Cisco WS-C3560E-48PD-SF Command Reference - Page 47
arp access-list
View all Cisco WS-C3560E-48PD-SF manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 47 highlights
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands arp access-list arp access-list Use the arp access-list global configuration command to define an Address Resolution Protocol (ARP) access control list (ACL) or to add clauses to the end of a previously defined list. Use the no form of this command to delete the specified ARP access list. arp access-list acl-name no arp access-list acl-name This command is available only if your switch is running the IP services image, formerly known as the enhanced multilayer image (EMI). Syntax Description acl-name Name of the ACL. Defaults No ARP access lists are defined. Command Modes Global configuration Command History Release 12.2(20)SE Modification This command was introduced. Usage Guidelines After entering the arp access-list command, you enter ARP access-list configuration mode, and these configuration commands are available: • default: returns a command to its default setting. • deny: specifies packets to reject. For more information, see the "deny (ARP access-list configuration)" section on page 2-70. • exit: exits ARP access-list configuration mode. • no: negates a command or returns to default settings. • permit: specifies packets to forward. For more information, see the "permit (ARP access-list configuration)" section on page 2-290. Use the permit and deny access-list configuration commands to forward and to drop ARP packets based on the specified matching criteria. When the ARP ACL is defined, you can apply it to a VLAN by using the ip arp inspection filter vlan global configuration command. ARP packets containing only IP-to-MAC address bindings are compared to the ACL. All other types of packets are bridged in the ingress VLAN without validation. If the ACL permits a packet, the switch forwards it. If the ACL denies a packet because of an explicit deny statement, the switch drops the packet. If the ACL denies a packet because of an implicit deny statement, the switch compares the packet to the list of DHCP bindings (unless the ACL is static, which means that packets are not compared to the bindings). 78-16405-05 Catalyst 3560 Switch Command Reference 2-15