ip arp inspection vlan
To enable Dynamic ARP Inspection (DAI) for a list of VLANs, use the ip arp inspection vlan command.
To disable DAI for a list of VLANs, use the no form of this command.
ip arp inspection vlan vlan-list [logging dhcp-bindings {permit| all| none}]
no ip arp inspection vlan vlan-list [logging dhcp-bindings {permit| all| none}]
Syntax Description
VLANs on which DAI is active. The vlan-list
argument allows you to specify a single VLAN ID,
a range of VLAN IDs, or comma-separated IDs and
ranges (see the “Examples” section). Valid VLAN
IDs are from 1 to 4096.
vlan-list
(Optional) Enables DAI logging for the VLANs
specified.
• ◦ all—Logs all packets that match DHCP
bindings
◦ none—Does not log DHCP bindings
packets (Use this option to disable
logging)
◦ permit—Logs DHCP binding permitted
packets
logging
Enables logging based on DHCP binding matches.dhcp-bindings
Enables logging of packets permitted by a DHCP
binding match.
permit
Enables logging of all packets.all
Disables logging.none
Command Default
None
Command Modes
Global configuration
Command History
ModificationRelease
This command was introduced.4.0(1)
Cisco Nexus 7000 Series Security Command Reference
387
I Commands
ip arp inspection vlan
To Next Page
Loading...
