Switch Logs issue

[mspdog22]

Does anyone know what this is and why it might fill up my logs on a 6450 switch?

It looks like it is blocking a Mac of some sort.

I removed the Mac data for security.

In qosNIMsgLogISFRule Rule ISF-DROP matched
WED DEC 18 00:45:53 2024 QOS info In qosNIMsgLogISFRule 1520: Tagged. 802.1p 0
WED DEC 18 00:45:53 2024 QOS info In qosNIMsgLogISFRule 1523: svlan 1 VRF (null) port 1/8 -> 1/26
WED DEC 18 00:45:53 2024 QOS info In qosNIMsgLogISFRule 1533: MAC x.x.x.x -> x,x,x,x
WED DEC 18 00:45:58 2024 QOS info In qosNIMsgLogISFRule 1514: Rule ISF-DROP matched
WED DEC 18 00:45:58 2024 QOS info In qosNIMsgLogISFRule 1520: Tagged. 802.1p 0
WED DEC 18 00:49:23 2024 QOS info In qosNIMsgLogISFRule 1514: Rule ISF-DROP matched

[Engan]

ISF – Support for exceptional subnets

IP Source Filtering Drop-Log (ISF) feature enables the user to see the packets getting dropped by IP Source Filter entries. When ISF (ip helper dhcp-snooping ip-source-filter) is enabled on a port or VLAN, it restricts all the IP traffic on that port except the DHCP traffic and the traffic from the client, whose binding entry exists on that port. With ISF drop log feature, whenever a packet is dropped by ISF drop entry in the hardware, dropsare logged in QoS log, which are displayed in ‘show qos log’ command. This will enable the user to know which port/MAC/IP was dropped. ISF drop logging is enabled by default. Hence, the packets that are getting dropped due to ISF drop rule are
logged. 64 packets are logged per second.

[mspdog22]

IS this something i need to worry about?

I am still unsure of what you are saying.

Is there a way to turn these logs off as they fill up the log file.

Thanks

[mspdog22]

Below is my config.

I just need to have DHCP snooping set up on the switch and this is how it said to configure it in the manual. Do I need ip source filter enabled?

We are using these switches in a service provider network and just want to have DHCP snooping running so people cannot reverse a home router and shut the network down.
ip helper dhcp-snooping enable
ip helper dhcp-snooping binding enable
ip helper dhcp-snooping ip-source-filter port 1/1 enable
ip helper dhcp-snooping ip-source-filter port 1/2 enable
ip helper dhcp-snooping ip-source-filter port 1/3 enable
ip helper dhcp-snooping ip-source-filter port 1/4 enable
ip helper dhcp-snooping ip-source-filter port 1/5 enable
ip helper dhcp-snooping ip-source-filter port 1/6 enable
ip helper dhcp-snooping ip-source-filter port 1/7 enable
ip helper dhcp-snooping ip-source-filter port 1/8 enable
ip helper dhcp-snooping ip-source-filter port 1/9 enable
ip helper dhcp-snooping ip-source-filter port 1/10 enable
ip helper dhcp-snooping ip-source-filter port 1/11 enable
ip helper dhcp-snooping ip-source-filter port 1/12 enable
ip helper dhcp-snooping ip-source-filter port 1/13 enable
ip helper dhcp-snooping ip-source-filter port 1/14 enable
ip helper dhcp-snooping ip-source-filter port 1/15 enable
ip helper dhcp-snooping ip-source-filter port 1/16 enable
ip helper dhcp-snooping ip-source-filter port 1/17 enable
ip helper dhcp-snooping ip-source-filter port 1/18 enable
ip helper dhcp-snooping ip-source-filter port 1/19 enable
ip helper dhcp-snooping ip-source-filter port 1/20 enable
ip helper dhcp-snooping ip-source-filter port 1/21 enable
ip helper dhcp-snooping ip-source-filter port 1/22 enable
ip helper dhcp-snooping ip-source-filter port 1/23 enable
ip helper dhcp-snooping ip-source-filter port 1/24 enable
ip helper dhcp-snooping port 1/25 trust
ip helper dhcp-snooping port 1/26 trust

[Cristek]

You can remove the ISF commands. You might know it as DAI (dynamic arp inspection).

This is all you need to have dhcp-snooping enabled:
ip helper dhcp-snooping enable
ip helper dhcp-snooping binding enable
ip helper dhcp-snooping port 1/25 trust
ip helper dhcp-snooping port 1/26 trust

[mspdog22]

how do i remove that

I tried

no ip helper dhcp-snooping ip-source-filter port 1/1

but i get an error when trying to remove it.

[silvio]

try "disable"
ip helper dhcp-snooping ip-source-filter port 1/1-24 disable.

A question about the attached clients: are the getting the ip via dhcp or do they have a static ip?

[mspdog22]

That did the trick for sure.

We are giving the a ip from our dhcp server.

Thank you so much for the help.