[nsp] ARP filtering
Sam Stickland
sam_ml at spacething.org
Mon Jul 12 11:19:53 EDT 2004
Hi,
We limit customers in shared VLANs by filtering IP addresses on the
switch. ie.
ip access-list ex CUST_EXAMPLE
permit ip 192.168.0.0 0.0.0.31
deny ip any any
However, it's my understandig that this will still allow ARP replies from
outside the specified IP range, that will populate the MAC address tables
in the switch and the end-station/router. For ingress ACLs this could
result in traffic being sent to the rouge machine (but never being allowed
back), or in the case of ingress and egress ACLs, the dropping all
traffic.
Is there anyway to stop this happening?
Sam
More information about the cisco-nsp
mailing list