Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
10-14
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 10 Configuring the Transparent or Routed Firewall
Customizing the MAC Address Table for the Transparent Firewall
Licensing Requirements for the MAC Address Table
The following table shows the licensing requirements for this feature.
Default Settings
The default timeout value for dynamic MAC address table entries is 5 minutes.
By default, each interface automatically learns the MAC addresses of entering traffic, and the ASA adds
corresponding entries to the MAC address table.
Guidelines and Limitations
Context Mode Guidelines
Supported in single and multiple context mode.
In multiple context mode, configure the MAC address table within each context.
Firewall Mode Guidelines
Supported only in transparent firewall mode. Routed mode is not supported.
Additional Guidelines
In transparent firewall mode, the management interface updates the MAC address table in the same
manner as a data interface; therefore you should not connect both a management and a data interface to
the same switch unless you configure one of the switch ports as a routed port (by default Cisco Catalyst
switches share a MAC address for all VLAN switch ports). Otherwise, if traffic arrives on the
management interface from the physically-connected switch, then the ASA updates the MAC address
table to use the management interface to access the switch, instead of the data interface. This action
causes a temporary traffic interruption; the ASA will not re-update the MAC address table for packets
from the switch to the data interface for at least 30 seconds for security reasons.
Configuring the MAC Address Table
This section describes how you can customize the MAC address table and includes the following
sections:
Adding a Static MAC Address, page 10-15
Disabling MAC Address Learning, page 10-15
Model License Requirement
All models Base License.