Cisco Systems 3560 사용자 설명서
22-14
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 22 Configuring Dynamic ARP Inspection
Displaying Dynamic ARP Inspection Information
To return to the default log buffer settings, use the no ip arp inspection log-buffer {entries | logs}
global configuration command. To return to the default VLAN log settings, use the no ip arp inspection
vlan vlan-range logging {acl-match | dhcp-bindings} global configuration command. To clear the log
buffer, use the clear ip arp inspection log privileged EXEC command.
global configuration command. To return to the default VLAN log settings, use the no ip arp inspection
vlan vlan-range logging {acl-match | dhcp-bindings} global configuration command. To clear the log
buffer, use the clear ip arp inspection log privileged EXEC command.
Displaying Dynamic ARP Inspection Information
To display dynamic ARP inspection information, use the privileged EXEC commands described in
To clear or display dynamic ARP inspection statistics, use the privileged EXEC commands in
For the show ip arp inspection statistics command, the switch increments the number of forwarded
packets for each ARP request and response packet on a trusted dynamic ARP inspection port. The switch
increments the number of ACL or DHCP permitted packets for each packet that is denied by source
MAC, destination MAC, or IP validation checks, and the switch increments the appropriate failure
count.
packets for each ARP request and response packet on a trusted dynamic ARP inspection port. The switch
increments the number of ACL or DHCP permitted packets for each packet that is denied by source
MAC, destination MAC, or IP validation checks, and the switch increments the appropriate failure
count.
To clear or display dynamic ARP inspection logging information, use the privileged EXEC commands
in
in
:
Step 5
show ip arp inspection log
Verify your settings.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Table 22-2
Commands for Displaying Dynamic ARP Inspection Information
Command
Description
show arp access-list [acl-name]
Displays detailed information about ARP ACLs.
show ip arp inspection interfaces [interface-id]
Displays the trust state and the rate limit of ARP packets for the specified
interface or all interfaces.
interface or all interfaces.
show ip arp inspection vlan vlan-range
Displays the configuration and the operating state of dynamic ARP
inspection for the specified VLAN. If no VLANs are specified or if a
range is specified, displays information only for VLANs with dynamic
ARP inspection enabled (active).
inspection for the specified VLAN. If no VLANs are specified or if a
range is specified, displays information only for VLANs with dynamic
ARP inspection enabled (active).
Table 22-3
Commands for Clearing or Displaying Dynamic ARP Inspection Statistics
Command
Description
clear ip arp inspection statistics
Clears dynamic ARP inspection statistics.
show ip arp inspection statistics [vlan
vlan-range]
vlan-range]
Displays statistics for forwarded, dropped, MAC validation failure, IP
validation failure, ACL permitted and denied, and DHCP permitted and
denied packets for the specified VLAN. If no VLANs are specified or if
a range is specified, displays information only for VLANs with dynamic
ARP inspection enabled (active).
validation failure, ACL permitted and denied, and DHCP permitted and
denied packets for the specified VLAN. If no VLANs are specified or if
a range is specified, displays information only for VLANs with dynamic
ARP inspection enabled (active).