Reset Search



How to create an acl matching only arp reply packets

« Go Back


TitleHow to create an acl matching only arp reply packets
This is a workaround of creating an acl matching only arp reply packets. 
  • EXOS All
EXOS currently doesn't support the acl match condition for ARP operation field which is used to classify the types of ARP packets such as request or reply.
From the fact that arp reply packets are always unicast and arp request packets are always broadcast, the acl's matching conditions can be created to check if the mulitcast bit(the last bit in the first octet of mac address) is set to 0 and also if the ether-type is arp. As a result, it matches only arp reply packets.

entry arp-reply { 
if {
ethernet-destination-address 00:00:00:00:00:00 mask 01:00:00:00:00:00 ;
ethernet-type 0x0806 ;
} then {
permit or deny ;
} }
Additional notes
If you wish to match the ARP reply from a specific host, then you can use the following ACL -
entry test { 
if match all {
ethernet-type 0x0806;
} then {
count arp_reply;




Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255