[c-nsp] Cisco ASR1K ISG - ARP broadcast

Mihai Tanasescu mihai at duras.ro
Sat Nov 15 10:59:01 EST 2014


On 11/15/14 4:17 PM, Vitkovský Adam wrote:
>> Mihai Tanasescu
>> Sent: Saturday, November 15, 2014 11:38 AM
>> The problem I have experienced lately consists in the classic effect of a ping
>> sweep on the whole subnet assigned on the ISG interface.
>> It triggers a "storm" of "arp who has <ip> tell <ip ISG> " messages that I
>> would like to limit/not see being emitted by the ISG.
> Hi Mihai,
>
> Should the GW respond to the ARP requests to addresses from a local subnet? It doesn't seem right. Is it a property of the PPPoE setup?
> Well maybe you could police the ARP traffic coming from subscribers?
>
> adam
Hi Adam,

Well..to be more specific I'd like the same behavior as in the case of a 
CMTS with these commands:
"no cable arp
  cable source-verify dhcp
"
or like this example that I found for the ASR9K:
/interface < >
arp learning disable
  service-policy type control subscriber CP_IPOE_DHCPV4_SESSION_RESTART
  ipsubscriber ipv4 l2-connected
   initiator dhcp
   initiator unclassified-source

/The GW should respond to ARP requests but I'd like it not to generate 
ARP requests for IPs that do not exist (do not have a session listed in 
the "show subscriber session" in case someone from the outside tries to 
ping my whole let's say /24 assigned on this L2 circuit terminating 
interface.

-
Mihai


More information about the cisco-nsp mailing list