On 17/10/2013 4:23 p.m., Ding Guigeng wrote:
i read the document. there is one NOTE: # NOTE: Squid can only determine the MAC address for clients that are on the same subnet. If the client is on a different subnet, then Squid cannot find out its MAC address. so the mac address from other vlan,canot be denied by arp control?
Correct. The MAC on the TCP packets delivered to Squid will be the MAC of the router doing packet relay from vlan1 to vlan2. Since it is the machine "directly plugged" into the Squid box and where the packets are going to/from Squid.
Please read up on how MAC addresses and ARP protocol operate: http://en.wikipedia.org/wiki/Address_Resolution_Protocol Amos
