Permit, deny (arp acl) – LevelOne FGL-2870 User Manual

Command Line Interface

4-212

4

permit, deny (ARP ACL)

This command adds a rule to an ARP ACL. The rule filters packets matching a
specified source or destination address in ARP messages. Use the no form to
remove a rule.

Syntax

[no] {permit | deny}

ip {any | host source-ip | source-ip ip-address-bitmask}
mac {any | host source-ip | source-ip ip-address-bitmask} [log]
Note:

This form indicates either request or response packets.

[no] {permit | deny} request

ip {any | host source-ip | source-ip ip-address-bitmask}
mac {any | host source-mac | source-mac mac-address-bitmask} [log]

[no] {permit | deny} response

ip {any | host source-ip | source-ip ip-address-bitmask}
{any | host destination-ip | destination-ip ip-address-bitmask}
mac {any | host source-mac | source-mac mac-address-bitmask}
[any | host destination-mac | destination-mac mac-address-bitmask] [log]

• source-ip – Source IP address.
• destination-ip – Destination IP address with bitmask.
• ip-address-bitmask

24

– IPv4 number representing the address bits to

match.

• source-mac – Source MAC address.
• destination-mac – Destination MAC address range with bitmask.
• mac-address-bitmask

24

– Bitmask for MAC address (in hexidecimal

format).

• log - Logs a packet when it matches the access control entry.

Default Setting

None

Command Mode

ARP ACL

Command Usage

New rules are added to the end of the list.

Example
This rule permits packets from any source IP and MAC address to the destination
subnet address 192.168.0.0.

24. For all bitmasks, binary “1” means care and “0” means ignore.

Console(config-arp-acl)#$permit response ip any 192.168.0.0 255.255.0.0 mac

any any

Console(config-mac-acl)#