Dell POWEREDGE M1000E User Manual

Page 233

2-203

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Command Reference

OL-13271-03

Chapter 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Cisco IOS Commands

ip arp inspection vlan logging

Usage Guidelines

The term logged means that the entry is placed into the log buffer and that a system message is generated.

The acl-match and dhcp-bindings keywords merge with each other; that is, when you configure an ACL
match, the DHCP bindings configuration is not disabled. Use the no form of the command to reset the
logging criteria to their defaults. If neither option is specified, all types of logging are reset to log when
ARP packets are denied. These are the options:

•

acl-match—Logging on ACL matches is reset to log on deny.

•

dhcp-bindings—Logging on DHCP binding matches is reset to log on deny.

If neither the acl-match or the dhcp-bindings keywords are specified, all denied packets are logged.

The implicit deny at the end of an ACL does not include the log keyword. This means that when you use
the static keyword in the ip arp inspection filter vlan global configuration command, the ACL
overrides the DHCP bindings. Some denied packets might not be logged unless you explicitly specify
the deny ip any mac any log ACE at the end of the ARP ACL.

Examples

This example shows how to configure ARP inspection on VLAN 1 to log packets that match the permit
commands in the ACL:

Switch(config)# arp access-list test1

Switch(config-arp-nacl)# permit request ip any mac any log

Switch(config-arp-nacl)# permit response ip any any mac any any log

Switch(config-arp-nacl)# exit

Switch(config)# ip arp inspection vlan 1 logging acl-match matchlog

You can verify your settings by entering the show ip arp inspection vlan vlan-range privileged EXEC
command.

Related Commands

Command

Description

arp access-list