6 ip arp inspection vlan, 7 ip arp inspection vlan logging – CANOGA PERKINS CanogaOS Command Reference User Manual

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 692 of 855

34.6 ip arp inspection vlan

To enable dynamic ARP inspection (DAI) on a per-VLAN basis, use the ip arp inspection vlan
command in global configuration mode. To disable DAI, use the no form of this command.

Command Syntax

ip arp inspection vlan vlan-range
no ip arp inspection vlan vlan-range

vlan-range

VLAN number or range; valid values are from 1 to 4094.

Default

ARP inspection is disabled on all VLANs.

Command Mode

Global configuration

Usage

You must specify on which VLANs to enable DAI. DAI may not function on the configured VLANs if they
have not been created or if they are private.

Examples

This example shows how to enable DAI on VLAN 1:
Switch# configure terminal
Switch(config)# ip arp inspection vlan 1

Related Commands

arp access-list
show ip arp inspection

34.7 ip arp inspection vlan logging

To control the type of packets that are logged, use the ip arp inspection vlan logging command in
global configuration mode. To disable this logging control, use the no form of this command.

Command Syntax

ip arp inspection vlan vlan-range logging {acl-match {matchlog | none} | dhcp-bindings {permit
| all | none}}
no ip arp inspection vlan vlan-range logging {acl-match | dhcp-bindings}

vlan-range

Number of the VLANs to be mapped to the specified instance. The number is
entered as a single value or a range; valid values are from 1 to 4094.

acl-match

Specifies the logging criteria for packets that are dropped or permitted based