Chapter 38
Configuring Dynamic ARP Inspection
When configuring the DAI log filtering, note the following information:
•
•
•
•
•
•
•
This example shows how to configure the DAI log filtering for VLAN 100 not to log packets that match
ACLs:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection vlan 100 logging acl-match none
Router(config)# do show running-config | include ip arp inspection vlan 100
ip arp inspection vlan 100 logging acl-match none
Displaying DAI Information
To display DAI information, use the privileged EXEC commands described in
Table 38-2 Commands for Displaying DAI Information
Command
show arp access-list [acl_name]
show ip arp inspection interfaces [interface_id] Displays the trust state and the rate limit of ARP
show ip arp inspection vlan vlan_range
OL-4266-08
By default, all denied packets are logged.
For vlan_range, you can specify a single VLAN or a range of VLANs:
To specify a single VLAN, enter a single VLAN number.
–
To specify a range of VLANs, enter a dash-separated pair of VLAN numbers.
–
You can enter a comma-separated list of VLAN numbers and dash-separated pairs of VLAN
–
numbers.
acl-match matchlog—Logs packets based on the DAI ACL configuration. If you specify the
matchlog keyword in this command and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by the ACL are logged.
acl-match none—Does not log packets that match ACLs.
dhcp-bindings all—Logs all packets that match DHCP bindings.
dhcp-bindings none—Does not log packets that match DHCP bindings.
dhcp-bindings permit—Logs DHCP-binding permitted packets.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
End with CNTL/Z.
Description
Displays detailed information about ARP ACLs.
packets for the specified interface or all interfaces.
Displays the configuration and the operating state
of DAI for the specified VLAN. If no VLANs are
specified or if a range is specified, displays
information only for VLANs with DAI enabled
(active).
Configuring DAI
Table
38-2.
38-15