I'm putting together a layer 3 ACL to block VRRP traffic.
It's all working correctly but I cannot block gratuitous ARP even though the layer 2 ACL looks fine. See below:
[hpvsr1-acl-mac-FhrpIsolation]display acl mac name FhrpIsolation
MAC ACL named FhrpIsolation, 2 rules,
ACL's step is 5
rule 1 deny type 0806 ffff source-mac 0000-5e00-0100 ffff-ffff-ff00 dest-mac 0000-0000-0000 ffff-ffff-ffff
^^^^ ARP block rule ^^^^^
rule 1 deny source-mac 0000-5e00-0100 ffff-ffff-ff00 (8863 times matched)
^^^^ VMAC block rule ^^^^^^
<hpvsr1>display packet-filter statistics interface GigabitEthernet 2/0 outbound
Interface: GigabitEthernet2/0
Outbound policy:
IPv4 ACL FhrpIsolation
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
rule 0 deny 112 destination 224.0.0.18 0
rule 5 permit ip
Totally 0 packets permitted, 0 packets denied
Totally 0% permitted, 0% denied
MAC ACL FhrpIsolation
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
rule 0 deny type 0806 ffff source-mac 0000-5e00-0100 ffff-ffff-ff00 dest-mac 0000-5e00-0100 ffff-ffff-ff00
rule 1 deny source-mac 0000-5e00-0100 ffff-ffff-ff00
Totally 0 packets permitted, 0 packets denied
Totally 0% permitted, 0% denied
IPv4 default action: Permit
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
Totally 0 packets
MAC default action: Permit
From 2023-03-04 10:37:59 to 2023-03-04 12:53:19
Totally 0 packets
Has anyone successfully been able to block ARP Packets with a MAC ACL?
There doesn't appear to be away to filter this like you would on Cisco.
Cheers