Displaying Dynamic Arp Inspection Information - Cisco IE-3000-8TC Software Configuration Manual

Displaying Dynamic ARP Inspection Information

Command
Step 3
ip arp inspection vlan vlan-range
logging {acl-match {matchlog |
none} | dhcp-bindings {all | none |
permit}}
Step 4
exit
Step 5 show ip arp inspection log
Step 6 copy running-config startup-config
To return to the default log buffer settings, use the no ip arp inspection log-buffer {entries | logs}
global configuration command. To return to the default VLAN log settings, use the no ip arp inspection
vlan vlan-range logging {acl-match | dhcp-bindings} global configuration command. To clear the log
buffer, use the clear ip arp inspection log privileged EXEC command.
Displaying Dynamic ARP Inspection Information
To display dynamic ARP inspection information, use the privileged EXEC commands described in
Table
Table 24-2 Commands for Displaying Dynamic ARP Inspection Information
Command
show arp access-list [acl-name]
show ip arp inspection interfaces [interface-id] Displays the trust state and the rate limit of ARP packets for the specified
show ip arp inspection vlan vlan-range
To clear or display dynamic ARP inspection statistics, use the privileged EXEC commands in
Table
Cisco IE 3000 Switch Software Configuration Guide
24-14
Purpose
Control the type of packets that are logged per VLAN. By default, all denied
or all dropped packets are logged. The term logged means the entry is placed
in the log buffer and a system message is generated.
The keywords have these meanings:
For vlan-range, specify a single VLAN identified by VLAN ID number,
•
a range of VLANs separated by a hyphen, or a series of VLANs
separated by a comma. The range is 1 to 4094.
For acl-match matchlog, log packets based on the ACE logging
•
configuration. If you specify the matchlog keyword in this command
and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by the ACL
are logged.
For acl-match none, do not log packets that match ACLs.
•
For dhcp-bindings all, log all packets that match DHCP bindings.
•
• For dhcp-bindings none, do not log packets that match DHCP
bindings.
For dhcp-bindings permit, log DHCP-binding permitted packets.
•
Return to privileged EXEC mode.
Verify your settings.
(Optional) Save your entries in the configuration file.
24-2:
Description
Displays detailed information about ARP ACLs.
interface or all interfaces.
Displays the configuration and the operating state of dynamic ARP
inspection for the specified VLAN. If no VLANs are specified or if a
range is specified, displays information only for VLANs with dynamic
ARP inspection enabled (active).
24-3:
Chapter 24 Configuring Dynamic ARP Inspection
OL-13018-03