introduction
6-155
Advertisement
Chapters
Table of Contents
Troubleshooting
