HPE Community
Other HPE Product Questions
1854822 Members
7750 Online
104103 Solutions
New Discussion

Re: FHRP isolaton on H3C

 
kev2k83
Occasional Visitor

‎03-04-2023 04:55 AM

‎03-04-2023 04:55 AM

FHRP isolaton on H3C

Hi,

I'm putting together a layer 3 ACL to block VRRP traffic.

It's all working correctly but I cannot block gratuitous ARP even though the layer 2 ACL looks fine. See below:

[hpvsr1-acl-mac-FhrpIsolation]display acl mac name FhrpIsolation
MAC ACL named FhrpIsolation, 2 rules,
ACL's step is 5
rule 1 deny type 0806 ffff source-mac 0000-5e00-0100 ffff-ffff-ff00 dest-mac 0000-0000-0000 ffff-ffff-ffff
^^^^ ARP block rule ^^^^^
rule 1 deny source-mac 0000-5e00-0100 ffff-ffff-ff00 (8863 times matched)
^^^^ VMAC block rule ^^^^^^

<hpvsr1>display packet-filter statistics interface GigabitEthernet 2/0 outbound
Interface: GigabitEthernet2/0
Outbound policy:
IPv4 ACL FhrpIsolation
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
rule 0 deny 112 destination 224.0.0.18 0
rule 5 permit ip
Totally 0 packets permitted, 0 packets denied
Totally 0% permitted, 0% denied

MAC ACL FhrpIsolation
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
rule 0 deny type 0806 ffff source-mac 0000-5e00-0100 ffff-ffff-ff00 dest-mac 0000-5e00-0100 ffff-ffff-ff00
rule 1 deny source-mac 0000-5e00-0100 ffff-ffff-ff00
Totally 0 packets permitted, 0 packets denied
Totally 0% permitted, 0% denied

IPv4 default action: Permit
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
Totally 0 packets

MAC default action: Permit
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
Totally 0 packets

Has anyone successfully been able to block ARP Packets with a MAC ACL?

There doesn't appear to be away to filter this like you would on Cisco.

Cheers

0 Kudos
Reply
1 REPLY 1
Sunitha_Mod
Honored Contributor

‎03-05-2023 08:06 PM

‎03-05-2023 08:06 PM

Re: FHRP isolaton on H3C

Hello @kev2k83,

Thank you for writing to us! HPE Networking forum has moved to Aruba Airheads Community and for HPE networking and Aruba product queries, request you to visit and post your query here: Aruba Airheads Community 

You can refer to the below link as well for more details:

HPE Networking forum migration to Aruba Airheads c... - Hewlett Packard Enterprise Community

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.