GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: 3550 mac-address-table - VACL posted 03/04/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


"Po1" indicates logical interface PortChannel 1.  Two of your CAM entries were 
learned from that interface.


Quoting "Fowlie, Colin" <Colin.Fowlie@xxxxxxxxx>:

> Yup.  That would be the port from where the switch sees that MAC address.  It
> doesn't indicate that ARP is being permitted.
> 
> HTH
> Colin
> -----Original Message-----
> From: alsontra@xxxxxxxxxxx [mailto:alsontra@xxxxxxxxxxx] 
> Sent: Thursday, March 04, 2004 3:02 PM
> To: Fowlie, Colin; ccielab@xxxxxxxxxxxxxx
> Subject: Re: 3550 mac-address-table - VACL
> 
> Thanks Colin,
> 
> So "Po1" simply means forwarding entry.
> 
> Alsontra
> 
> 
> ----- Original Message ----- 
> From: "Fowlie, Colin" <Colin.Fowlie@xxxxxxxxx>
> To: <alsontra@xxxxxxxxxxx>; <ccielab@xxxxxxxxxxxxxx>
> Sent: Thursday, March 04, 2004 8:51 AM
> Subject: RE: 3550 mac-address-table - VACL
> 
> 
> > What you're looking at is the mac-address-table.  This is the forwarding
> table that is built by the switch.  It is not an arp entry.  The switch is
> simply creating the mac table entry based on the source MAC address of a
> frame received from the host on a particular port.  This perfectly fine as
> long as the arp entries don't show up on R4 and R6.
> >
> > Colin
> >
> > -----Original Message-----
> > From: alsontra@xxxxxxxxxxx [mailto:alsontra@xxxxxxxxxxx]
> > Sent: Thursday, March 04, 2004 2:34 PM
> > To: ccielab@xxxxxxxxxxxxxx
> > Subject: 3550 mac-address-table - VACL
> >
> >  Group,
> >            I've applied a vlan access-map that essentially denies arp
> requests
> > to any host on vlan 162. The access-map creates the desired effect with
> the
> > exception of the switch. I've rebooted and clear all dynamic entries a
> number
> > of times. Is this normal behavior?
> >
> > The 3550 gets an arp request, adds it to its local mac-addres-table, but
> will
> > not forward if a vlan access-map forbids the action?
> >
> > Topology:
> >
> > R6---SW2----R4
> >
> > VLAN map denies arp on vlan 162, which connects them.  Although the
> devices
> > cannot arp through the 3550, the retains arp entries for both devices. Its
> not
> > a big deal because the vlan access-map is doing its job, it just a little
> > confusing to still see arp entries when you think arp is being denied.
> >
> >
> > SW1#
> > 162    000d.bc24.c80e    DYNAMIC     Po1
> >  162    0050.d15f.7420    DYNAMIC     Po1
> >  162    00e0.1ece.4a68    DYNAMIC     Fa0/24
> >
> > Thanks,
> > Alsontra
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> 
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
> 
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html