Chapter 15
Configuring Access Control
•
•
Configuring Rate Limiting for ARP Traffic Inspection
•
•
•
Configuring Logging for ARP Traffic Inspection
•
Permitting or Denying ARP Packets Advertising a Specific IP-Address-to-MAC-Address Binding
To permit or deny the ARP packets that advertise a binding for a specific IP address and MAC address,
perform this task in privileged mode:
Task
Step 1
Permit or deny the ARP packets that advertise a
binding for a specific IP address and MAC address.
Step 2
Commit the VACL.
This example shows how to permit the ARP packets that advertise a binding of IP address 172.20.52.54
to MAC address 00-01-64-61-39-c2:
Console> (enable) set security acl ip ACL1 permit arp-inspection host 172.20.52.54
00-01-64-61-39-c2
Operation successful.
Console> (enable) commit security acl ACL1
Console> (enable) ACL commit in progress.
ACL 'ACL1' successfully committed.
Permitting or Denying ARP Packets Advertising a Particular IP Address Binding
To permit or deny the ARP packets that advertise a binding for the specified IP address, perform this task
in privileged mode:
Task
Step 1
Permit or deny the ARP packets that advertise a
binding for the specified IP address.
Step 2
Commit the VACL.
OL-8978-04
Displaying ARP Traffic-Inspection Statistics, page 15-36
Clearing the ARP Traffic-Inspection Statistics, page 15-37
Configuring Rate Limiting on a Global Basis, page 15-37
Configuring Rate Limiting on a Per-Port Basis, page 15-38
Configuring the errdisable-timeout Option for ARP Traffic Inspection, page 15-38
Configuring Logging for ARP Traffic Inspection, page 15-39
Command
set security acl ip acl_name {permit | deny}
arp-inspection host ip_address mac_address
commit security acl {acl_name | all |
adjacency}
Command
set security acl ip acl_name {permit | deny}
arp-inspection host ip_address any
commit security acl {acl_name | all |
adjacency}
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Using VACLs in Your Network
15-33