7 ip arp inspection vlan logging – CANOGA PERKINS 9175 Command Reference User Manual

CanogaOS Command Reference

34-6

Command Mode

Global configuration

Usage

You must specify on which VLANs to enable DAI. DAI may not function on the configured VLANs if they

have not been created or if they are private.

Examples

This example shows how to enable DAI on VLAN 1:

Switch# configure terminal

Switch(config)# ip arp inspection vlan 1

Related Commands

arp access-list

show ip arp inspection

34.7 ip arp inspection vlan logging

To control the type of packets that are logged, use the ip arp inspection vlan logging command in

global configuration mode. To disable this logging control, use the no form of this command.

Command Syntax

ip arp inspection vlan vlan-range logging {acl-match {matchlog | none} | dhcp-bindings {permit |

all | none}}

no ip arp inspection vlan vlan-range logging {acl-match | dhcp-bindings}

vlan-range

Number of the VLANs to be mapped to the specified instance. The number is

entered as a single value or a range; valid values are from 1 to 4094.

acl-match

Specifies the logging criteria for packets that are dropped or permitted based on

ACL matches.

matchlog

Specifies that logging of packets matched against ACLs is controlled by the

matchlog keyword in the permit and deny access control entries of the ACL.

Note

By default, the matchlog keyword is not available on the ACEs. When

the keyword is used, denied packets are not logged. Packets are

logged only when they match against an ACE that has the matchlog

keyword.

none

Specifies that ACL-matched packets are not logged.

dhcp-bindings

Specifies the logging criteria for packets dropped or permitted based on matches

against the DHCP bindings.

permit

Specifies logging when permitted by DHCP bindings.

all

Specifies logging when permitted or denied by DHCP bindings.

none

Prevents all logging of packets permitted or denied by DHCP bindings.

Default