EasyManua.ls Logo

Cisco 7604

Cisco 7604
1011 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
38-15
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 38 Configuring Dynamic ARP Inspection
Configuring DAI
When configuring the DAI log filtering, note the following information:
By default, all denied packets are logged.
For vlan_range, you can specify a single VLAN or a range of VLANs:
To specify a single VLAN, enter a single VLAN number.
To specify a range of VLANs, enter a dash-separated pair of VLAN numbers.
You can enter a comma-separated list of VLAN numbers and dash-separated pairs of VLAN
numbers.
acl-match matchlog—Logs packets based on the DAI ACL configuration. If you specify the
matchlog keyword in this command and the log keyword in the permit or deny ARP access-list
configuration command, ARP packets permitted or denied by the ACL are logged.
acl-match none—Does not log packets that match ACLs.
dhcp-bindings all—Logs all packets that match DHCP bindings.
dhcp-bindings none—Does not log packets that match DHCP bindings.
dhcp-bindings permit—Logs DHCP-binding permitted packets.
This example shows how to configure the DAI log filtering for VLAN 100 not to log packets that match
ACLs:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip arp inspection vlan 100 logging acl-match none
Router(config)# do show running-config | include ip arp inspection vlan 100
ip arp inspection vlan 100 logging acl-match none
Displaying DAI Information
To display DAI information, use the privileged EXEC commands described in Table 38-2.
Table 38-2 Commands for Displaying DAI Information
Command Description
show arp access-list [acl_name] Displays detailed information about ARP ACLs.
show ip arp inspection interfaces [interface_id] Displays the trust state and the rate limit of ARP
packets for the specified interface or all interfaces.
show ip arp inspection vlan vlan_range Displays the configuration and the operating state
of DAI for the specified VLAN. If no VLANs are
specified or if a range is specified, displays
information only for VLANs with DAI enabled
(active).

Table of Contents

Related product manuals