I Commands
ip arp inspection vlan
To enable Dynamic ARP Inspection (DAI) for a list of VLANs, use the ip arp inspection vlan command.
To disable DAI for a list of VLANs, use the no form of this command.
ip arp inspection vlan vlan-list [logging dhcp-bindings {permit| all| none}]
no ip arp inspection vlan vlan-list [logging dhcp-bindings {permit| all| none}]
Syntax Description
vlan-list
logging
dhcp-bindings
permit
all
none
Command Default
None
Command Modes
Global configuration
Command History
Release
4.0(1)
VLANs on which DAI is active. The vlan-list
argument allows you to specify a single VLAN ID,
a range of VLAN IDs, or comma-separated IDs and
ranges (see the "Examples" section). Valid VLAN
IDs are from 1 to 4096.
(Optional) Enables DAI logging for the VLANs
specified.
•
◦all—Logs all packets that match DHCP
bindings
◦none—Does not log DHCP bindings
packets (Use this option to disable
logging)
◦permit—Logs DHCP binding permitted
packets
Enables logging based on DHCP binding matches.
Enables logging of packets permitted by a DHCP
binding match.
Enables logging of all packets.
Disables logging.
Modification
This command was introduced.
Cisco Nexus 7000 Series Security Command Reference
ip arp inspection vlan
387