Filter
Top Products
CHAPTER
30-1
Cisco ASDM User Guide
OL-16647-01
30
Configuring ARP Inspection and Bridging
Parameters
This chapter describes how to enable ARP inspection and how to customize bridging operations for the
security appliance in transparent firewall mode. In multiple context mode, the commands in this chapter
can be entered in a security context, but not the system.
For information about transparent firewall mode, see Chapter 18, “Firewall Mode Overview.”
This chapter includes the following sections:
• Configuring ARP Inspection, page 30-1
• Customizing the MAC Address Table, page 30-4
Configuring ARP Inspection
This section describes ARP inspection and how to enable it, and includes the following topics:
• ARP Inspection, page 30-1
• Edit ARP Inspection Entry, page 30-2
• ARP Static Table, page 30-3
• Add/Edit ARP Static Configuration, page 30-4
ARP Inspection
The ARP Inspection pane lets you configure ARP inspection.
By default, all ARP packets are allowed through the security appliance. You can control the flow of ARP
packets by enabling ARP inspection.
When you enable ARP inspection, the security appliance compares the MAC address, IP address, and
source interface in all ARP packets to static entries in the ARP table, and takes the following actions:
• If the IP address, MAC address, and source interface match an ARP entry, the packet is passed
through.
• If there is a mismatch between the MAC address, the IP address, or the interface, then the security
appliance drops the packet.
• If the ARP packet does not match any entries in the static ARP table, then you can set the security
appliance to either forward the packet out all interfaces (flood), or to drop the packet.