user manual

ManualsBrandsCisco Systems ManualsSwitchSwitch 3750-X

661

662

663

664

665

666

667

668

669

670

25-14

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 25 Configuring Dynamic ARP Inspection

Displaying Dynamic ARP Inspection Information

To return to the default log buffer settings, use the no ip arp inspection log-buffer {entries | logs}

global configuration command. To return to the default VLAN log settings, use the no ip arp inspection

vlan vlan-range logging {acl-match | dhcp-bindings} global configuration command. To clear the log

buffer, use the clear ip arp inspection log privileged EXEC command.

Displaying Dynamic ARP Inspection Information

Step 3

ip arp inspection vlan vlan-range

logging {acl-match {matchlog |

none} | dhcp-bindings {all | none |

permit}}

Control the type of packets that are logged per VLAN. By default, all denied

r all dropped packets are logged. The term logged means the entry is placed

in the log buffer and a system message is generated.

The keywords have these meanings:

• For vlan-range, specify a single VLAN identified by VLAN ID number,

a range of VLANs separated by a hyphen, or a series of VLANs

separated by a comma. The range is 1 to 4094.

• For acl-match matchlog, log packets based on the ACE logging

configuration. If you specify the matchlog keyword in this command

and the log keyword in the permit or deny ARP access-list

configuration command, ARP packets permitted or denied by the ACL

are logged.

• For acl-match none, do not log packets that match ACLs.

• For dhcp-bindings all, log all packets that match DHCP bindings.

• For dhcp-bindings none, do not log packets that match DHCP

bindings.

• For dhcp-bindings permit, log DHCP-binding permitted packets.

Step 4

exit Return to privileged EXEC mode.

Step 5

show ip arp inspection log Verify your settings.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Ta ble 25-2 Commands for Displaying Dynamic ARP Inspection Information

Command Description

show arp access-list [acl

-name] Displays detailed information about ARP ACLs.

show ip arp inspection interfaces [in

terface-id] Displays the trust state and the rate limit of ARP

packets for the specified interface or all interfaces.

show ip arp inspection vlan vlan-r

ange Displays the configuration and the operating state

of dynamic ARP inspection for the specified

VLAN. If no VLANs are specified or if a range is

specified, displays information only for VLANs

with dynamic ARP inspection enabled (active).