1-11
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Transparent or Routed Firewall
Configuring ARP Inspection for the Transparent Firewall
Detailed Steps
Examples
For example, to allow ARP responses from the router at 10.1.1.1 with the MAC address 0009.7cbe.2100
on the outside interface, enter the following command:
hostname(config)# arp outside 10.1.1.1 0009.7cbe.2100
What to Do Next
Enable ARP inspection according to the “Enabling ARP Inspection” section on page 1-11.
Enabling ARP Inspection
This section describes how to enable ARP inspection.
Detailed Steps
Examples
For example, to enable ARP inspection on the outside interface, and to drop all non-matching ARP
packets, enter the following command:
hostname(config)# arp-inspection outside enable no-flood
Command Purpose
arp interface_name ip_address mac_address
Example:
hostname(config)# arp outside 10.1.1.1
0009.7cbe.2100
Adds a static ARP entry.
Command Purpose
arp-inspection interface_name enable
[flood | no-flood]
Example:
hostname(config)# arp-inspection outside
enable no-flood
Enables ARP inspection.
The flood keyword forwards non-matching ARP packets out all interfaces,
and no-flood drops non-matching packets.
Note The default setting is to flood non-matching packets. To restrict
ARP through the ASA to only static entries, then set this command
to no-flood.
To Next Page
Loading...
Need help?
General