4-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter4 Configuring the Transparent or Routed Firewall
Customizing the MAC Address Table for the Transparent Firewall

Feature History for ARP Inspection

Table 4 -2 lists the release history for each feature change and the platform release in which it was
implemented.
Customizing the MAC Address Table for the Transparent Firewall
This section describes the MAC address table and includes the following topics:
Information About the MAC Address Table, page4-14
Licensing Requirements for the MAC Address Table, page4-14
Default Settings, page4-14
Guidelines and Limitations, page4-14
Configuring the MAC Address Table, page4-15
Monitoring the MAC Address Table, page4-16
Feature History for the MAC Address Table, page4-17
Table4-3 Feature History for ARP Inspection
Feature Name Releases Feature Information
ARP inspection 7.0(1) ARP inspection compares the MAC address, IP address, and
source interface in all ARP packets to static entries in the
ARP table.
We introduced the following commands: arp,
arp-inspection, and show arp-inspection.
ARP cache additions for non-connected subnets 8.4(5) The ASA ARP cache only contains entries from
directly-connected subnets by default. You can now enable
the ARP cache to also include non-directly-connected
subnets. We do not recommend enabling this feature unless
you know the security risks. This feature could facilitate
denial of service (DoS) attack against the ASA; a user on
any interface could send out many ARP replies and overload
the ASA ARP table with false entries.
You may want to use this feature if you use:
Secondary subnets.
Proxy ARP on adjacent routes for traffic forwarding.
We introduced the following command: arp
permit-nonconnected.
This feature is not available in 8.5(1), 8.6(1), or 9.0(1).