[c-nsp] Private VLAN questions.
Saku Ytti
saku+cisco-nsp at ytti.fi
Thu Aug 4 13:25:24 EDT 2005
On (2005-08-04 13:04 -0400), Matthew Crocker wrote:
> How do I configure the Cisco 12000 to respond to those ARP request
> and send the MAC address for school B to school A when it asks?
> Can I put an ACL on the configuration so it will only ARP for certain
> IPs?
I think you need 'ip local-proxy-arp' which I believe is not available
in 12.0S.
Not reflecting to your situation, but nice feature go with that is
unnumbered VLAN subinterfaces, this disables sending ARP WHO HAS -messages
and only learns neighbours via (snooping) DHCP. In your situation, if
the subnet is huge and you have low bandwidth (eg 256kbps) default rate
of ARP WHO HAS messages might become too high when script kiddies
are scanning through the range.
--
++ytti
More information about the cisco-nsp
mailing list