Licensing Requirements For The Mac Address Table; Default Settings; Guidelines And Limitations - Cisco ASA 5505 Configuration Manual
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Customizing the MAC Address Table for the Transparent Firewall
Because the adaptive security appliance is a firewall, if the destination MAC address of a packet is not
in the table, the adaptive security appliance does not flood the original packet on all interfaces as a
normal bridge does. Instead, it generates the following packets for directly connected devices or for
remote devices:
•
•
The original packet is dropped.
Licensing Requirements for the MAC Address Table
The following table shows the licensing requirements for this feature.
Model
License Requirement
All models
Base License.
Default Settings
The default timeout value for dynamic MAC address table entries is 5 minutes.
By default, each interface, including the optional management interface, automatically learns the MAC
addresses of entering traffic, and the adaptive security appliance adds corresponding entries to the MAC
address table.
Guidelines and Limitations
Context Mode Guidelines
•
•
Firewall Mode Guidelines
Supported only in transparent firewall mode. Routed mode is not supported.
Additional Guidelines
In transparent firewall mode, the management interface updates the MAC address table in the same
manner as a data interface; therefore you should not connect both a management and a data interface to
the same switch unless you configure one of the switch ports as a routed port (by default Cisco Catalyst
switches share a MAC address for all VLAN switch ports). Otherwise, if traffic arrives on the
management interface from the physically-connected switch, then the adaptive security appliance
updates the MAC address table to use the management interface to access the switch, instead of the data
interface. This action causes a temporary traffic interruption; the adaptive security appliance will not
re-update the MAC address table for packets from the switch to the data interface for at least 30 seconds
for security reasons.
Cisco ASA 5500 Series Configuration Guide using ASDM
5-12
Packets for directly connected devices—The adaptive security appliance generates an ARP request
for the destination IP address, so that the adaptive security appliance can learn which interface
receives the ARP response.
Packets for remote devices—The adaptive security appliance generates a ping to the destination IP
address so that the adaptive security appliance can learn which interface receives the ping reply.
Supported in single and multiple context mode.
In multiple context mode, configure the MAC address table within each context.
Chapter 5
Configuring the Transparent or Routed Firewall
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
