[c-nsp] Cisco ASR1K ISG - ARP broadcast
Mihai Tanasescu
mihai at duras.ro
Sat Nov 15 10:59:01 EST 2014
On 11/15/14 4:17 PM, Vitkovský Adam wrote:
>> Mihai Tanasescu
>> Sent: Saturday, November 15, 2014 11:38 AM
>> The problem I have experienced lately consists in the classic effect of a ping
>> sweep on the whole subnet assigned on the ISG interface.
>> It triggers a "storm" of "arp who has <ip> tell <ip ISG> " messages that I
>> would like to limit/not see being emitted by the ISG.
> Hi Mihai,
>
> Should the GW respond to the ARP requests to addresses from a local subnet? It doesn't seem right. Is it a property of the PPPoE setup?
> Well maybe you could police the ARP traffic coming from subscribers?
>
> adam
Hi Adam,
Well..to be more specific I'd like the same behavior as in the case of a
CMTS with these commands:
"no cable arp
cable source-verify dhcp
"
or like this example that I found for the ASR9K:
/interface < >
arp learning disable
service-policy type control subscriber CP_IPOE_DHCPV4_SESSION_RESTART
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
/The GW should respond to ARP requests but I'd like it not to generate
ARP requests for IPs that do not exist (do not have a session listed in
the "show subscriber session" in case someone from the outside tries to
ping my whole let's say /24 assigned on this L2 circuit terminating
interface.
-
Mihai
More information about the cisco-nsp
mailing list