Enabling Arp Inspection - Cisco ASA 5505 Configuration Manual

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Configuring ARP Inspection for the Transparent Firewall

The transparent firewall uses dynamic ARP entries in the ARP table for traffic to and from the adaptive

security appliance, such as management traffic.

Detailed Steps

Choose the Configuration > Device Setup > ARP > ARP Static Table pane.

(Optional) To set the ARP timeout for dynamic ARP entries, enter a value in the ARP Timeout field.

This field sets the amount of time before the adaptive security appliance rebuilds the ARP table, between

60 to 4294967 seconds. The default is 14400 seconds. Rebuilding the ARP table automatically updates

new host information and removes old host information. You might want to reduce the timeout because

the host information changes frequently.

The Add ARP Static Configuration dialog box appears.

From the Interface drop-down list, choose the interface attached to the host network.

In the IP Address field, enter the IP address of the host.

In the MAC Address field, enter the MAC address of the host; for example, 00e0.1e4e.3d8b.

To perform proxy ARP for this address, check the Proxy ARP check box.

If the adaptive security appliance receives an ARP request for the specified IP address, then it responds

with the specified MAC address.

Click OK, and then Apply.

What to Do Next

Enable ARP inspection according to the

Enabling ARP Inspection

This section describes how to enable ARP inspection.

Detailed Steps

Choose the Configuration > Device Setup > ARP > ARP Inspection pane.

Choose the interface row on which you want to enable ARP inspection, and click Edit.

The Edit ARP Inspection dialog box appears.

To enable ARP inspection, check the Enable ARP Inspection check box.

(Optional) To flood non-matching ARP packets, check the Flood ARP Packets check box.

By default, packets that do not match any element of a static ARP entry are flooded out all interfaces

except the originating interface. If there is a mismatch between the MAC address, the IP address, or the

interface, then the adaptive security appliance drops the packet.

If you uncheck this check box, all non-matching packets are dropped, which restricts ARP through the

adaptive security appliance to only static entries.

Cisco ASA 5500 Series Configuration Guide using ASDM

Configuring the Transparent or Routed Firewall

"Enabling ARP Inspection" section on page

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Enabling Arp Inspection - Cisco ASA 5505 Configuration Manual

Enabling ARP Inspection

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Content for Cisco ASA 5505

This manual is also suitable for:

Table of Contents