46-15
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 46 Configuring Dynamic ARP Inspection Configuring Dynamic ARP Inspection
To configure the log buffer, perform this task:
Command Purpose
Step 1 Switch# configure terminal Enters global configuration mode.
Step 2 Switch(config)# ip arp inspection
log-buffer {entries number | logs
number interval seconds}
Configures the DAI logging buffer.
By default, when DAI is enabled, denied or dropped ARP packets are
logged. The number of log entries is 32. The number of system messages is
limited to 5 per second. The logging-rate interval is 1 second.
The keywords have these meanings:
For entries number, specify the number of entries to be logged in the
buffer. The range is 0 to 1024.
For logs number interval seconds, specify the number of entries to
generate system messages in the specified interval.
For logs number, the range is 0 to 1024. A 0 value means that the entry
is placed in the log buffer, but a system message is not generated.
For interval seconds, the range is 0 to 86400 seconds (1 day). A 0 value
means that a system message is immediately generated (and the log
buffer is always empty).
An interval setting of 0 overrides a log setting of 0.
The logs and interval settings interact. If the logs number X is greater than
interval seconds Y, X divided by Y (X/Y) system messages are sent every
second. Otherwise, one system message is sent every Y divided by X (Y/X)
seconds.
Step 3 Switch(config)# [no] ip arp
inspection vlan vlan-range
logging {acl-match {matchlog |
none} | dhcp-bindings {all | none |
permit}}
Controls the type of packets that are logged per-VLAN. By default, all
denied or all dropped packets are logged. The term logged means the entry
is placed in the log buffer and a system message is generated.
The keywords have these meanings:
For vlan-range, specify a single VLAN identified by VLAN ID number,
a range of VLANs separated by a hyphen, or a series of VLANs
separated by a comma. The range is 1 to 4094.
For acl-match matchlog, log packets based on the ACE logging
configuration. If you specify the matchlog keyword in this command
and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by ACEs
with log keyword are logged.
For acl-match none, do not log packets that match ACLs.
For dhcp-bindings all, log all packets that match DHCP bindings.
For dhcp-bindings none, do not log packets that match DHCP
bindings.
For dhcp-bindings permit, log DHCP-binding permitted packets.
Step 4 Switch(config)# exit Returns to privileged EXEC mode.