Cisco Catalyst 4500 series Administration Manual page 1369
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 52
Configuring Dynamic ARP Inspection
To configure the log buffer, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# ip arp inspection
{
log-buffer
entries number
number interval seconds
Step 3
Switch(config)# [no] ip arp
inspection vlan vlan-range
{
logging
acl-match
} |
none
dhcp-bindings
}}
permit
Step 4
Switch(config)# exit
OL_28731-01
Purpose
Enters global configuration mode.
Configures the DAI logging buffer.
|
logs
By default, when DAI is enabled, denied or dropped ARP packets are
}
logged. The number of log entries is 32. The number of system messages is
limited to 5 per second. The logging-rate interval is 1 second.
The keywords have these meanings:
•
For entries number, specify the number of entries to be logged in the
buffer. The range is 0 to 1024.
For logs number interval seconds, specify the number of entries to
•
generate system messages in the specified interval.
For logs number, the range is 0 to 1024. A 0 value means that the entry
is placed in the log buffer, but a system message is not generated.
For interval seconds, the range is 0 to 86400 seconds (1 day). A 0 value
means that a system message is immediately generated (and the log
buffer is always empty).
An interval setting of 0 overrides a log setting of 0.
The logs and interval settings interact. If the logs number X is greater than
interval seconds Y, X divided by Y (X/Y) system messages are sent every
second. Otherwise, one system message is sent every Y divided by X (Y/X)
seconds.
Controls the type of packets that are logged per-VLAN. By default, all
denied or all dropped packets are logged. The term logged means the entry
{
|
matchlog
is placed in the log buffer and a system message is generated.
{
|
|
all
none
The keywords have these meanings:
For vlan-range, specify a single VLAN identified by VLAN ID number,
•
a range of VLANs separated by a hyphen, or a series of VLANs
separated by a comma. The range is 1 to 4094.
For acl-match matchlog, log packets based on the ACE logging
•
configuration. If you specify the matchlog keyword in this command
and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by ACEs
with log keyword are logged.
•
For acl-match none, do not log packets that match ACLs.
•
For dhcp-bindings all, log all packets that match DHCP bindings.
For dhcp-bindings none, do not log packets that match DHCP
•
bindings.
•
For dhcp-bindings permit, log DHCP-binding permitted packets.
Returns to privileged EXEC mode.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring Dynamic ARP Inspection
52-15
Advertisement
Chapters
Table of Contents
Troubleshooting
