Configuring The Log Buffer - Cisco Catalyst 2975 Software Configuration Manual

Chapter 21 Configuring Dynamic ARP Inspection
Beginning in privileged EXEC mode, follow these steps to perform specific checks on incoming ARP
packets. This procedure is optional.
Command
Step 1 configure terminal
Step 2
ip arp inspection validate
{[src-mac] [dst-mac] [ip]}
Step 3 exit
Step 4 show ip arp inspection vlan
vlan-range
Step 5 copy running-config
startup-config
To disable checking, use the no ip arp inspection validate [src-mac] [dst-mac] [ip] global
configuration command. To display statistics for forwarded, dropped, and MAC and IP validation failure
packets, use the show ip arp inspection statistics privileged EXEC command.

Configuring the Log Buffer

When the switch drops a packet, it places an entry in the log buffer and then generates system messages
on a rate-controlled basis. After the message is generated, the switch clears the entry from the log buffer.
Each log entry contains flow information, such as the receiving VLAN, the port number, the source and
destination IP addresses, and the source and destination MAC addresses.
A log-buffer entry can represent more than one packet. For example, if an interface receives many
packets on the same VLAN with the same ARP parameters, the switch combines the packets as one entry
in the log buffer and generates a single system message for the entry.
OL-19720-02
Purpose
Enter global configuration mode.
Perform a specific check on incoming ARP packets. By default, no checks are
performed.
The keywords have these meanings:
• For src-mac, check the source MAC address in the Ethernet header against the
sender MAC address in the ARP body. This check is performed on both ARP
requests and responses. When enabled, packets with different MAC addresses
are classified as invalid and are dropped.
For dst-mac, check the destination MAC address in the Ethernet header against
•
the target MAC address in ARP body. This check is performed for ARP
responses. When enabled, packets with different MAC addresses are classified
as invalid and are dropped.
• For ip, check the ARP body for invalid and unexpected IP addresses. Addresses
include 0.0.0.0, 255.255.255.255, and all IP multicast addresses. Sender IP
addresses are checked in all ARP requests and responses, and target IP addresses
are checked only in ARP responses.
You must specify at least one of the keywords. Each command overrides the
configuration of the previous command; that is, if a command enables src and dst
mac validations, and a second command enables IP validation only, the src and dst
mac validations are disabled as a result of the second command.
Return to privileged EXEC mode.
Verify your settings.
(Optional) Save your entries in the configuration file.
Configuring Dynamic ARP Inspection
Catalyst 2975 Switch Software Configuration Guide
21-13