CANOGA PERKINS CanogaOS Command Reference User Manual

CanogaOS Command Line Reference

Revision 1.02

Proprietary & Confidential Canoga Pertkins Metro Ethernet Switches

Page 693 of 855

on ACL matches.

matchlog

Specifies that logging of packets matched against ACLs is controlled by the
matchlog keyword in the permit and deny access control entries of the ACL.
Note By

default,

the

matchlog keyword is not available on the ACEs.

When the keyword is used, denied packets are not logged. Packets
are logged only when they match against an ACE that has the
matchlog keyword.

none

Specifies that ACL-matched packets are not logged.

dhcp-bindings

Specifies the logging criteria for packets dropped or permitted based on
matches against the DHCP bindings.

permit

Specifies logging when permitted by DHCP bindings.

all

Specifies logging when permitted or denied by DHCP bindings.

none

Prevents all logging of packets permitted or denied by DHCP bindings.

Default

All denied or dropped packets are logged.

Command Mode

Global configuration

Usage

The acl-match and dhcp-bindings keywords merge with each other. When you set an ACL match
configuration, the DHCP bindings configuration is not disabled. You can use the no form of this
command to reset some of the logging criteria to their defaults. If you do not specify either option, all
the logging types are reset to log on when the ARP packets are denied. The two options that are
available to you are as follows:
„

acl-match—Logging on ACL matches is reset to log on deny

„

dhcp-bindings—Logging on DHCP binding compared is reset to log on deny

Examples

This example shows how to configure an ARP inspection on VLAN 1 to add packets to a log on
matching against the ACLs with the logging keyword:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip arp inspection vlan 1 logging acl-match matchlog

Related Commands

arp access-list
show ip arp inspection