Chapter 19 Configuring Arp Inspection And Bridging Parameters; Configuring Arp Inspection; Arp Inspection Overview - Cisco 7604 Configuration Manual

Configuring ARP Inspection and Bridging
Parameters
Transparent Firewall Mode Only
This chapter describes how to enable ARP inspection and how to customize bridging operations for the
FWSM. In multiple context mode, the commands in this chapter can be entered in a security context, but
not the system.
This chapter includes the following sections:
•
•

Configuring ARP Inspection

This section describes ARP inspection and how to enable it, and includes the following topics:
•
•
•

ARP Inspection Overview

By default, all ARP packets are allowed through the FWSM. You can control the flow of ARP packets
by enabling ARP inspection. ARP inspection settings apply to all bridge groups.
When you enable ARP inspection, the FWSM compares the MAC address, IP address, and source
interface in all ARP packets to static entries in the ARP table, and takes the following actions:
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Configuring ARP Inspection, page 19-1
Customizing the MAC Address Table, page 19-3
ARP Inspection Overview, page 19-1
Adding a Static ARP Entry, page 19-2
Enabling ARP Inspection, page 19-2
If the IP address, MAC address, and source interface match an ARP entry, the packet is passed
through.
If there is a mismatch between the MAC address, the IP address, or the interface, then the FWSM
drops the packet.
If the ARP packet does not match any entries in the static ARP table, then you can set the FWSM to
either forward the packet out all interfaces (flood), or to drop the packet.
19
C H A P T E R
19-1