121
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter I Commands
ip arp inspection vlan
ip arp inspection vlan
To enable Dynamic ARP Inspection (DAI) for a list of VLANs, use the ip arp inspection vlan
command. To disable DAI for a list of VLANs, use the no form of this command.
ip arp inspection vlan vlan-list [logging dhcp-bindings {permit | all | none}]
no ip arp inspection vlan vlan-list [logging dhcp-bindings {permit | all | none}]
Syntax Description
Command Default Logging of dropped packets
Command Modes Global configuration
Command History
Usage Guidelines By default, the device logs dropped packets inspected by DAI.
This command does not require a license.
Examples This example shows how to enable DAI on VLANs 13, 15, and 17 through 23:
switch# configure terminal
switch(config)# ip arp inspection vlan 13,15,17-23
switch(config)#
vlan-list VLANs on which DAI is active. The vlan-list argument allows you to
specify a single VLAN ID, a range of VLAN IDs, or comma-separated IDs
and ranges (see the "Examples" section). Valid VLAN IDs are from 1 to
4096.
logging (Optional) Enables DAI logging for the VLANs specified.
• all—Logs all packets that match Dynamic Host Configuration Protocol
(DHCP) bindings
• none—Does not log DHCP bindings packets (use this option to disable
logging)
• permit—Logs DHCP binding permitted packets
dhcp-bindings Enables logging based on DHCP binding matches.
permit Enables logging of packets permitted by a DHCP binding match.
all Enables logging of all packets.
none Disables logging.
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
