Creates a rule in an Address Resolution Protocol (ARP) ACL that permits ARP messages from a host specified by both IP and MAC addresses.
No permit rules are defined.
ARP ACL configuration mode
This command is also used to implement ARP Guard. ARP Guard is supported only on devices based on the DNS chipset family. For a list of such devices, see "Supported Hardware".
The no form of the command removes the permit rule from the ACL.
The following example defines a permit ip host rule in an ARP ACL, applies the ACL to a VLAN, and enables DAI on that VLAN.
device# configure terminal device(config)# arp access-list arp_acl_1 device(config-arp-acl)# permit ip host 1.1.1.1 mac host 0020.2222.2222 device(config-arp-acl)# permit ip host 1.1.1.2 mac host 0020.2222.2223 device(config-arp-acl)# exit device(config)# vlan 200 device(config-vlan-200)# ip arp inspection filter arp_acl_1 device(conf-vlan-200)# ip arp inspection
The following example creates a permit ip host rule within the arp access-list command.
device# configure terminal device(config)# arp access-list host2 permit ip host 1.1.1.1 mac host 0000.0011.0022
The following example creates an ARP ACL, creates permit ip host rules within, and applies it to an interface. This is the first stage of ARP Guard implementation.
device# configure terminal device(config)# arp access-list arp_acl_2 device(config-arp-acl)# permit ip host 1.1.1.1 mac host 0020.2222.2222 device(config-arp-acl)# permit ip host 1.1.1.2 mac host 0020.2222.2223 device(config-arp-acl)# exit device(config)# interface ethernet 1/2 device(conf-if-eth-1/2)# switchport device(conf-if-eth-1/2)# ip arp inspection filter arp_acl_2
Note
At this point, ARP Guard is not yet enabled. For more information, see the "ARP Guard" section of the Extreme SLX-OS Layer 3 Routing Configuration Guide.