Reset Search
 

 

Article

How to configure acl in EXOS to block the ARP violations on a port with ARP security enabled

« Go Back

Information

 
TitleHow to configure acl in EXOS to block the ARP violations on a port with ARP security enabled
Objective
If ARP security is enabled in EXOS, the following message would indicate an ARP violation on a port.
 
<Warn:FDB.arpViolation> MSM-B: Solicited ARP violation on VR VR-Default VLAN R311F port 1:15 ipaddr 10.251.151.1 mac 00:00:5E:00:01:02

<Warn:FDB.arpViolation> MSM-B: Solicited ARP violation on VR VR-Default VLAN R311F port 1:15 ipaddr 10.251.151.1 mac 00:00:5E:00:01:02
Ideal solution would be to avoid such ARP violations in the network. However, if this could not be avoided, this article suggests an ACL to block this ARP violation
 
Environment
Summit and BlackDiamond Series
EXOS All.
Procedure
Policy file:
 
entry listARP05 { if match all {
ethernet-type 0x0806 ;
arp-sender-address 10.251.0.1 mask 255.255.0.255 ;
} then {
deny ;
} }

Apply this policy on the port where the violations are seen.
 
Configure access-list <policy name> port <port number> ingress

The above ACL would block any ARP packet coming from the specified IP range.

 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255