ARP packets

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View

Is it possible to limit or block ARP packets from going thru a catalyst
switch? Is there such a command or option? I've surfed the whole day
but no luck!

Re: ARP packets

I don't think there's a port no. for ARP, by which I can use an ACL to
filter it out.

Re: ARP packets

Jo wrote:

Quoted text here. Click to load it

arp works at the Etherenet level.  So there are no ports to filter.
arp frames have 0x806 as the ethertype and that's about it.

Why would you want to break ethernet by blocking arp frames?



"Somehow I imagined this experience would be more rewarding" Calvin
**************************ROT13 MY ADDRESS*************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.

Re: ARP packets

I'm being asked to lookup for info on how to limit or block ARP packets
on Catalyst 3550 or 3725 router as we're getting too many ARP requests.
It's believed that the network is under attack bcoz of a virus.

Re: ARP packets

Quoted text here. Click to load it

What makes you think you are getting too many ARP requests? Have you
installed a sniffer on your network to see exactly what is happening?
Is it arp requests for a specific IP or random?

I guess if you wanted to filter arp frames on a layer 2 interface you
could use a mac based access-list something like the following

mac access-list extended ARP
    deny any any 0x806 0x0
    permit any any

interface <interface-id>
    mac access-group ARP in

If you wanted to filter on a complete VLAN if I'm not mistaken you
could use a VACL

mac access-list extended ARP
    permit any any 0x806 0x0

vlan access-map ARP 10
    match mac address ARP
    action drop
vlan access-map ARP 20
    action forward

vlan filter ARP vlan-list <vlan>

Again not sure why you would want to do this as it would have serious
consequences for your network


Re: ARP packets says...
Quoted text here. Click to load it

You could probably do that by using broadcast-storm option since ARP
packets are just broadcast. This will probably do some connectivity
problems to your network.

Why whould you want to limit/block ARP packets?


*** Use Rot13 to see my eMail address ***

Re: ARP packets

you might find the link below useful

or easily you may read thru.

 Command Purpose
Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface

Enter interface configuration mode, and enter the port to configure.

Step 3

port storm-control broadcast [threshold {rising rising-number falling

Enter the rising and falling thresholds for broadcast packets.

Make sure the rising threshold is greater than the falling threshold.

Step 4

port storm-control trap

Generate an SNMP trap when the traffic on the port crosses the rising or
falling threshold.

Step 5


Return to privileged EXEC mode.

Step 6

show port storm-control [interface]

Verify your entries.


Quoted text here. Click to load it

Site Timeline