Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
10-12
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 10 Configuring the Transparent or Routed Firewall
Configuring ARP Inspection for the Transparent Firewall
The Add ARP Static Configuration dialog box appears.
Step 4 From the Interface drop-down list, choose the interface attached to the host network.
Step 5 In the IP Address field, enter the IP address of the host.
Step 6 In the MAC Address field, enter the MAC address of the host; for example, 00e0.1e4e.3d8b.
Step 7 To perform proxy ARP for this address, check the Proxy ARP check box.
If the ASA receives an ARP request for the specified IP address, then it responds with the specified MAC
address.
Step 8 Click OK, and then Apply.
What to Do Next
Enable ARP inspection according to the “Enabling ARP Inspection” section on page 10-12.
Enabling ARP Inspection
This section describes how to enable ARP inspection.
Detailed Steps
Step 1 Choose the Configuration > Device Management > Advanced > ARP > ARP Inspection pane.
Step 2 Choose the interface row on which you want to enable ARP inspection, and click Edit.
The Edit ARP Inspection dialog box appears.
Step 3 To enable ARP inspection, check the Enable ARP Inspection check box.
Step 4 (Optional) To flood non-matching ARP packets, check the Flood ARP Packets check box.
By default, packets that do not match any element of a static ARP entry are flooded out all interfaces
except the originating interface. If there is a mismatch between the MAC address, the IP address, or the
interface, then the ASA drops the packet.
If you uncheck this check box, all non-matching packets are dropped, which restricts ARP through the
ASA to only static entries.
Note The Management 0/0 or 0/1 interface or subinterface, if present, never floods packets even if this
parameter is set to flood.
Step 5 Click OK, and then Apply.