1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Transparent or Routed Firewall
Customizing the MAC Address Table for the Transparent Firewall
Customizing the MAC Address Table for the Transparent
Firewall
This section describes how you can customize the MAC address table and includes the following
sections:
• Adding a Static MAC Address, page 1-12
• Setting the MAC Address Timeout, page 1-12
• Disabling MAC Address Learning, page 1-13
Adding a Static MAC Address
Normally, MAC addresses are added to the MAC address table dynamically as traffic from a particular
MAC address enters an interface. You can add static MAC addresses to the MAC address table if desired.
One benefit to adding static entries is to guard against MAC spoofing. If a client with the same
MAC address as a static entry attempts to send traffic to an interface that does not match the static entry,
then the ASA drops the traffic and generates a system message. When you add a static ARP entry (see
the “Adding a Static ARP Entry” section on page 1-10), a static MAC address entry is automatically
added to the MAC address table.
To add a static MAC address to the MAC address table, enter the following command:
Setting the MAC Address Timeout
The default timeout value for dynamic MAC address table entries is 5 minutes, but you can change the
timeout. To change the timeout, enter the following command:
Command Purpose
mac-address-table static interface_name
mac_address
Example:
hostname(config)# mac-address-table static
inside 0009.7cbe.2100
Adds a static MAC address entry.
The interface_name is the source interface.
Command Purpose
mac-address-table aging-time timeout_value
Example:
hostname(config)# mac-address-table
aging-time 10
Sets the MAC address entry timeout.
The timeout_value (in minutes) is between 5 and 720 (12 hours). 5 minutes
is the default.
To Next Page
Loading...
Need help?
General
