ip arp inspection vlan logging
ip arp inspection vlan logging
Use the ip arp inspection vlan logging global configuration command to control the type of packets that
are logged per VLAN. Use the no form of this command to disable this logging control.
This command is available only if your switch is running the IP services image, formerly known as the
enhanced multilayer image (EMI).
Syntax Description
vlan-range
acl-match {matchlog |
none}
dhcp-bindings
{permit | all | none}
Defaults
All denied or all dropped packets are logged.
Command Modes
Global configuration
Command History
Release
12.2(20)SE
Catalyst 3560 Switch Command Reference
2-138
ip arp inspection vlan vlan-range logging {acl-match {matchlog | none} | dhcp-bindings {all |
none | permit}}
no ip arp inspection vlan vlan-range logging {acl-match | dhcp-bindings}
Specify the VLANs configured for logging.
You can specify a single VLAN identified by VLAN ID number, a range of
VLANs separated by a hyphen, or a series of VLANs separated by a comma.
The range is 1 to 4094.
Specify that the logging of packets is based on access control list (ACL)
matches.
The keywords have these meanings:
matchlog—Log packets based on the logging configuration specified in
•
the access control entries (ACE). If you specify the matchlog keyword in
this command and the log keyword in the permit or deny ARP access-list
configuration command, Address Resolution Protocol (ARP) packets
permitted or denied by the ACL are logged.
none—Do not log packets that match ACLs.
•
Specify the logging of packets is based on Dynamic Host Configuration
Protocol (DHCP) binding matches.
The keywords have these meanings:
all—Log all packets that match DHCP bindings.
•
none—Do not log packets that match DHCP bindings.
•
permit—Log DHCP-binding permitted packets.
•
Modification
This command was introduced.
Chapter 2
Catalyst 3560 Switch Cisco IOS Commands
78-16405-05