3 ip arp inspection log-buffer – CANOGA PERKINS 9175 Command Reference User Manual

CanogaOS Command Reference

34-2

Default

No defined ARP ACLs are applied to any VLAN.

Command Mode

Global configuration

Usage

When an ARP access control list is applied to a VLAN for dynamic ARP inspection, the ARP packets

containing only the IP-to-Ethernet MAC bindings are compared against the ACLs. All other packet types

are bridged in the incoming VLAN without validation.

This command specifies that the incoming ARP packets are compared against the ARP access control

list, and the packets are permitted only if the access control list permits them.

If the access control lists deny the packets because of explicit denies, the packets are dropped. If the

packets are denied because of an implicit deny, they are then matched against the list of DHCP bindings

if the ACL is not applied statically.

Examples

This example shows how to apply the ARP ACL “static-hosts” to VLAN 1 for DAI:

Switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# ip arp inspection filter static-hosts vlan 1

Switch(config)# end

Switch#

Switch# show ip arp inspection vlan 1

Source Mac Validation : Enabled

Destination Mac Validation : Disabled

IP Address Validation : Disabled

Vlan Configuration ACL Match Static ACL

=================================================================

1 enabled b

Vlan ACL Logging DHCP Logging

=================================================================

1 deny deny

Related Commands

arp access-list

show ip arp inspection

34.3 ip arp inspection log-buffer

To configure the parameters that are associated with the logging buffer, use the ip arp inspection

log-buffer command in global configuration mode. To disable the parameters, use the no form of this

command.