Model:
ECS4100 series
Firmware version:
ECS4100 series V1.2.4.173
Simulation scenario:
1. Prepare two types of ARP packets.
A. The sender MAC address of ARP header is different from source MAC address of Ethernet header.
B. The sender MAC address of ARP header is the same as source MAC address of Ethernet header.
2. Configure MAC ACL to permit the source MAC address of ARP packet and deny other packets.
Console(config)#access-list mac test Console(config-mac-acl)#permit host 0C-C4-7A-06-FB-11 any Console(config-mac-acl)#deny any any
3. Apply this MAC ACL to ingress of port 1.
Console(config)#interface ethernet 1/1 Console(config-if)#mac access-group test in
4. Inject these two ARP packets to the port 1. Thus, the switch forwards B-ARP packet but filter A-ARP packet by MAC ACL.
Root Cause:
This is chipset behavior.
MAC ACL inspect sender MAC address of ARP header instead of source MAC address of Ethernet header for ARP packets.
Prev Page How to use Layer2 traceroute (a.k.a CFM linktrace) on Edgecore Switch ?
Next Page ECS4620 configure Dot1x dynamic VLAN and RADIUS server with EAP-TLS