Cisco Systems 3560 사용자 설명서
22-5
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 22 Configuring Dynamic ARP Inspection
Configuring Dynamic ARP Inspection
You use the ip arp inspection log-buffer global configuration command to configure the number of
entries in the buffer and the number of entries needed in the specified interval to generate system
messages. You specify the type of packets that are logged by using the ip arp inspection vlan logging
global configuration command. For configuration information, see the
entries in the buffer and the number of entries needed in the specified interval to generate system
messages. You specify the type of packets that are logged by using the ip arp inspection vlan logging
global configuration command. For configuration information, see the
.
Configuring Dynamic ARP Inspection
These sections contain this configuration information:
•
•
•
(required in DHCP
environments)
•
(required in non-DHCP
environments)
•
(optional)
•
(optional)
•
(optional)
Default Dynamic ARP Inspection Configuration
shows the default dynamic ARP inspection configuration.
Table 22-1
Default Dynamic ARP Inspection Configuration
Feature
Default Setting
Dynamic ARP inspection
Disabled on all VLANs.
Interface trust state
All interfaces are untrusted.
Rate limit of incoming ARP packets
The rate is 15 pps on untrusted interfaces, assuming that
the network is a switched network with a host
connecting to as many as 15 new hosts per second.
the network is a switched network with a host
connecting to as many as 15 new hosts per second.
The rate is unlimited on all trusted interfaces.
The burst interval is 1 second.
ARP ACLs for non-DHCP environments
No ARP ACLs are defined.
Validation checks
No checks are performed.
Log buffer
When dynamic ARP inspection is enabled, all denied or
dropped ARP packets are logged.
dropped ARP packets are logged.
The number of entries in the log is 32.
The number of system messages is limited to 5 per
second.
second.
The logging-rate interval is 1 second.
Per-VLAN logging
All denied or dropped ARP packets are logged.