Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5

291

292

293

294

295

296

297

298

299

300

2-237

Catalyst 4500 Se ries S wit ch C is co IO S C om mand R efer ence —Re lease I OS XE 3 .3.0 XO(1 5.1 (1)XO)

OL_28738 -01

Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches

ip arp inspection vlan logging

ip arp inspect ion vlan logg ing

To control the type of packets that are logged , use the ip arp inspection vlan logging com mand. To

disable this logging control, use the no form of this command.

ip arp inspection vlan v lan-range lo gging {acl-m atch { matchlog | none} | dhcp-bindings

{permit | all | none}}

no ip arp inspection vlan vlan-range log ging {acl-match | dhcp-bindings}

Syntax Description

Defaults All denied or droppe d packets are logged.

Command Modes Global configura tion mode

Usage Guidelines The acl-matc h and dhcp-bindings keywords merge with each other. When you set an ACL match

configuration, the DHCP bindi ngs configuration is not di sabled. You can use the no form of this

command to reset some of the logging criteria to their defaults. If you do not specify either option, all

the logging types are res et to log on when the ARP packets a re denie d. The two o ptions that a re available

to you are as follows:

• acl-match—Logging on AC L matches is reset to log on deny

• dhcp-bindings—Logging on DHCP binding compared is reset to log on deny

Examples This example shows how to configure an ARP inspection on VLAN 1 to add packets to a log on matching

against the ACLs with the logging keyword:

Switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

vlan-range Number of the VLANs to be mapped to the specified instance. The number is

entered as a single value or a range; valid values are from 1 to 4094.

acl-match Specifies the logging criteria fo r packets that are dropped or permitted based on

ACL matches.

matchlog Specifies that logging of pa ckets matched against ACLs is co ntrolled by the

matchlog keyword in the permit and deny access control entries of the ACL.

Note By default, the matchlog keyword is not available on the ACEs. When the

keyword is used, denied packets are not logge d. Packets are logge d only

when they match against an ACE that has th e matc hlo g keyword.

none Specifies that ACL-matched packets are not logged.

dhcp-bindings S pecifies the logging criteria for packets dr opped or permitted based on matc hes

against the DHCP bindings.

permit Specifies logging when permitted by DHCP bindings.

all Specifies logging when permitted or denied by DHCP bindings.

none Prevents all logging of packets pe rmitted or denied by DHCP bindings.