22-5
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter22 Configuring Dynamic A RP In spection Configuring Dynamic ARP Inspection

Logging of Dropped Packets

When the switch drops a packet, it places an entry in the log buffer and then generates system messages
on a rate-controlled basis. After the message is generated, the switch clears the entry from the log b uf fer.
Each log entry contains flow information, such as the receiving VLAN, the port num ber, the source and
destination IP addresses, and the source and destination MAC addresses.
You use the ip arp inspection log-buffer global configuration command to configure the number of
entries in the buffer and the number of entries needed in the specified interval to generate system
messages. You specify the type of packets that are logged by using the ip arp inspection vlan logging
global configuration command. For configuration information, see the “Configuri ng the Log Buffer”
section on page 22-13.
Configuring Dynamic ARP Inspection
These sections contain this configuration information:
Default Dynamic ARP Inspection Configuration, page 22-5
Dynamic ARP Inspection Configuration Guidelines, page 22-6
Configuring Dynamic ARP Inspection in DHCP Environments, page 22-7 (required in D HC P
environments)
Configuring ARP ACLs for Non-DHCP Environments, page 22-8 (required in non-DHCP
environments)
Limiting the Rate of Incoming ARP Packets, page 22-11 (optional)
Performing Validation Checks, page 22-12 (optional)
Configuring the Log Buffer, page22-13 (optional)

Default Dynamic ARP Inspection Configuration

Table22-1 shows the default dynamic ARP inspection configuration.
Table22-1 Default Dynamic ARP Inspection Configuration
Feature Default Setting
Dynamic ARP inspection Disabled on all VLANs.
Interface trust state All interfaces are untrusted.
Rate limit of incoming ARP packets The rate is 15 pps on untrusted interfaces, assuming that
the network is a switched network with a host
connecting to as many as 15 new hosts per second.
The rate is unlimited on all trusted interfaces.
The burst interval is 1 second.
ARP ACLs for non-DHCP environments No ARP ACLs are defined.
Validation checks No checks are performed.