Configuring an arp acl – LevelOne FGL-2870 User Manual

General Security Measures

3-133

3

Configuring an ARP ACL

Use this page to configure ACLs based on ARP message addresses. ARP
Inspection can then use these ACLs to filter suspicious traffic (see "Configuring ARP
Inspection" on page 3-136).

Command Attributes
• Action – An ACL can contain any combination of permit or deny rules.
• Packet Type – Indicates an ARP request, ARP response, or either type.

(Range: Request, Response, All; Default: Request)

• Sender/Target IP Address Type – Specifies the source or destination IPv4

address. Use “Any” to include all possible addresses, “Host” to specify a specific
host address in the Address field, or “IP” to specify a range of addresses with the
Address and Mask fields. (Options: Any, Host, IP; Default: Any)

• Sender/Target IP Address – Source or destination IP address.
• Sender/Target IP Address Mask – Subnet mask for source or destination

address. (See the description for Subnet Mask on page 3-126.)

• Sender/Target MAC Address Type – Use “Any” to include all possible addresses,

“Host” to indicate a specific MAC address, or “MAC” to specify an address range
with the Address and Mask fields. (Options: Any, Host, MAC; Default: Any)

• Sender/Target MAC Address – Source or destination MAC address.
• Sender/Target MAC Address Mask – Hexadecimal mask for source or

destination MAC address.

• Log – Logs a packet when it matches the access control entry.

Command Usage
• An ACL can contain up to 32 rules.
• New rules are added to the end of the list.