hit counter script

Cisco ME 3400 Command Reference Manual page 178

Ethernet access switch
Table of Contents

Advertisement

ip arp inspection vlan logging
Usage Guidelines
The term logged means that the entry is placed into the log buffer and that a system message is generated.
The acl-match and dhcp-bindings keywords merge with each other; that is, when you configure an ACL
match, the DHCP bindings configuration is not disabled. Use the no form of the command to reset the
logging criteria to their defaults. If neither option is specified, all types of logging are reset to log when
ARP packets are denied. These are the options:
If neither the acl-match or the dhcp-bindings keywords are specified, all denied packets are logged.
The implicit deny at the end of an ACL does not include the log keyword. This means that when you use
the static keyword in the ip arp inspection filter vlan global configuration command, the ACL
overrides the DHCP bindings. Some denied packets might not be logged unless you explicitly specify
the deny ip any mac any log ACE at the end of the ARP ACL.
Examples
This example shows how to configure ARP inspection on VLAN 1 to log packets that match the permit
commands in the ACL:
Switch(config)# arp access-list test1
Switch(config-arp-nacl)# permit request ip any mac any log
Switch(config-arp-nacl)# permit response ip any any mac any any log
Switch(config-arp-nacl)# exit
Switch(config)# ip arp inspection vlan 1 logging acl-match matchlog
You can verify your settings by entering the show ip arp inspection vlan vlan-range privileged EXEC
command.
Related Commands
Command
arp access-list
clear ip arp inspection log
ip arp inspection log-buffer
show ip arp inspection
show ip arp inspection
vlan-range
Cisco ME 3400 Ethernet Access Switch Command Reference
2-150
acl-match—Logging on ACL matches is reset to log on deny.
dhcp-bindings—Logging on DHCP binding matches is reset to log on deny.
log
vlan
Chapter 2
Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands
Description
Defines an ARP ACL.
Clears the dynamic ARP inspection log buffer.
Configures the dynamic ARP inspection logging buffer.
Displays the configuration and contents of the dynamic ARP
inspection log buffer.
Displays the configuration and the operating state of dynamic ARP
inspection for the specified VLAN.
OL-9640-10

Advertisement

Table of Contents
loading

Table of Contents

Save PDF