beautypg.com

Ip arp inspection log-buffer logs – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual

Page 283

background image

Brocade 6910 Ethernet Access Switch Configuration Guide

227

53-1002651-02

10

ARP Inspection

If static mode is enabled, the switch compares ARP packets to the specified ARP ACLs. Packets
matching an IP-to-MAC address binding in a permit or deny rule are processed accordingly.
Packets not matching any of the ACL rules are dropped. Address bindings in the DHCP
snooping database are not checked.

If static mode is not enabled, packets are first validated against the specified ARP ACL.
Packets matching a deny rule are dropped. All remaining packets are validated against the
address bindings in the DHCP snooping database.

Example

Console(config)#ip arp inspection filter sales vlan 1

Console(config)#

ip arp inspection log-buffer logs

This command sets the maximum number of entries saved in a log message, and the rate at which
these messages are sent. Use the no form to restore the default settings.

Syntax

ip arp inspection log-buffer logs message-number interval seconds

no ip arp inspection log-buffer logs

message-number - The maximum number of entries saved in a log message.
(Range: 0-256, where 0 means no events are saved)

seconds - The interval at which log messages are sent. (Range: 0-86400)

Default Setting
Message Number: 5
Interval: 1 second

Command Mode
Global Configuration

Command Usage

ARP Inspection must be enabled with the

ip arp inspection

command before this command will

be accepted by the switch.

By default, logging is active for ARP Inspection, and cannot be disabled.

When the switch drops a packet, it places an entry in the log buffer. Each entry contains flow
information, such as the receiving VLAN, the port number, the source and destination IP
addresses, and the source and destination MAC addresses.

If multiple, identical invalid ARP packets are received consecutively on the same VLAN, then
the logging facility will only generate one entry in the log buffer and one corresponding system
message.

The maximum number of entries that can be stored in the log buffer is determined by the
message-number parameter. If the log buffer fills up before a message is sent, the oldest entry
will be replaced with the newest one.

The switch generates a system message on a rate-controlled basis determined by the seconds
values. After the system message is generated, all entries are cleared from the log buffer.

See also other documents in the category Brocade Computer Accessories: