beautypg.com

Ip arp inspection log-buffer logs, Ip arp inspection log-buffer, Logs – LevelOne GTL-2691 User Manual

Page 963

background image

C

HAPTER

29

| General Security Measures

ARP Inspection

– 963 –

E

XAMPLE

Console(config)#ip arp inspection filter sales vlan 1

Console(config)#

ip arp inspection

log-buffer logs

This command sets the maximum number of entries saved in a log

message, and the rate at which these messages are sent. Use the no form

to restore the default settings.

S

YNTAX

ip arp inspection log-buffer logs message-number interval seconds
no ip arp inspection log-buffer logs

message-number - The maximum number of entries saved in a log

message. (Range: 0-256, where 0 means no events are saved)
seconds - The interval at which log messages are sent.

(Range: 0-86400)

D

EFAULT

S

ETTING

Message Number: 5

Interval: 1 second

C

OMMAND

M

ODE

Global Configuration

C

OMMAND

U

SAGE

ARP Inspection must be enabled with the

ip arp inspection

command

before this command will be accepted by the switch.

By default, logging is active for ARP Inspection, and cannot be disabled.

When the switch drops a packet, it places an entry in the log buffer.

Each entry contains flow information, such as the receiving VLAN, the

port number, the source and destination IP addresses, and the source

and destination MAC addresses.

If multiple, identical invalid ARP packets are received consecutively on

the same VLAN, then the logging facility will only generate one entry in

the log buffer and one corresponding system message.

The maximum number of entries that can be stored in the log buffer is

determined by the message-number parameter. If the log buffer fills up

before a message is sent, the oldest entry will be replaced with the

newest one.

The switch generates a system message on a rate-controlled basis

determined by the seconds values. After the system message is

generated, all entries are cleared from the log buffer.