Ip Arp Inspection Vlan - Cisco Nexus 5500 Series Command Reference Manual
Nx-os security command reference
Hide thumbs
Also See for Nexus 5500 Series:
- Hardware installation manual (142 pages) ,
- Command reference manual (460 pages) ,
- Configuration manual (160 pages)
Table of Contents
Advertisement
Chapter
I Commands
ip arp inspection vlan
To enable Dynamic ARP Inspection (DAI) for a list of VLANs, use the ip arp inspection vlan
command. To disable DAI for a list of VLANs, use the no form of this command.
Syntax Description
vlan-list
logging
dhcp-bindings
permit
all
none
Command Default
Logging of dropped packets
Command Modes
Global configuration
Command History
Release
5.2(1)N1(1)
Usage Guidelines
By default, the device logs dropped packets inspected by DAI.
This command does not require a license.
Examples
This example shows how to enable DAI on VLANs 13, 15, and 17 through 23:
switch# configure terminal
switch(config)# ip arp inspection vlan 13,15,17-23
switch(config)#
OL-27883-02
ip arp inspection vlan vlan-list [logging dhcp-bindings {permit | all | none}]
no ip arp inspection vlan vlan-list [logging dhcp-bindings {permit | all | none}]
VLANs on which DAI is active. The vlan-list argument allows you to
specify a single VLAN ID, a range of VLAN IDs, or comma-separated IDs
and ranges (see the "Examples" section). Valid VLAN IDs are from 1 to
4096.
(Optional) Enables DAI logging for the VLANs specified.
•
•
•
Enables logging based on DHCP binding matches.
Enables logging of packets permitted by a DHCP binding match.
Enables logging of all packets.
Disables logging.
Modification
This command was introduced.
all—Logs all packets that match Dynamic Host Configuration Protocol
(DHCP) bindings
none—Does not log DHCP bindings packets (use this option to disable
logging)
permit—Logs DHCP binding permitted packets
Cisco Nexus 5500 Series NX-OS Security Command Reference
ip arp inspection vlan
121
- Quick Links:
- Show Ip Arp
Hide quick links:
Advertisement
Table of Contents
