Reference Guide
NOTE: When ACL logging and byte counters are configured simultaneously, byte counters
may display an incorrect value. Configure packet counters with logging instead.
Related
Commands
deny tcp – assigns a filter to deny TCP packets.
deny udp – assigns a filter to deny UDP packets.
ip access-list extended – creates an extended ACL.
deny arp
Configure an egress filter that drops ARP packets on egress ACL supported line cards. (For more information, refer to
your line card documentation).
E-Series
Syntax
deny arp {destination-mac-address mac-address-mask | any} vlan
vlan-id {ip-address | any | opcode code-number} [count [byte] |
log] [order] [monitor]
To remove this filter, you have two choices:
• Use the no seq sequence-number command if you know the filter’s sequence
number.
• Use the no deny arp {destination-mac-address mac-address-
mask | any} vlan vlan-id {ip-address | any | opcode code-
number
} command.
Parameters
destination-mac-
address mac-
address-mask
Enter a MAC address and mask in the nn:nn:nn:nn:nn format.
For the MAC address mask, specify which bits in the MAC address
must match.
The MAC ACL supports an inverse mask; therefore, a mask of
ff:ff:ff:ff:ff:ff allows entries that do not match and a mask of
00:00:00:00:00:00 only allows entries that match exactly.
any Enter the keyword any to match and drop any ARP traffic on the
interface.
vlan
vlan-id
Enter the keyword vlan and then enter the VLAN ID to filter traffic
associated with a specific VLAN. The range is 1 to 4094 and 1 to 2094
for ExaScale ( you can use IDs 1 to 4094). To filter all VLAN traffic,
specify
VLAN 1.
ip-address
Enter an IP address in dotted decimal format (A.B.C.D) as the target
IP address of the ARP.
opcode
code-
number
Enter the keyword opcode and then enter the number of the ARP
opcode. The range is 1 to 23.
count (OPTIONAL) Enter the keyword count to count packets processed
by the filter.
byte (OPTIONAL) Enter the keyword byte to count bytes processed by
the filter.
254