6 ip arp inspection vlan, 7 ip arp inspection vlan logging – CANOGA PERKINS CanogaOS Command Reference User Manual
Page 692
CanogaOS Command Line Reference
Revision 1.02
Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches
Page 692 of 855
34.6 ip arp inspection vlan
To enable dynamic ARP inspection (DAI) on a per-VLAN basis, use the ip arp inspection vlan
command in global configuration mode. To disable DAI, use the no form of this command.
Command Syntax
ip arp inspection vlan vlan-range
no ip arp inspection vlan vlan-range
vlan-range
VLAN number or range; valid values are from 1 to 4094.
Default
ARP inspection is disabled on all VLANs.
Command Mode
Global configuration
Usage
You must specify on which VLANs to enable DAI. DAI may not function on the configured VLANs if they
have not been created or if they are private.
Examples
This example shows how to enable DAI on VLAN 1:
Switch# configure terminal
Switch(config)# ip arp inspection vlan 1
Related Commands
arp access-list
show ip arp inspection
34.7 ip arp inspection vlan logging
To control the type of packets that are logged, use the ip arp inspection vlan logging command in
global configuration mode. To disable this logging control, use the no form of this command.
Command Syntax
ip arp inspection vlan vlan-range logging {acl-match {matchlog | none} | dhcp-bindings {permit
| all | none}}
no ip arp inspection vlan vlan-range logging {acl-match | dhcp-bindings}
vlan-range
Number of the VLANs to be mapped to the specified instance. The number is
entered as a single value or a range; valid values are from 1 to 4094.
acl-match
Specifies the logging criteria for packets that are dropped or permitted based