Product and Software: This article applies to all Aruba controllers and ArubaOS 3.0 and later.
Beginning with ArubaOS 3.x code, we keep track of all untrusted conversations, including non-IP, so that the per-role Layer 2/MAC ACLs do not have to be inspected per frame.
For example as the following session shows, the entries with protocol "0806" are ARP request/response from those untrusted MAC addresses.
#show datapath session table
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----
12.84.160.68 22.5.150.208 17 1346 1345 0 0 0 1 tunnel 622 1 FYC 80.17.238.82 12.84.219.23 17 22857 23770 0 0 0 1 2/0 1 FYC 21.169.90.65 12.84.160.233 17 26517 17881 0 0 0 1 2/0 1 FYC
00:1B:63:CB:E0:32 86dd 0 0 0 0 tunnel 910 3 F
00:1E:C2:AB:34:74 0806 0 0 0 0 tunnel 1050 2 F
00:1E:52:74:F0:65 86dd 0 0 0 0 tunnel 499 0 F
00:1F:3A:1B:4A:9B 0806 0 0 0 1 tunnel 718 1 F