4 ip arp inspection trust – CANOGA PERKINS 9175 Command Reference User Manual

CanogaOS Command Reference

34-3

Command Syntax

ip arp inspection log-buffer {entries number | logs number interval seconds}

no ip arp inspection log-buffer {entries | logs}

entries number

Number of entries from the logging buffer; the range is from 10 to 1024.

log number

Number of entries to be logged in an interval; the range is from 0 to 1024. A

0 value indicates that entries should not be logged out of this buffer.

interval seconds

Logging rate; the range is from 0 to 86400 (1 day). A 0 value indicates an

immediate log.

Default

When dynamic ARP inspection is enabled, denied, or dropped, the ARP packets are logged.

The number of entries is set to 32.

The number of logging entries is limited to 5 per second.

The interval is set to 1.

Command Mode

Global configuration

Usage

The first dropped packet of a given flow is logged immediately. The subsequent packets for the same

flow are registered but are not logged immediately. Registering these packets is done in a log buffer that

is shared by all the VLANs. Entries from this buffer are logged on a rate-controlled basis.

Examples

This example shows how to configure the logging buffer to hold up to 45 entries:

Switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip arp inspection log-buffer entries 45

Switch(config)# end

Switch# show ip arp inspection log

Total Log Buffer Size : 45

Syslog rate : 5 entries per 1 seconds.

No entries in log buffer.

Switch#

Related Commands

arp access-list

show ip arp inspection

34.4 ip arp inspection trust

To set a per-port configurable trust state that determines the set of interfaces where incoming ARP

packets are inspected, use the ip arp inspection trust command in interface configuration mode. To