Table of Contents
Advertisement
Configuring DAI
This example shows how to configure DAI logging to send 12 messages every 2 seconds:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection log-buffer logs 12 interval 2
Router(config)# do show ip arp inspection log | include Syslog
Syslog rate : 12 entries per 2 seconds.
This example shows how to configure DAI logging to send 20 messages every 60 seconds.
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# ip arp inspection log-buffer logs 20 interval 60
Router(config)# do show ip arp inspection log | include Syslog
Syslog rate : 20 entries per 60 seconds.
Configuring DAI Log Filtering
To configure DAI log filtering, perform this task:
Command
Step 1
Router# configure terminal
Step 2
Router(config)# ip arp inspection vlan vlan_range
logging {acl-match {matchlog | none} |
dhcp-bindings {all | none | permit}}
Step 3
Router(config)# do show running-config | include
ip arp inspection vlan vlan_range
When configuring the DAI log filtering, note the following information:
•
•
•
•
•
•
•
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
35-14
By default, all denied packets are logged.
For vlan_range, you can specify a single VLAN or a range of VLANs:
To specify a single VLAN, enter a single VLAN number.
–
To specify a range of VLANs, enter a dash-separated pair of VLAN numbers.
–
You can enter a comma-separated list of VLAN numbers and dash-separated pairs of VLAN
–
numbers.
acl-match matchlog—Logs packets based on the DAI ACL configuration. If you specify the
matchlog keyword in this command and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by the ACL are logged.
acl-match none—Does not log packets that match ACLs.
dhcp-bindings all—Logs all packets that match DHCP bindings.
dhcp-bindings none—Does not log packets that match DHCP bindings.
dhcp-bindings permit—Logs DHCP-binding permitted packets.
Chapter 35
End with CNTL/Z.
End with CNTL/Z.
Purpose
Enters global configuration mode.
Configures log filtering for each VLAN.
Verifies the configuration.
Configuring Dynamic ARP Inspection
OL-11439-03
- Quick Links:
- Product Overview
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Cisco WS-SUP32-GE-3B - Supervisor Engine 32
Related Products for Cisco WS-SUP32-GE-3B - Supervisor Engine 32
- Cisco WAN Modeling Tools
- Cisco WS-SUP720-3B - Supervisor Engine 720
- Cisco WS-SVC-AGM-1-K9= - Anomaly Guard Module
- Cisco WS-SVC-CMM-ACT-RF - Conferencing And Transcoding Port Adapter Voice DSP Module
- Cisco WS-SVC-ADM-1-K9= - Traffic Anomaly Detector Module
- Cisco WS-SVC-FWM-1-K9= - Firewall Service Module
- Cisco WS-SVC-IDS2-BUN-K9 - Intrusion Detection Sys Module 2
- Cisco WS-SVC-IPSEC-1= - IPSec VPN Services Module