5-13
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 5 Configuring the Transparent or Routed Firewall
Customizing the MAC Address Table for the Transparent Firewall
Configuring the MAC Address Table
This section describes how you can customize the MAC address table and includes the following
sections:
• Adding a Static MAC Address, page 5-13
• Disabling MAC Address Learning, page 5-13
Adding a Static MAC Address
Normally, MAC addresses are added to the MAC address table dynamically as traffic from a particular
MAC address enters an interface. You can add static MAC addresses to the MAC address table if desired.
One benefit to adding static entries is to guard against MAC spoofing. If a client with the same
MAC address as a static entry attempts to send traffic to an interface that does not match the static entry,
then the adaptive security appliance drops the traffic and generates a system message. When you add a
static ARP entry (see the “Adding a Static ARP Entry” section on page 5-9), a static MAC address entry
is automatically added to the MAC address table.
To add a static MAC address to the MAC address table, perform the following steps:
Step 1 Choose the Configuration > Device Setup > Bridging > MAC Address Table pane.
Step 2 (Optional) To set the time a MAC address entry stays in the MAC address table before timing out, enter
a value in the Dynamic Entry Timeout field.
This value is between 5 and 720 minutes (12 hours). 5 minutes is the default.
Step 3 Click Add.
The Add MAC Address Entry dialog box appears.
Step 4 From the Interface Name drop-down list, choose the source interface associated with the MAC address.
Step 5 In the MAC Address field, enter the MAC address.
Step 6 Click OK, and then Apply.
Disabling MAC Address Learning
By default, each interface automatically learns the MAC addresses of entering traffic, and the adaptive
security appliance adds corresponding entries to the MAC address table. You can disable MAC address
learning if desired, however, unless you statically add MAC addresses to the table, no traffic can pass
through the adaptive security appliance.
To disable MAC address learning, perform the following steps:
Step 1 Choose the Configuration > Device Setup > Bridging > MAC Learning pane.
Step 2 To disable MAC learning, choose an interface row, and click Disable.
Step 3 To reenable MAC learning, click Enable.
Step 4 Click Apply.
To Next Page
Loading...
Need help?
General
