Chapter 26 Configuring Arp Inspection And Bridging Parameters; Configuring Arp Inspection; Arp Inspection Overview - Cisco PIX 500 Series Configuration Manual

Security appliance command line
Hide thumbs Also See for PIX 500 Series:
Table of Contents

Advertisement

Configuring ARP Inspection and Bridging
Parameters
Transparent Firewall Mode Only
This chapter describes how to enable ARP inspection and how to customize bridging operations for the
security appliance. In multiple context mode, the commands in this chapter can be entered in a security
context, but not the system.
This chapter includes the following sections:

Configuring ARP Inspection

This section describes ARP inspection and how to enable it, and includes the following topics:

ARP Inspection Overview

By default, all ARP packets are allowed through the security appliance. You can control the flow of ARP
packets by enabling ARP inspection.
When you enable ARP inspection, the security appliance compares the MAC address, IP address, and
source interface in all ARP packets to static entries in the ARP table, and takes the following actions:
OL-12172-03
Configuring ARP Inspection, page 26-1
Customizing the MAC Address Table, page 26-3
ARP Inspection Overview, page 26-1
Adding a Static ARP Entry, page 26-2
Enabling ARP Inspection, page 26-2
If the IP address, MAC address, and source interface match an ARP entry, the packet is passed
through.
If there is a mismatch between the MAC address, the IP address, or the interface, then the security
appliance drops the packet.
If the ARP packet does not match any entries in the static ARP table, then you can set the security
appliance to either forward the packet out all interfaces (flood), or to drop the packet.
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
26
26-1

Advertisement

Table of Contents
loading

This manual is also suitable for:

Asa 5500 series

Table of Contents