Answer the question
In order to leave comments, you need to log in
A
A
Alexander2017-03-22 17:04:54
Alexander, 2017-03-22 17:04:54
Logging IP Source Guard events?
Global:
DHCP snooping
ARP Inspection
Port_Security
Port configuration:
switchport mode access
switchport nonegotiate
switchport voice vlan 1011
switchport port-security violation restrict
switchport port-security aging time 5
switchport port-security aging type inactivity
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
ip verify source port-security
When connecting a host (PC) with a statically set IP (spoof), I see only ARP inspection logs:
%SW_DAI-4-DHCP_SNOOPING_DENY: 3 Invalid ARPs (Req)
Globally I remove ARP inspection, I also connect a host (PC) with a statically assigned IP (spoof) address. IP Source Guard works, traffic is dropped, but nothing in the logs.
How to log these events so that you can see on which port the IPSG is working, since I can bypass ARP Ins with static entries
1 answer(s)
@ferrum90
A
andrey_andrey_a, 2017-03-29 @ferrum90
You can try to increase the level of logging, but I also did not find a real solution to this issue once.
To configure the device with the minimal required logging configuration, log into the command-line interface of the device and use the following commands:
switch(config)# logging level dhcp 6
switch(config)# logging logfile messages 6
switch(config)# logging event link-status default
Similar questions
K
D
A
K
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question