Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

30-5

Cisco ASDM User Guide

OL-16647-01

Chapter 30 Configuring ARP Inspection and Bridging Parameters

Customizing the MAC Address Table

drops the traffic and generates a system message. When you add a static ARP entry (see the “ARP Static

Table” section on page 30-3), a static MAC address entry is automatically added to the MAC address

table.

The security appliance learns and builds a MAC address table in a similar way as a normal bridge or

switch: when a device sends a packet through the security appliance, the security appliance adds the

MAC address to its table. The table associates the MAC address with the source interface so that the

security appliance knows to send any packets addressed to the device out the correct interface.

The ASA 5505 adaptive security appliance includes a built-in switch; the switch MAC address table

maintains the MAC address-to-switch port mapping for traffic within each VLAN. This section discusses

the bridge MAC address table, which maintains the MAC address-to-VLAN interface mapping for traffic

that passes between VLANs.

Because the security appliance is a firewall, if the destination MAC address of a packet is not in the table,

the security appliance does not flood the original packet on all interfaces as a normal bridge does.

Instead, it generates the following packets for directly connected devices or for remote devices:

• Packets for directly connected devices—The security appliance generates an ARP request for the

destination IP address, so that the security appliance can learn which interface receives the ARP

response.

• Packets for remote devices—The security appliance generates a ping to the destination IP address

so that the security appliance can learn which interface receives the ping reply.

The original packet is dropped.

Fields

• Interface—Shows the interface associated with the MAC address.

• MAC Address—Shows the MAC address.

• Add—Adds a static MAC address entry.

• Edit—Edits a static MAC address entry.

• Delete—Deletes a static MAC address entry.

• Dynamic Entry Timeout—Sets the time a MAC address entry stays in the MAC address table before

timing out, between 5 and 720 minutes (12 hours). 5 minutes is the default.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

—

• • •—

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-16647-01 Network Router User Manual