Cisco Systems 3130 User Manual
22-15
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 22 Configuring Dynamic ARP Inspection
Displaying Dynamic ARP Inspection Information
To return to the default log buffer settings, use the no ip arp inspection log-buffer {entries | logs}
global configuration command. To return to the default VLAN log settings, use the no ip arp inspection
vlan vlan-range logging {acl-match | dhcp-bindings} global configuration command. To clear the log
buffer, use the clear ip arp inspection log privileged EXEC command.
global configuration command. To return to the default VLAN log settings, use the no ip arp inspection
vlan vlan-range logging {acl-match | dhcp-bindings} global configuration command. To clear the log
buffer, use the clear ip arp inspection log privileged EXEC command.
Displaying Dynamic ARP Inspection Information
To display dynamic ARP inspection information, use the privileged EXEC commands described in
Step 3
ip arp inspection vlan vlan-range
logging {acl-match {matchlog |
none} | dhcp-bindings {all | none |
permit}}
logging {acl-match {matchlog |
none} | dhcp-bindings {all | none |
permit}}
Control the type of packets that are logged per VLAN. By default, all denied
or all dropped packets are logged. The term logged means the entry is placed
in the log buffer and a system message is generated.
or all dropped packets are logged. The term logged means the entry is placed
in the log buffer and a system message is generated.
The keywords have these meanings:
•
For vlan-range, specify a single VLAN identified by VLAN ID number,
a range of VLANs separated by a hyphen, or a series of VLANs
separated by a comma. The range is 1 to 4094.
a range of VLANs separated by a hyphen, or a series of VLANs
separated by a comma. The range is 1 to 4094.
•
For acl-match matchlog, log packets based on the ACE logging
configuration. If you specify the matchlog keyword in this command
and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by the ACL
are logged.
configuration. If you specify the matchlog keyword in this command
and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by the ACL
are logged.
•
For acl-match none, do not log packets that match ACLs.
•
For dhcp-bindings all, log all packets that match DHCP bindings.
•
For dhcp-bindings none, do not log packets that match DHCP
bindings.
bindings.
•
For dhcp-bindings permit, log DHCP-binding permitted packets.
Step 4
exit
Return to privileged EXEC mode.
Step 5
show ip arp inspection log
Verify your settings.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Table 22-2
Commands for Displaying Dynamic ARP Inspection Information
Command
Description
show arp access-list [acl-name]
Displays detailed information about ARP ACLs.
show ip arp inspection interfaces [interface-id]
Displays the trust state and the rate limit of ARP
packets for the specified interface or all interfaces.
packets for the specified interface or all interfaces.
show ip arp inspection vlan vlan-range
Displays the configuration and the operating state
of dynamic ARP inspection for the specified
VLAN. If no VLANs are specified or if a range is
specified, displays information only for VLANs
with dynamic ARP inspection enabled (active).
of dynamic ARP inspection for the specified
VLAN. If no VLANs are specified or if a range is
specified, displays information only for VLANs
with dynamic ARP inspection enabled (active).