Configuration Guide User guide
1738 FastIron Configuration Guide
53-1002494-02
ACLs to filter ARP packets
The <access-list-number> parameter identifies the ID of the standard ACL that will be used to filter
the packet. Only the source and destination IP addresses will be used to filter the ARP packet. You
can do one of the following for <access-list-number>:
• Enter an ACL ID to explicitly specify the ACL to be used for filtering. In the example above, the
line FastIron(config-ve-2)# ip use-ACL-on-arp 103 specifies ACL 103 to be
used as the filter.
• Allow the ACL ID to be inherited from the IP ACLs that have been defined for the device. In the
example above, the line FastIron(config-ve-4)# ip use-ACL-on-arp allows the
ACL to be inherited from IP ACL 101 because of the ip follow relationship between virtual
routing interface 2 and virtual routing interface 4. Virtual routing interface 2 is configured with
IP ACL 101; thus virtual routing interface 4 inherits IP ACL 101.
ARP requests will not be filtered by ACLs if one of the following conditions occur:
• If the ACL is to be inherited from an IP ACL, but there is no IP ACL defined.
• An ACL ID is specified for the use-ACL-on-arp command, but no IP address or “any any” filtering
criteria have been defined under the ACL ID.
Displaying ACL filters for ARP
To determine which ACLs have been configured to filter ARP requests, enter a command such as
the following.
Brocade(config)# show ACL-on-arp
Port ACL ID Filter Count
2 103 10
3 102 23
4 101 12
Syntax: show ACL-on-arp [ethernet <port> | loopback [ <num> ] | ve [ <num> ] ]
Specify the port variable in one of the following formats:
• FWS, FCX, and ICX stackable switches – stack-unit/slotnum/portnum
• FSX 800 and FSX 1600 chassis devices – slotnum/portnum
• ICX devices – slotnum/portnum
• FESX compact switches – portnum
If the <port> variable is not specified, all ports on the device that use ACLs for ARP filtering will be
included in the display.
The Filter Count column shows how many ARP packets have been dropped on the interface since
the last time the count was cleared.
Clearing the filter count
To clear the filter count for all interfaces on the device, enter a command such as the following.
Brocade(config)# clear ACL-on-arp
The above command resets the filter count on all interfaces in a device back to zero.
Syntax: clear ACL-on-arp